悪代官の伏魔殿掲示板
System Infected: Trojan Bedep Activity 2 他2つ
はじめまして
ノートンが攻撃を検知するので不安になり、投稿させていただきました

表示されるのは件名のSystem Infected: Trojan Bedep Activity 2と
Web attack: Malicious file Download 12
Web attack: Malicious Redirection 13 の2つになります

時間がかかるのは構いませんのでどうかお力添えをお願いします

作業により取得したログは以下の通りです

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:54:58, on 2015/06/07
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17356)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
E:\悪代官様\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: iSCTsysTray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader6/DMMDownloader.cab
O16 - DPF: {255A2E53-D2E3-42DA-9C1D-36B289B8E18B} (DMMLauncherAx Control) - http://dl.app-netgame.dmm.com/launcher/DMMLauncherAx_32.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\winspeed\winspeed.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CyberLink Product - 2013/09/16 15:12:59 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Sound Blaster Service (CtHdaSvc) - Creative Technology Ltd - C:\Windows\sysWow64\CtHdaSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10712 bytes


Adobe Flash Player 17 ActiveX Adobe Systems Incorporated 2015/06/03 6.00 MB 17.0.0.188
Adobe Reader XI (11.0.11) - Japanese Adobe Systems Incorporated 2015/05/17 205 MB 11.0.11
Alliance of Valiant Arms 株式会社ゲームオン 2013/09/18 13028096
Bandicam Bandisoft.com 2014/02/22 18.9 MB 1.9.2.455
Bandisoft MPEG-1 Decoder Bandisoft.com 2014/02/22
Battlefield 4™ Electronic Arts 2014/01/18 24.7 GB 1.0.0.1
Battlelog Web Plugins EA Digital Illusions CE AB 2013/12/23 2.3.0
CCleaner Piriform 2015/06/07 5.06
Combined Community Codec Pack 2013-08-01 CCCP Project 2013/09/23 30.0 MB 2013.08.01.0
Common GameOn 2013/09/18 36752112
Craving Explorer Version 1.5.2 T-Craft 2013/10/12 15.2 MB 1.5.2.0
Creative Media Toolbox 6 Creative Technology Limited 2013/09/18 6.02
Creative Media Toolbox 6 (Shared Components) Creative Labs 2013/09/18 2.80.12
CyberLink Media Suite 10 CyberLink Corp. 2013/09/16 191 MB 10.0
Dolby Digital Liveパック Creative Technology Limited 2013/09/16 3.03
Dxtory バージョン 2.0.123 ExKode Co. Ltd. 2013/09/19 33.9 MB 2.0.123
ESN Sonar ESN Social Software AB 2013/12/23 0.70.4
Google Chrome Google Inc. 2015/04/05 41.0.2272.118
Google Toolbar for Internet Explorer Google Inc. 2014/03/29 7.5.5111.1712
Intel(R) Control Center Intel Corporation 2013/09/16 1.2.1.1011
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/09/16 54.8 MB 1.0.0.36702
Intel(R) Management Engine Components Intel Corporation 2013/09/16 9.0.0.1323
Intel(R) Network Connections 18.2.63.0 Intel 2013/09/16 27.0 MB 18.2.63.0
Intel(R) Rapid Storage Technology Intel Corporation 2013/09/16 12.6.0.1033
Intel(R) Smart Connect Technology 4.1 x64 Intel 2013/09/16 44.0 MB 4.1.40.2143
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2013/04/11 2.0.0.102
Jane Style Version 3.75 Jane, Inc. 2014/05/31 3.75
Java 8 Update 31 Oracle Corporation 2015/02/15 74.0 MB 8.0.310
League of Legends Riot Games 2014/12/21 3.0.1
Lhaplus 2013/09/18
LINE LINE Corporation 2014/02/22 3.4.0.21
Microsoft .NET Framework 4.5.1 (日本語) Microsoft Corporation 2014/02/26 2.93 MB 4.5.50938
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/03/01 38.8 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2014/10/19 1.59 MB 4.0.40804.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/10/12 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/09/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2014/12/21 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2013/09/24 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2013/10/13 786 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/02/12 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/02/12 17.3 MB 11.0.61030.0
Neffy 1,2,5,0 CDNetworks 2013/09/18 1,2,5,0
Norton Internet Security Symantec Corporation 2013/11/18 21.7.0.11
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/06 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
NVIDIA GeForce Experience 2.2.2 NVIDIA Corporation 2015/02/23 2.2.2
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/06 1.3.33.0
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2014/09/28 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
Origin Electronic Arts, Inc. 2013/12/23 9.3.11.2762
osu! peppy 2013/09/19 149 MB 0.0.0.0
PHANTASY STAR ONLINE 2 SEGA 2014/01/25 7.51 MB
Pmangインストールマネージャー GameOn,Pmang 2013/09/18 1.0.1.1
PunkBuster Services Even Balance, Inc. 2013/12/23 0.993
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/09/16 6.0.1.6873
Skype Click to Call Microsoft Corporation 2015/05/31 9.94 MB 7.4.0.9058
Skype(TM) 7.1 Skype Technologies S.A. 2015/03/11 48.5 MB 7.1.105
Sound Blaster Z-Series Creative Technology Limited 2013/09/16 143 MB 1.00.05
Sound Blaster Z-Series Extras Creative Technology Limited 2013/09/16 1.0
SteelSeries Engine 3.3.4 SteelSeries ApS 2015/02/27 3.3.4
TeamSpeak 3 Client TeamSpeak Systems GmbH 2014/01/16 3.0.13.1
Unity Web Player Unity Technologies ApS 2014/02/05 12.0 MB
Visual Basic 6.0 ランタイム SP6 for TTSneo ゆうと 2014/02/11 2.73 MB 1.0.0.0
VoiceChat GameOn 2014/01/16 32972600
WavePad 音声編集ソフト NCH Software 2014/06/08 5.71
Windows Live Essentials Microsoft Corporation 2013/10/12 16.4.3508.0205
WinSpeed 24soft 2014/04/17
  • はちみつ
  • 2015/06/07 (Sun) 19:58:33
返信フォームへ 
WinSpeed←これの処置から
こんばんは。
ここの管理人の悪代官です。
将軍様に切腹させられるのが嫌なので、日アサの美少女戦隊にお腹一杯お仕置きされてます。
でもキュアハ○ーは別腹なので何杯でもいけます(謎

>ノートンが攻撃を検知するので

はい、ログも見せてもらいましたが、大体の状況はわかりました。
まず説明すると、各種更新ができてないためにその脆弱性を悪用された可能性があります。
これを含めて順番に調べていきましょうか。

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」(通称:GU)
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

>Platform: Windows 7 SP1 (WinNT 6.00.3505)
>MSIE: Internet Explorer v10.0 (10.00.9200.17356)
Win7用のIE最新版は現在11です。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

また、少なくとも下記のアプリは旧バージョンです。
Adobe Reader XI (11.0.11) - Japanese Adobe Systems Incorporated 2015/05/17 205 MB 11.0.11

Java 8 Update 31 Oracle Corporation 2015/02/15 74.0 MB 8.0.310

Lhaplus 2013/09/18

Skype(TM) 7.1 Skype Technologies S.A. 2015/03/11 48.5 MB 7.1.105

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

Craving Explorer Version 1.5.2 T-Craft 2013/10/12 15.2 MB 1.5.2.0
ダウンロード支援ツールはできればアンインストールをお勧めします。
DLツールは各社のアンチウイルスソフトでサポート外です。
つまり、これらDLツールを使って危険なサイトやファイルにアクセスすると、マルウェアがあってもブロックできずに感染してしまう危険が高くなります。
ただでさえDLツールを使う人が多い動画サイトは現在、その隙を狙う危険な罠リンクや悪質広告の巣窟に成り果てています。
どうしても使うなら最新版に更新したうえで、これによるいかなトラブルに遭っても自己責任で。

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

今度はPCをセーフモードで起動してください(やり方↓)
http://www.pc-master.jp/sousa/s-safemode.html

セーフモードでGUを使って、下記をアンインストールしてください。
Bandicam Bandisoft.com 2014/02/22 18.9 MB 1.9.2.455

Bandisoft MPEG-1 Decoder Bandisoft.com 2014/02/22

WinSpeed 24soft 2014/04/17

続いてセーフモードのままでスタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

HJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader6/DMMDownloader.cab

O16 - DPF: {255A2E53-D2E3-42DA-9C1D-36B289B8E18B} (DMMLauncherAx Control) - http://dl.app-netgame.dmm.com/launcher/DMMLauncherAx_32.cab

O20 - AppInit_DLLs: c:\progra~3\winspeed\winspeed.dll

必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。

マイコンピュータのCドライブを開いて、下記のフォルダを探して、見つかればゴミ箱に削除してください。
c:\progra~3\winspeed

ここでPCを通常モードで再起動してから、今度はCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

続いて「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。
ただし、「コンテキストメニュー」のログは取らなくていいです。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。
  • 悪代官
  • 2015/06/07 (Sun) 22:33:31
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
春まで受験生だったこともあり、1年程PCを触ること自体少なかったもので・・
それでめんどくさがってアップデートを放置していたのですが
それが思わぬ事態を招いてしまったのでしょうか・・
高校時代にバイトして初めて買った大切なPCなのでめんどくさがらずにアップデートをしていこうと思います

関係ない話はこのへんにしておいて
指示通りに作業をすすめていたのですがAdobe Reader XI (11.0.11)の更新ができません
アップデートを確認しても利用可能なアップデートはありませんと表示されます

また、ノートンの攻撃の検知もつづいています
私が確認した中では
System Infected: Trojan Bedep Activity 2
Web attack: Malicious Redirection 13の2つが検知されます
頻度では圧倒的にSystem Infected: Trojan Bedep Activity 2が多いです

取得したログは以下の通りです

HJTログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:18:52, on 2015/06/08
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
E:\悪代官様\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: iSCTsysTray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CyberLink Product - 2013/09/16 15:12:59 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Sound Blaster Audio Service (CtHdaSvc) - Creative Technology Ltd - C:\Windows\sysWow64\CtHdaSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10833 bytes

CC インストール情報ログ

Adobe Flash Player 17 ActiveX Adobe Systems Incorporated 2015/06/03 6.00 MB 17.0.0.188
Adobe Reader XI (11.0.11) - Japanese Adobe Systems Incorporated 2015/05/17 209 MB 11.0.11
Alliance of Valiant Arms 株式会社ゲームオン 2013/09/18 13028096
Battlefield 4™ Electronic Arts 2014/01/18 24.7 GB 1.0.0.1
Battlelog Web Plugins EA Digital Illusions CE AB 2013/12/23 2.3.0
CCleaner Piriform 2015/06/07 5.06
Combined Community Codec Pack 2013-08-01 CCCP Project 2013/09/23 30.0 MB 2013.08.01.0
Common GameOn 2013/09/18 36752112
Creative Media Toolbox 6 Creative Technology Limited 2013/09/18 6.02
Creative Media Toolbox 6 (Shared Components) Creative Labs 2013/09/18 2.80.12
CyberLink Media Suite 10 CyberLink Corp. 2013/09/16 191 MB 10.0
Dolby Digital Liveパック Creative Technology Limited 2013/09/16 3.03
Dxtory バージョン 2.0.123 ExKode Co. Ltd. 2013/09/19 33.9 MB 2.0.123
ESN Sonar ESN Social Software AB 2013/12/23 0.70.4
Google Chrome Google Inc. 2015/04/05 41.0.2272.118
Google Toolbar for Internet Explorer Google Inc. 2014/03/29 7.5.5111.1712
Intel(R) Control Center Intel Corporation 2013/09/16 1.2.1.1011
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/09/16 54.8 MB 1.0.0.36702
Intel(R) Management Engine Components Intel Corporation 2013/09/16 9.0.0.1323
Intel(R) Network Connections 18.2.63.0 Intel 2013/09/16 27.0 MB 18.2.63.0
Intel(R) Rapid Storage Technology Intel Corporation 2013/09/16 12.6.0.1033
Intel(R) Smart Connect Technology 4.1 x64 Intel 2013/09/16 44.0 MB 4.1.40.2143
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2013/04/11 2.0.0.102
Jane Style Version 3.75 Jane, Inc. 2014/05/31 3.75
League of Legends Riot Games 2014/12/21 3.0.1
LINE LINE Corporation 2014/02/22 3.4.0.21
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/03/01 38.8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (日本語) Microsoft Corporation 2015/06/08 2.93 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2014/10/19 1.59 MB 4.0.40804.0
Microsoft Silverlight Microsoft Corporation 2015/06/08 50.7 MB 5.1.40416.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/10/12 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/09/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2014/12/21 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2013/09/24 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2013/10/13 786 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/02/12 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/02/12 17.3 MB 11.0.61030.0
Neffy 1,2,5,0 CDNetworks 2013/09/18 1,2,5,0
Norton Internet Security Symantec Corporation 2013/11/18 21.7.0.11
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/06 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
NVIDIA GeForce Experience 2.4.5.28 NVIDIA Corporation 2015/06/08 2.4.5.28
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/06 1.3.33.0
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2014/09/28 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
Origin Electronic Arts, Inc. 2013/12/23 9.3.11.2762
osu! peppy 2013/09/19 149 MB 0.0.0.0
PHANTASY STAR ONLINE 2 SEGA 2014/01/25 7.51 MB
Pmangインストールマネージャー GameOn,Pmang 2013/09/18 1.0.1.1
PunkBuster Services Even Balance, Inc. 2013/12/23 0.993
Razer Synapse Razer Inc. 2015/06/08 9.20 MB 1.18.21.26027
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/09/16 6.0.1.6873
Skype Click to Call Microsoft Corporation 2015/05/31 9.94 MB 7.4.0.9058
Skype(TM) 7.5 Skype Technologies S.A. 2015/06/08 79.1 MB 7.5.102
Sound Blaster Z-Series Creative Technology Limited 2013/09/16 143 MB 1.00.05
Sound Blaster Z-Series Extras Creative Technology Limited 2013/09/16 1.0
SteelSeries Engine 3.3.7.1 SteelSeries ApS 2015/06/08 3.3.7.1
TeamSpeak 3 Client TeamSpeak Systems GmbH 2014/01/16 3.0.13.1
Unity Web Player Unity Technologies ApS 2014/02/05 12.0 MB
Visual Basic 6.0 ランタイム SP6 for TTSneo ゆうと 2014/02/11 2.73 MB 1.0.0.0
VoiceChat GameOn 2014/01/16 32972600
WavePad 音声編集ソフト NCH Software 2014/06/08 5.71
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) Microsoft 2015/06/08 08/13/2009 2.1.0.1349
Windows Live Essentials Microsoft Corporation 2013/10/12 16.4.3508.0205

CC windowsログ
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
無効 HKCU:Run Overwolf C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
有効 HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
無効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
有効 HKLM:Run IAStorIcon Intel Corporation "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
有効 HKLM:Run IMSS Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
無効 HKLM:Run LogMeIn Hamachi Ui "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
無効 HKLM:Run Nvtmru "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
無効 HKLM:Run Razer Synapse Razer Inc. "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
無効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
有効 HKLM:Run Sound Blaster Z-Series Control Panel Creative Technology Ltd "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
有効 HKLM:Run tuto4pc_jp_17
有効 HKLM:Run UpdReg Creative Technology Ltd. C:\Windows\UpdReg.EXE
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 Startup Common iSCTsysTray.lnk Intel Corporation C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
有効 Startup Common SteelSeries Engine 3.lnk SteelSeries ApS C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

IEログ
有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
無効 Helper Google Toolbar Helper Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
無効 Helper Google Toolbar Helper Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
有効 Helper Microsoft アカウント サインイン ヘルパー Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
無効 Helper Norton Identity Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
無効 Helper Norton Identity Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll
無効 Helper Norton Vulnerability Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL
無効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
有効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
無効 Toolbar Google Toolbar Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
無効 Toolbar Google Toolbar Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
無効 Toolbar Norton Toolbar Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
無効 Toolbar Norton Toolbar Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll


fire fox ログ
無効 Extension Norton Toolbar 2014.7.12.14 Symantec Corporation default C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
有効 Extension SuaverPrO 4.31 default C:\Users\Norden\AppData\Roaming\Mozilla\Firefox\Profiles\a6qrbe1w.default\extensions\to-yui@bazshyotlkkdf.co.uk
有効 Plugin 3.0.72.0 Intel Corporation default C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin 3.0.72.0 Intel Corporation default C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
有効 Plugin Adobe Acrobat 11.0.11.18 Adobe Systems Inc. default C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin Battlelog Game Launcher 2.3.2.0 EA Digital Illusions CE AB default C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
有効 Plugin ESN Launch Mozilla Plugin 2.3.0.0 ESN Social Software AB default C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
有効 Plugin ESN Sonar API 0.70.4.0 ESN Social Software AB default C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
有効 Plugin Google Update 1.3.24.15 Google Inc. default C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
有効 Plugin NVIDIA 3D Vision 7.17.13.4752 NVIDIA Corporation default C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
有効 Plugin NVIDIA 3D VISION 7.17.13.4752 NVIDIA Corporation default C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
有効 Plugin Photo Gallery 16.4.3508.205 Microsoft Corporation default C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin pmangdiagnostic 1.0.0.1 gameon default C:\GameOn\Common files\nppmangdiagnostic.dll
有効 Plugin pmangsupport 1.0.0.1 gameon default C:\GameOn\Common files\nppmangsupport.dll
有効 Plugin pmangvoicechat 1.0.0.1 gameon default C:\GameOn\VoiceChat\nppmangvoicechat_0.dll
有効 Plugin Unity Player 4.3.5.32006 Unity Technologies ApS default C:\Users\Norden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

chromeログ
有効 App Gmail 8.1 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google Search 0.0.0.30 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0
有効 App Google ドライブ 6.4 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0
有効 App YouTube 4.2.7 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0
有効 Extension Google ドキュメント 0.7 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0
無効 Extension Lite Bookmarks 215 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpneoicaochhlckfkackiigepakdgapj\215
無効 Extension MSN Homepage & Bing Search Engine 0.0.0.6 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd\0.0.0.6_0
無効 Extension Norton Identity Safe 1.0.5 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0
無効 Extension Norton Security Toolbar 2014.7.6.17 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0
無効 Extension Skype Click to Call 7.3.16540.9015 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0

task ログ
有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task DigitalSite C:\Users\Norden\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
有効 Task {0C8041F3-1536-4168-966D-67F5BF13E387} LINE Corporation C:\Program Files (x86)\Naver\LINE\Line.exe
有効 Task {9C5FD40C-CA3F-46E3-94C7-47D5B13CED71} LINE Corporation C:\Program Files (x86)\Naver\LINE\Line.exe


今になって気づいたのですがCCのインストールログにある
Visual Basic 6.0 ランタイム SP6 for TTSneo ゆうと 2014/02/11 2.73 MB 1.0.0.0 についてなのですが
私はこのようなソフトをインストールした覚えはないのですがこのソフトは有害なものではないですか?
単に忘れてるだけかもしれませんが、記憶にないのなら消しておいたほうがいいですか?

よろしくお願いします
  • はちみつ
  • 2015/06/08 (Mon) 21:36:48
返信フォームへ 
CCで続きの処置から
作業と報告、ご苦労様です。

>高校時代にバイトして初めて買った大切なPCなのでめんどくさがらずにアップデートをしていこうと思います

はい、頑張ってご自分で買ったPCなら思い入れも大きいでしょう。
ユーザー自身がPCとそれに入っている全データを守る意識を持つことができれば、自衛も自然とわかってくるものです。
自分もできるかぎり協力しますから、原因と状況をひとつずつ見ながら作業していってください。

>Adobe Reader XI (11.0.11)の更新ができません

これはまた更新不全バグが出てますね。
ではこれはGUを使って一度アンインストール後、ディスククリーンアップ実行した後にAdobe公式サイトに行って同アプリの最新版をダウンロード、再インストールしてください。

ノートンでもまだ警告が出ているようですが、続きのログで色々見つかってますよ。
では以下の手順に沿って続きの作業をお願いします。

Visual Basicは不要ならコントロールパネルからアンインストールしてもいいですが、これは偽装してなければMicrosoftの正規アプリです。
WindowsUpdateか何かの際に他のプログラムとともにまとめて入れた可能性があります。

先の手順でまたCCを起動して「Windows」タブ内の下記を右クリックから「無効」にしたあと続けて「エントリの削除」してください。
>有効 HKLM:Run tuto4pc_jp_17
無効にできないときはそのまま削除でもいいです。

次に「Firefox」タブ内の下記と、
>有効 Extension SuaverPrO 4.31 default C:\Users\Norden\AppData\Roaming\Mozilla\Firefox\Profiles\a6qrbe1w.default\extensions\to-yui@bazshyotlkkdf.co.uk

「スケジュールされたタスク」内の下記も同様に処置です。
>有効 Task DigitalSite C:\Users\Norden\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check

次は下記のツールを準備してください。
「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://www.japan-secure.com/entry/blog-entry-7.html

以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。

注)インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

両ツールのアップデートができたらPCをセーフモードで再起動してから、ディスククリーンアップを使ってゴミファイルの掃除してください。

続いてPCをセーフモード起動してから、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

ACでの作業ができたら次はMBAMの作業です。
セーフモードのままMBAM起動してスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」です。
対象ドライブはCを含めて全ドライブを選択してください。
ですが、もし「フルスキャン」というボタンが表示されない場合はMBAMを最新版に更新してしまった可能性があるので、この時は「カスタムスキャン」を選択してください。
この操作が最新版MBAMでのフルスキャンにあたります。
スキャン対象は全ドライブを選択(チェック)してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとしばらくPC状態を様子見後、作業後に保存したACとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。
  • 悪代官
  • 2015/06/09 (Tue) 22:04:36
返信フォームへ 
攻撃の検知がとまりました
返信遅れて申し訳ありません
彼女に別PCのかなりエグイエロサイトの履歴を見られてしまい死にかけておりました
誰にも見せないし大丈夫だろうと放置していたらこうなってしまいました
守備範囲の広さには自信はあるのですがこんなところで仇になるとは・・
とまあ関係ない話はこのへんにしておきまして

指示された通りに作業を進めて様子見をしてみたところ
ノートンの検知がとまりました
また、PCの動作も軽くなりました

adobe readerについてなのですが
一度アンインストールした後、再びインストールしようとすると
「この製品はすでにインストールされています」と表示されインストールできませんでした
ですが、コントロールパネルを見ても、GUを見ても見当たりません

取得したログは以下の通りです

AC ログ
AdwCleaner v4.206 - ログファイルの作成日 11/06/2015 作成時間 00:24:08
# 更新日 01/06/2015 作成元 Xplode
# データベース : 2015-05-31.5 [ローカル]
# オペレーティングシステム : Windows 7 Home Premium Service Pack 1 (x64)
# ユーザー名 : Norden - KITA-PC
# 実行場所 : E:\悪代官様\AdwCleaner.exe
# オプション : 削除

***** [ サービス ] *****


***** [ ファイル / フォルダ ] *****

フォルダ 削除済み項目 : C:\ProgramData\f5fd9ba50e16f512
フォルダ 削除済み項目 : C:\Program Files (x86)\predm
フォルダ 削除済み項目 : C:\Users\Norden\AppData\Roaming\digitalsite
フォルダ 削除済み項目 : C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
フォルダ 削除済み項目 : C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpneoicaochhlckfkackiigepakdgapj
ファイル 削除済み項目 : C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpneoicaochhlckfkackiigepakdgapj_0.localstorage
ファイル 削除済み項目 : C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpneoicaochhlckfkackiigepakdgapj_0.localstorage-journal

***** [ スケジュールタスク ] *****


***** [ ショートカット ] *****


***** [ レジストリ ] *****

キー 削除済み項目 : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
キー 削除済み項目 : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
キー 削除済み項目 : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
キー 削除済み項目 : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
キー 削除済み項目 : HKCU\Software\dsiteproducts
キー 削除済み項目 : HKCU\Software\InstallCore
キー 削除済み項目 : HKCU\Software\InstalledThirdPartyPrograms
キー 削除済み項目 : HKCU\Software\Tutorials
キー 削除済み項目 : HKCU\Software\TutoTag
キー 削除済み項目 : HKLM\SOFTWARE\Tuto4PC
キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\veoh.com

***** [ Webブラウザ ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v


-\\ Google Chrome v41.0.2272.118

[C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - 削除済み項目 [Extension] : fcfenmboojpjinhpgggodefccipikbpd
[C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - 削除済み項目 [Extension] : mpneoicaochhlckfkackiigepakdgapj

*************************

AdwCleaner[R0].txt - [3340 bytes] - [11/06/2015 00:22:01]
AdwCleaner[S0].txt - [2740 bytes] - [11/06/2015 00:24:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2799 bytes] ##########

MBAM ログ
Malwarebytes Anti-Malware (試用) 1.75.0.1300
www.malwarebytes.org

定義バージョン: v2015.06.10.03

Windows 7 Service Pack 1 x64 NTFS (セーフモード)
Internet Explorer 11.0.9600.17801
Norden :: KITA-PC [管理者]

リアルタイム保護: 無効

2015/06/11 0:33:20
mbam-log-2015-06-11 (00-33-20).txt

スキャンタイプ: フルスキャン (C:\|D:\|E:\|)
有効なスキャン領域: メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン  | ヒューリスティック/Shuriken エンジンを使用してスキャン  | 不審なプログラム (PUP) | 不審な変更 (PUM)
無効なスキャン領域: ピア・ツー・ピアプログラム(P2P)
スキャンしたアイテム数: 585072
経過時間: 43 分, 47 秒

メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)

メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリキーの検出: 1
HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE (PUM.Security.Hijack.DisableChromeUpdates) -> 正常に隔離され削除されました。

レジストリ値の検出: 1
HKLM\SOFTWARE\Policies\Google\Update|DisableAutoUpdateChecksCheckboxValue (PUM.Security.Hijack.DisableChromeUpdates) -> データ: 1 -> 正常に隔離され削除されました。

レジストリデータ項目の検出: 0
(悪意のあるアイテムは検出されていません。)

フォルダの検出: 2
C:\ProgramData\374311380 (Rogue.Multiple) -> 正常に隔離され削除されました。
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} (Trojan.Clicker.FMS) -> 正常に隔離され削除されました。

ファイルの検出: 1
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a (Trojan.Clicker.FMS) -> 正常に隔離され削除されました。

(終)

お手数をお掛けしますがよろしくお願いします
  • はちみつ
  • 2015/06/11 (Thu) 23:56:14
返信フォームへ 
次はOTLで解析します
レスが遅くなってすみません。

PCの履歴を見られたということですが、そんなことでは今回の問題の解決後の自衛も甘くなりますよ。
「謀は密なるをもってよしとす」というように、悪党の基本は秘密を洩らさないことから固めてください(←誰が悪党を目指してると?

>指示された通りに作業を進めて様子見をしてみたところ
>ノートンの検知がとまりました
>また、PCの動作も軽くなりました

状況は改善しつつあるようですね。
気分的にも楽になってきてますか?

adobe readerはまた更新不全バグが出ているようですね。
相変わらず困ったもんです。

とりあえずadobeは後で修正するとして、また続きの解析と処置していきましょうか。

ACとMBAMで検出されたものは全部両ツール上から処置していいです。
処置ができたら両ツールも準備時の説明に沿って片付けてください。

次は別のツールで、まだ隠れているものをあぶりだします。

今度は以下のツールの準備してください。
OTL(OldTimer Listit)
ファイル直リンなので、DLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで分割して、複数回に分けてレス送信してください。

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
  • 悪代官
  • 2015/06/12 (Fri) 20:26:26
返信フォームへ 
OTLのDL
OTLはファイル直リンとのことですが
そのサイトに入っても何も表示されずDLできません
この場合はDownloadからDLすればよろしいでしょうか?
使っているブラウザはIEです
  • はちみつ
  • 2015/06/13 (Sat) 00:39:12
返信フォームへ 
ちょっと気になるところがありますが
レスが遅くなってすみません。
回線障害でまる1日ネット上に出てこれませんでした。

IEでOTLのDLできないとのことですね。
自分の環境でも確認したところ、少し案内を間違えたようです。大変失礼しました。

では先のOTLのページにアクセスしてください。

そこで中央の「Download」ボタンを押してください。
これでOTLがDLできるはずです。

ファイルをデスクトップに保存したら、あとは先の案内に沿って進めてください。

またわからないところがあれば遠慮なく訊いてきていいです。

ただ、少し気になる症状があるので、必要なデータ等のバックアップは今のうちに全部済ませておいてください。

このあと深刻な感染が見つかったら、最悪PCのリカバリで対処してもらうこともありえるので、その準備と心構えもしておいてください
  • 悪代官
  • 2015/06/13 (Sat) 20:52:39
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
夜分遅くに申し訳ありません
この事態は私の危機管理意識の低さが招いたことですので
この掲示板に相談した時点で最悪の場合リカバリでの対処になることは覚悟しております
幸いこのPCは趣味にしか使っておらず、重要なものは入っていないので
リカバリになってしまってもそこまで痛くはありません
せいぜいアカウント情報のメモがあるくらいですので
それでもやはり今までの思い出も詰まっていますのでリカバリとなると寂しいですけどね

さて、OTLのログは次のレスに貼り付けます
Extras.txtはでませんでした
  • はちみつ
  • 2015/06/14 (Sun) 01:47:50
返信フォームへ 
OTLログ
OTL logfile created on: 2015/06/14 1:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\悪代官様
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.92 Gb Total Physical Memory | 13.62 Gb Available Physical Memory | 85.56% Memory free
31.84 Gb Paging File | 29.51 Gb Available in Paging File | 92.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 466.76 Gb Total Space | 293.11 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive E: | 464.66 Gb Total Space | 446.88 Gb Free Space | 96.17% Space Free | Partition Type: NTFS

Computer Name: KITA-PC | User Name: Norden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/06/14 01:03:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\悪代官様\OTL.exe
PRC - [2015/05/23 10:48:01 | 002,754,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/05/23 10:47:58 | 001,893,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/03/07 15:42:49 | 000,276,336 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
PRC - [2015/02/06 02:57:45 | 000,410,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2015/02/05 09:25:00 | 000,187,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/26 07:21:32 | 000,114,176 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHdaSvc.exe
PRC - [2013/12/23 20:17:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/04/30 12:25:22 | 000,286,704 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/04/30 12:25:22 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/04/11 12:11:06 | 000,292,848 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/03/14 14:42:38 | 000,248,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
PRC - [2013/03/12 13:19:36 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/03/12 13:19:36 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/10/01 17:24:09 | 000,724,480 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
PRC - [2012/07/24 12:06:16 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
PRC - [2012/06/14 12:05:16 | 000,648,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
PRC - [2012/06/14 12:05:00 | 000,233,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
PRC - [2011/10/19 17:30:49 | 000,423,424 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/05/31 15:33:00 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ea543310204d0addfaf9792d820e958d\PresentationFramework.ni.dll
MOD - [2015/05/31 15:32:45 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll
MOD - [2015/05/31 15:32:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll
MOD - [2015/05/31 15:32:32 | 012,254,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef204c8310562595a0518e356fb15387\PresentationCore.ni.dll
MOD - [2015/05/31 15:32:22 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1c3513960037508558358652f2d202a1\WindowsBase.ni.dll
MOD - [2015/05/23 10:48:01 | 000,011,920 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015/05/18 02:55:01 | 001,071,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8d17de4cf6bd55506c509502178d2c20\System.ServiceModel.Web.ni.dll
MOD - [2015/05/18 02:54:34 | 002,964,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\dd7948371a8babd1bc4291924ec94d05\System.IdentityModel.ni.dll
MOD - [2015/05/18 02:54:33 | 019,547,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a78078ff6ff0c28ef3bf65bd84e193f0\System.ServiceModel.ni.dll
MOD - [2015/05/18 02:51:25 | 012,897,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a0b4e6b92d9c147d801a6f2e3a15080b\System.Windows.Forms.ni.dll
MOD - [2015/05/18 02:51:24 | 006,982,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c61bafa9d029e3f2bf83bd5af3f1f5ac\System.Core.ni.dll
MOD - [2015/05/18 02:51:22 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\908075c4922acdf834c67ac802814c9d\System.Configuration.ni.dll
MOD - [2015/03/02 03:13:21 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MOD - [2015/03/02 03:12:36 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\93a0883923e78cc3e80b7ac4a9768c60\SMDiagnostics.ni.dll
MOD - [2015/03/01 20:21:01 | 001,873,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll
MOD - [2015/03/01 20:20:41 | 002,855,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll
MOD - [2015/03/01 20:20:40 | 000,790,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\14cc73701aac461eb89d6473a88fcd56\System.ServiceModel.Internals.ni.dll
MOD - [2015/03/01 20:20:14 | 001,642,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd2f9ea99ac0f984b9dc430824638c9f\System.Drawing.ni.dll
MOD - [2015/03/01 20:19:41 | 007,793,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll
MOD - [2015/03/01 20:19:35 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MOD - [2014/10/26 16:43:03 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/26 16:42:46 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/12 21:11:07 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2012/10/03 15:37:55 | 000,745,472 | ---- | M] () -- C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\ja-JP\SBZ.resources.dll
MOD - [2012/07/24 12:06:16 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
MOD - [2012/06/14 12:06:20 | 000,500,064 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2012/06/14 11:57:22 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
MOD - [2012/06/14 11:56:52 | 000,481,792 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2012/06/14 11:55:22 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2012/06/14 11:54:18 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
MOD - [2011/08/17 16:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 16:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 16:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 20:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2011/08/15 20:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 20:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 20:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 19:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/07/19 16:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2011/07/19 16:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
MOD - [2010/11/13 08:18:15 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089\mscorlib.resources.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/05/26 03:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/05/23 10:47:58 | 001,152,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:[b]64bit:[/b] - [2015/05/23 10:47:56 | 023,006,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2015/05/23 03:47:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2013/04/30 12:25:22 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:[b]64bit:[/b] - [2013/03/14 14:42:48 | 000,182,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:[b]64bit:[/b] - [2013/02/23 04:46:08 | 000,183,048 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/02/19 22:10:18 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:[b]64bit:[/b] - [2013/02/13 12:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/02/13 12:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2015/06/03 23:11:28 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/05/23 10:47:58 | 001,893,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015/03/07 15:42:49 | 000,276,336 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe -- (NIS)
SRV - [2015/02/18 20:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/02/06 02:57:45 | 000,410,952 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2015/02/05 09:25:00 | 000,187,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/26 07:21:32 | 000,114,176 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CtHdaSvc.exe -- (CtHdaSvc)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/23 20:17:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/11/07 07:12:11 | 005,204,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/09/18 18:41:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2013/09/16 14:44:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/09/16 14:44:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/03/12 13:20:14 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/12 13:19:36 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/03/12 13:19:36 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2013/03/08 17:04:02 | 000,247,768 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/10/19 17:30:49 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/06/02 06:13:32 | 000,043,616 | ---- | M] (SteelSeries ApS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sshid.sys -- (sshid)
DRV:[b]64bit:[/b] - [2015/06/02 06:13:32 | 000,032,792 | ---- | M] (SteelSeries ApS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssdevfactory.sys -- (ssdevfactory)
DRV:[b]64bit:[/b] - [2015/06/02 06:13:32 | 000,008,704 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:[b]64bit:[/b] - [2015/05/23 10:47:56 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:[b]64bit:[/b] - [2015/04/03 22:21:00 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2015/03/04 03:47:18 | 000,129,600 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:[b]64bit:[/b] - [2015/03/01 18:57:38 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2015/02/05 09:24:36 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:[b]64bit:[/b] - [2014/12/30 18:35:54 | 000,177,832 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:[b]64bit:[/b] - [2014/12/30 18:35:54 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:[b]64bit:[/b] - [2014/11/26 07:21:30 | 001,065,728 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthda.sys -- (cthda)
DRV:[b]64bit:[/b] - [2014/08/26 11:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2014/08/26 11:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\srtspx64.sys -- (SRTSPX)
DRV:[b]64bit:[/b] - [2014/08/07 04:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2014/03/04 13:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\symefa64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2014/02/18 10:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2013/11/17 16:16:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2013/10/02 11:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/09/26 11:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\ccsetx64.sys -- (ccSet_NIS)
DRV:[b]64bit:[/b] - [2013/09/10 11:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2013/04/30 12:25:00 | 000,677,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2013/04/30 12:25:00 | 000,028,656 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:[b]64bit:[/b] - [2013/04/11 12:10:40 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2013/04/11 12:10:38 | 000,785,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2013/04/11 12:10:38 | 000,366,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2013/03/14 14:34:46 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:[b]64bit:[/b] - [2013/03/14 14:34:44 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:[b]64bit:[/b] - [2013/03/14 14:34:44 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:[b]64bit:[/b] - [2013/03/12 13:19:36 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2013/02/26 18:23:40 | 000,496,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d62x64.sys -- (e1dexpress)
DRV:[b]64bit:[/b] - [2012/10/02 17:20:48 | 000,026,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cthdb.sys -- (cthdb)
DRV:[b]64bit:[/b] - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 23:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2015/05/31 15:49:07 | 000,684,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150612.001\IDSviA64.sys -- (IDSVia64)
DRV - [2015/05/31 15:48:42 | 000,489,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2015/05/31 15:48:42 | 000,145,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2015/05/22 00:44:33 | 001,640,152 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150601.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2015/01/20 21:35:07 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150612.016\ex64.sys -- (NAVEX15)
DRV - [2015/01/20 21:35:06 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150612.016\eng64.sys -- (NAVENG)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.jp/
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 51 78 DD 4C B4 CE 01 [binary data]
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.co.jp/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll (gameon)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\Common files\nppmangsupport.dll (gameon)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangvoicechat-1: C:\GameOn\VoiceChat\nppmangvoicechat_0.dll (gameon)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Norden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2015/06/14 01:14:55 | 000,000,000 | ---D | M]

[2013/12/23 18:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norden\AppData\Roaming\mozilla\Extensions
[2015/06/10 23:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norden\AppData\Roaming\mozilla\Firefox\Profiles\a6qrbe1w.default\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.611.10417_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coieplg.dll (Symantec Corporation)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft アカウント サインイン ヘルパー) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coieplg.dll (Symantec Corporation)
O3:[b]64bit:[/b] - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coieplg.dll (Symantec Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Sound Blaster Z-Series Control Panel] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2496508845-3908087860-442368213-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{322EA548-84E4-4554-8ADC-2D33DB1C6128}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/06/11 00:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/06/11 00:12:05 | 000,000,000 | ---D | C] -- C:\Users\Norden\AppData\Roaming\Malwarebytes
[2015/06/11 00:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/06/10 23:40:02 | 014,635,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2015/06/10 23:40:01 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2015/06/10 23:40:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2015/06/10 23:40:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2015/06/10 23:40:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2015/06/10 23:40:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2015/06/10 23:40:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2015/06/10 23:40:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2015/06/10 23:40:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2015/06/10 23:40:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2015/06/10 23:39:58 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2015/06/10 23:39:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/06/10 23:39:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/06/10 23:39:49 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/06/10 23:39:49 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/06/10 23:39:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/06/10 23:39:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/06/10 23:39:49 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/06/10 23:39:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/06/10 23:39:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/06/10 23:39:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/06/10 23:39:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/06/10 23:39:48 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/06/10 23:39:48 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/06/10 23:39:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/06/10 23:39:48 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/06/10 23:39:48 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/06/10 23:39:48 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/06/10 23:39:48 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/06/10 23:39:48 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/06/10 23:39:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/06/10 23:39:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/06/10 23:39:47 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/06/10 23:39:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/06/10 23:39:47 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/06/10 23:39:47 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/06/10 23:39:47 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/06/10 23:39:46 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/06/10 23:39:46 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/06/10 23:39:46 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/06/10 23:39:46 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/06/10 23:39:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/06/10 23:39:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/06/10 23:39:46 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/06/10 23:39:45 | 006,026,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/06/10 23:39:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/06/10 23:39:45 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/06/10 23:39:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[201
  • はちみつ
  • 2015/06/14 (Sun) 01:49:00
返信フォームへ 
続き
申し訳ありません切れてますね
続きを貼って起きます


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/06/11 00:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/06/11 00:12:05 | 000,000,000 | ---D | C] -- C:\Users\Norden\AppData\Roaming\Malwarebytes
[2015/06/11 00:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/06/10 23:40:02 | 014,635,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2015/06/10 23:40:01 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2015/06/10 23:40:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2015/06/10 23:40:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2015/06/10 23:40:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2015/06/10 23:40:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2015/06/10 23:40:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2015/06/10 23:40:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2015/06/10 23:40:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2015/06/10 23:40:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2015/06/10 23:39:58 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2015/06/10 23:39:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/06/10 23:39:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/06/10 23:39:49 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/06/10 23:39:49 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/06/10 23:39:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/06/10 23:39:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/06/10 23:39:49 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/06/10 23:39:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/06/10 23:39:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/06/10 23:39:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/06/10 23:39:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/06/10 23:39:48 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/06/10 23:39:48 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/06/10 23:39:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/06/10 23:39:48 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/06/10 23:39:48 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/06/10 23:39:48 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/06/10 23:39:48 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/06/10 23:39:48 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/06/10 23:39:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/06/10 23:39:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/06/10 23:39:47 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/06/10 23:39:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/06/10 23:39:47 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/06/10 23:39:47 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/06/10 23:39:47 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/06/10 23:39:46 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/06/10 23:39:46 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/06/10 23:39:46 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/06/10 23:39:46 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/06/10 23:39:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/06/10 23:39:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/06/10 23:39:46 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/06/10 23:39:45 | 006,026,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/06/10 23:39:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/06/10 23:39:45 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/06/10 23:39:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/06/10 23:39:45 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/06/10 23:39:45 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/06/08 01:45:08 | 000,000,000 | ---D | C] -- C:\Users\Norden\AppData\Roaming\Geek Uninstaller
[2015/06/08 01:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2015/06/08 01:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2015/06/08 01:08:04 | 000,048,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2015/06/08 01:08:04 | 000,038,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2015/06/08 00:45:35 | 000,000,000 | ---D | C] -- C:\Users\Norden\Tracing
[2015/06/08 00:36:10 | 000,000,000 | -HSD | C] -- C:\Users\Norden\AppData\Local\EmieUserList
[2015/06/08 00:36:10 | 000,000,000 | -HSD | C] -- C:\Users\Norden\AppData\Local\EmieSiteList
[2015/06/08 00:36:10 | 000,000,000 | -HSD | C] -- C:\Users\Norden\AppData\Local\EmieBrowserModeList
[2015/06/08 00:17:04 | 000,129,600 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpnk.sys
[2015/06/08 00:16:42 | 000,037,184 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpmgrk.sys
[2015/06/08 00:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2015/06/08 00:08:55 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2015/06/08 00:08:52 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2015/06/08 00:08:52 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2015/06/08 00:08:52 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2015/06/08 00:08:52 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2015/06/08 00:08:52 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2015/06/08 00:08:52 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2015/06/08 00:08:52 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2015/06/08 00:08:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2015/06/08 00:08:52 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2015/06/08 00:08:52 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2015/06/08 00:08:52 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/06/08 00:08:52 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2015/06/08 00:08:52 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2015/06/08 00:08:52 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2015/06/08 00:08:52 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2015/06/08 00:08:52 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/06/08 00:08:52 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2015/06/08 00:08:52 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2015/06/08 00:08:52 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2015/06/08 00:08:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2015/06/08 00:08:52 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2015/06/08 00:08:52 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2015/06/08 00:08:52 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2015/06/08 00:08:52 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2015/06/08 00:08:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2015/06/08 00:08:52 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2015/06/08 00:08:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2015/06/08 00:08:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2015/06/08 00:08:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2015/06/08 00:08:52 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2015/06/08 00:08:52 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2015/06/08 00:08:52 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2015/06/08 00:08:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2015/06/08 00:08:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2015/06/08 00:08:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2015/06/08 00:08:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2015/06/08 00:08:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2015/06/08 00:08:52 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2015/06/08 00:08:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2015/06/08 00:08:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2015/06/08 00:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2015/06/08 00:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2015/06/08 00:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2015/06/08 00:02:49 | 001,255,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2015/06/08 00:02:46 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/06/08 00:02:46 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2015/06/08 00:02:46 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2015/06/08 00:02:46 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2015/06/08 00:02:45 | 005,569,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/06/08 00:02:45 | 003,989,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/06/08 00:02:45 | 003,934,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/06/08 00:02:45 | 001,728,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/06/08 00:02:45 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2015/06/08 00:02:45 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2015/06/08 00:02:45 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/06/08 00:02:45 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe
[2015/06/08 00:02:45 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2015/06/08 00:02:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2015/06/08 00:02:45 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/06/08 00:02:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/06/08 00:02:45 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2015/06/08 00:02:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2015/06/08 00:02:45 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2015/06/08 00:02:45 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2015/06/08 00:02:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2015/06/08 00:02:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2015/06/08 00:02:44 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/06/08 00:02:44 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015/06/08 00:02:44 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/06/08 00:02:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/06/08 00:02:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/06/08 00:02:44 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe
[2015/06/08 00:02:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015/06/08 00:02:44 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2015/06/08 00:02:44 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe
[2015/06/08 00:02:44 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2015/06/08 00:02:44 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/06/08 00:02:44 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/06/08 00:02:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2015/06/08 00:02:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe
[2015/06/08 00:02:44 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe
[2015/06/08 00:02:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2015/06/08 00:02:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2015/06/08 00:02:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2015/06/08 00:02:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2015/06/08 00:02:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2015/06/08 00:02:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2015/06/08 00:02:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2015/06/08 00:02:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2015/06/08 00:02:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2015/06/08 00:02:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2015/06/08 00:02:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2015/06/08 00:02:43 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/06/08 00:02:43 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/06/08 00:02:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/06/08 00:02:43 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/06/08 00:02:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/06/08 00:02:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/06/08 00:02:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll
[2015/06/08 00:02:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2015/06/08 00:02:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015/06/08 00:02:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015/06/08 00:02:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2015/06/08 00:02:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2015/06/08 00:02:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2015/06/08 00:02:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2015/06/08 00:02:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2015/06/08 00:02:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2015/06/08 00:02:39 | 003,147,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/06/08 00:02:39 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/06/08 00:02:39 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/06/08 00:02:39 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/06/08 00:02:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/06/08 00:02:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/06/08 00:02:39 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/06/08 00:02:39 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/06/08 00:02:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/06/08 00:02:39 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/06/08 00:02:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/06/08 00:02:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/06/08 00:02:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/06/08 00:02:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/06/08 00:02:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/06/08 00:02:37 | 001,632,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2015/06/08 00:02:37 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2015/06/08 00:02:37 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmapi.dll
[2015/06/08 00:00:28 | 000,069,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2015/06/07 19:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/06/07 19:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/06/07 18:55:08 | 001,119,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/06/07 18:55:08 | 001,021,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/06/07 18:55:08 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/06/07 18:55:08 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/06/07 18:55:08 | 000,423,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/06/07 18:55:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015/06/07 18:55:08 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015/06/07 18:55:07 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/06/02 06:13:32 | 000,043,616 | ---- | C] (SteelSeries ApS) -- C:\Windows\SysNative\drivers\sshid.sys
[2015/06/02 06:13:32 | 000,032,792 | ---- | C] (SteelSeries ApS) -- C:\Windows\SysNative\drivers\ssdevfactory.sys
[2015/06/02 06:13:32 | 000,008,704 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
[2015/05/18 02:49:04 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/05/18 02:49:04 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/05/17 14:11:03 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2015/05/17 14:11:03 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2015/05/17 14:11:01 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2015/05/17 14:10:23 | 001,647,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/05/17 14:10:18 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2015/05/17 14:10:18 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2015/05/17 14:10:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2015/05/17 14:10:16 | 002,543,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2015/05/17 14:10:15 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2015/05/17 14:10:15 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2015/05/17 14:10:13 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2015/05/17 14:10:13 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2015/05/17 14:10:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2015/05/17 14:10:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/06/14 01:31:44 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/06/14 01:31:00 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/06/14 01:23:16 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/06/14 01:23:16 | 000,028,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/06/14 01:14:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/06/14 01:13:54 | 4231,131,134 | -HS- | M] () -- C:\hiberfil.sys
[2015/06/13 02:14:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/06/11 23:21:55 | 000,264,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/06/11 02:26:30 | 001,705,960 | ---- | M] (GameOn) -- C:\Windows\PmangDownloader.exe
[2015/06/11 01:32:05 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/06/08 01:15:59 | 000,002,228 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
[2015/06/08 00:38:14 | 001,316,588 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/06/08 00:38:14 | 000,655,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/06/08 00:38:14 | 000,412,200 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2015/06/08 00:38:14 | 000,122,744 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2015/06/08 00:38:14 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/06/08 00:08:55 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2015/06/08 00:08:52 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2015/06/08 00:08:52 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2015/06/08 00:08:52 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2015/06/08 00:08:52 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2015/06/08 00:08:52 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2015/06/08 00:08:52 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2015/06/08 00:08:52 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2015/06/08 00:08:52 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2015/06/08 00:08:52 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2015/06/08 00:08:52 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2015/06/08 00:08:52 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/06/08 00:08:52 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2015/06/08 00:08:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2015/06/08 00:08:52 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2015/06/08 00:08:52 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2015/06/08 00:08:52 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/06/08 00:08:52 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2015/06/08 00:08:52 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2015/06/08 00:08:52 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2015/06/08 00:08:52 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2015/06/08 00:08:52 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2015/06/08 00:08:52 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2015/06/08 00:08:52 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2015/06/08 00:08:52 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2015/06/08 00:08:52 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2015/06/08 00:08:52 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2015/06/08 00:08:52 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2015/06/08 00:08:52 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2015/06/08 00:08:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2015/06/08 00:08:52 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2015/06/08 00:08:52 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2015/06/08 00:08:52 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2015/06/08 00:08:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2015/06/08 00:08:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2015/06/08 00:08:52 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2015/06/08 00:08:52 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2015/06/08 00:08:52 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2015/06/08 00:08:52 | 000,016,303 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2015/06/08 00:08:52 | 000,016,303 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2015/06/08 00:08:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2015/06/08 00:08:52 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2015/06/08 00:08:52 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2015/06/08 00:06:07 | 001,295,436 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/06/07 19:55:44 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/06/03 23:11:24 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/06/03 23:11:24 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/06/02 06:13:32 | 000,043,616 | ---- | M] (SteelSeries ApS) -- C:\Windows\SysNative\drivers\sshid.sys
[2015/06/02 06:13:32 | 000,032,792 | ---- | M] (SteelSeries ApS) -- C:\Windows\SysNative\drivers\ssdevfactory.sys
[2015/06/02 06:13:32 | 000,008,704 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
[2015/05/26 03:24:00 | 005,569,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/05/26 03:21:21 | 001,728,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/05/26 03:19:27 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2015/05/26 03:19:27 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2015/05/26 03:19:27 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2015/05/26 03:19:26 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2015/05/26 03:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2015/05/26 03:19:10 | 000,879,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2015/05/26 03:19:10 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/05/26 03:19:10 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/05/26 03:19:09 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/05/26 03:19:09 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2015/05/26 03:19:09 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/05/26 03:19:09 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/05/26 03:19:04 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/05/26 03:19:04 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2015/05/26 03:19:02 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/05/26 03:19:02 | 001,162,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2015/05/26 03:19:02 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2015/05/26 03:18:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015/05/26 03:18:54 | 000,879,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2015/05/26 03:18:45 | 000,404,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe
[2015/05/26 03:18:45 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe
[2015/05/26 03:18:39 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015/05/26 03:18:32 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/05/26 03:18:30 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2015/05/26 03:18:19 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2015/05/26 03:18:11 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe
[2015/05/26 03:18:08 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2015/05/26 03:18:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/05/26 03:14:26 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/05/26 03:14:04 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/05/26 03:11:40 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015/05/26 03:11:40 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2015/05/26 03:11:40 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2015/05/26 03:11:40 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2015/05/26 03:11:40 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/05/26 03:11:40 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2015/05/26 03:11:40 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2015/05/26 03:11:40 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2015/05/26 03:11:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2015/05/26 03:11:39 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2015/05/26 03:11:39 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2015/05/26 03:11:38 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/05/26 03:07:34 | 003,989,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/05/26 03:07:34 | 003,934,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/05/26 03:01:42 | 000,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2015/05/26 03:01:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2015/05/26 03:00:44 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe
[2015/05/26 03:00:40 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2015/05/26 03:00:28 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2015/05/26 03:00:25 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2015/05/26 03:00:17 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2015/05/26 03:00:09 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe
[2015/05/26 03:00:04 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/05/26 02:59:52 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2015/05/26 02:57:31 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/05/26 02:57:15 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/05/26 02:55:18 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015/05/26 02:55:18 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2015/05/26 02:55:18 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2015/05/26 02:55:18 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2015/05/26 02:55:18 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2015/05/26 02:55:18 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2015/05/26 02:55:18 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2015/05/26 02:55:18 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2015/05/26 02:55:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2015/05/26 02:55:17 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/05/26 02:00:56 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll
[2015/05/26 01:50:38 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2015/05/26 01:50:36 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2015/05/26 01:48:25 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2015/05/26 01:48:25 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2015/05/26 01:48:25 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2015/05/26 01:48:25 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2015/05/23 12:15:40 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/05/23 12:15:02 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/05/23 12:14:51 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/05/23 12:13:48 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/05/23 12:08:33 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/05/23 12:06:27 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/05/23 12:05:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/05/23 12:05:06 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/05/23 12:04:50 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/05/23 11:52:43 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/05/23 11:49:54 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/05/23 11:48:21 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/05/23 11:37:45 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/05/23 11:37:25 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/05/23 11:14:55 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/05/23 10:47:15 | 001,320,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2015/05/23 10:47:15 | 001,316,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2015/05/23 10:47:06 | 001,756,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2015/05/23 10:47:06 | 001,571,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2015/05/23 04:16:44 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/05/23 04:01:42 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/05/23 04:00:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/05/23 04:00:47 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/05/23 04:00:25 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/05/23 03:59:27 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/05/23 03:52:27 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/05/23 03:52:21 | 006,026,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/05/23 03:48:50 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/05/23 03:47:49 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/05/23 03:47:34 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/05/23 03:47:12 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/05/23 03:47:03 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/05/23 03:40:17 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/05/23 03:36:15 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/05/23 03:29:31 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/05/23 03:25:02 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/05/23 03:24:10 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/05/23 03:21:18 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/05/23 03:18:41 | 000,700,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/05/23 03:18:29 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/05/23 03:18:24 | 000,423,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/05/23 03:18:22 | 001,021,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/05/23 03:18:21 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/05/23 03:18:21 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015/05/23 03:13:03 | 001,119,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/05/23 03:07:35 | 000,720,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/05/23 03:06:53 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/05/23 03:05:28 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/05/23 03:05:06 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/05/23 02:26:39 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/05/21 22:19:52 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/06/08 00:08:52 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2015/06/08 00:08:52 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2015/06/07 19:55:44 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/23 17:31:03 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/12/23 17:30:52 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/09/16 14:33:14 | 001,295,436 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 14:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 14:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2015/06/13 02:14:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/06/14 01:31:00 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/06/14 01:31:44 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA DT01ACA100 SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 467.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 465.00GB
Starting Offset: 501281193984
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/03/04 13:41:26 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2013/02/27 14:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2015/05/26 03:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2015/02/03 12:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2012/02/11 15:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2015/05/26 03:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (
  • はちみつ
  • 2015/06/14 (Sun) 01:54:35
返信フォームへ 
続き2
また切れてますね
本当に申し訳ないです


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/03/04 13:41:26 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2013/02/27 14:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2015/05/26 03:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2015/02/03 12:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2012/02/11 15:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2015/05/26 03:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2015/05/26 03:18:19 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2010/11/21 12:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 12:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2015/05/09 12:27:37 | 002,589,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >
  • はちみつ
  • 2015/06/14 (Sun) 01:59:15
返信フォームへ 
Extras.txt
Extras.txtが見つかりました
どうやら見落としていたようです

OTL Extras logfile created on: 2015/06/14 1:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\悪代官様
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.92 Gb Total Physical Memory | 13.62 Gb Available Physical Memory | 85.56% Memory free
31.84 Gb Paging File | 29.51 Gb Available in Paging File | 92.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 466.76 Gb Total Space | 293.11 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive E: | 464.66 Gb Total Space | 446.88 Gb Free Space | 96.17% Space Free | Partition Type: NTFS

Computer Name: KITA-PC | User Name: Norden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E899E4-66BD-4F9F-8310-98C96441B522}" = lport=137 | protocol=17 | dir=in | app=system |
"{04848512-D600-4863-B584-DBE60D68A7E2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{04D58196-1862-4E5B-9048-581E66E09F4B}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{08C4FE5E-8C70-4BB1-9BD3-497E0EFB8149}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FA8F641-4727-4F47-8254-1BFA583D3853}" = rport=137 | protocol=17 | dir=out | app=system |
"{17FA8B4F-6687-4903-8BEF-312DEE5B2BC2}" = lport=138 | protocol=17 | dir=in | app=system |
"{1BE19C67-15BB-488B-9E4D-77CA6349863B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1C69B58F-E3C7-4EF8-B392-7CE0BEF151D4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{20D7E096-47B6-4627-957B-26E9ABB39951}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24C26D9F-9AFA-4DDD-B2FF-03ECC97A67BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{313E0CB0-87B3-4B1B-A402-0C33B0D4A51B}" = rport=138 | protocol=17 | dir=out | app=system |
"{4043E3DF-ED13-45A3-8A3B-3738C2D5048D}" = rport=139 | protocol=6 | dir=out | app=system |
"{48DCF9AC-419D-4AAA-B1FE-376B975F198F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{4A8C7F53-7D3E-4E48-A39E-1E0C0F078DB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{655D94F6-0867-4954-BF60-8E6C8F41CD96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6655AB45-7CAF-4BFF-9E72-2C9B039F17FB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6ABA9F90-485C-44FA-9A71-3EFF0730F12C}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{7AB22AD4-7614-452E-9EB7-80BBB8EEB69E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{83F7E654-7729-4DEE-8D1C-649C64808D71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89B317BA-07D0-46F1-A93F-72DC3B42F40C}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{91E03B09-8436-4A7C-9B69-227BDC8E9755}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9A29AA1F-C4DD-4E6C-AEB4-A842D79E4FC7}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C2F5C4D-198C-4A2F-B5F2-79DA57C9EB51}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A33C60B7-552B-4EF3-885B-FBD68629498E}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{A8E89C4B-D3A0-44A5-BA15-EBFCADC63BD4}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C4B5FF81-F33F-474E-975F-146EF35311B5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C69A8B23-98AA-4D76-A464-386D18F56077}" = rport=445 | protocol=6 | dir=out | app=system |
"{C7F49215-867A-4C13-B4D3-52FE4D541899}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1AF18CD-50D9-4F1A-8DF9-4F03F34EDD42}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{D4BAC1A2-0533-4824-9B10-7D732E227C33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D64311A1-BAAF-458B-8FD4-9A88EEAE3068}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3C302EE-A366-42DA-A7C2-0E3015BDF780}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{ED9D3E74-635C-44F0-9B19-DDAF0805C960}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFF6DEE2-0DE2-41E4-BE15-80D46B8B4BEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F578CC63-924F-4951-9435-9A9049E980FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090F5F3F-5DC1-4F6C-B3F6-C59B8727AD85}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{136B0E86-AB89-4C57-84DD-14DA22AC0CFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E3DA24A-EF17-4F06-96D7-465EF32D68E4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{2CBD891F-5515-4999-9781-C93259252879}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{37514F52-BEBC-4D94-BE5C-F1AA801A7ECC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4A0AA524-BB3A-47C6-B93B-332DA593D134}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4FB78F90-64C3-4CBE-9630-7DD6FB787318}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{52BF1B7A-1CF1-4D6D-B4D9-47D4B8546FF7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5309FF89-9AE8-4C63-BECC-56227CB0A519}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55ACBAB1-3072-432F-9F49-41291C673898}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55FA955F-2722-4871-A4EF-7585B0BF8DC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B146F80-199C-4022-B412-774F04386636}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{734F3BDB-7194-4632-8A3E-F917E481651F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{7ADC89F6-A992-4964-9AC6-058F0EA683C7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{7BDEFE62-F64F-46F5-808D-F8F5CAB9389A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{845B94F2-8498-4738-848C-81FC9CB5184E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DCB8714-FD4E-4A81-867C-E9A1EF07FCEC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FD472D1-F22F-4C1A-A087-20F86386C908}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A559DA31-5D15-45EF-B718-8FFE823024E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A657D3D7-2503-47AB-A0A3-786C9C4F0110}" = protocol=58 | dir=in | app=system |
"{AD854BB2-BC01-4BB3-872D-B3475E63A999}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBA0F75B-BE10-4FA9-AECA-E538F33303AE}" = protocol=6 | dir=out | app=system |
"{C22B1F25-74D2-412E-A884-D4FF4CE2A485}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{C891144F-8BE7-4DAA-BE64-4F98548F485C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CCE1AE90-67B4-42AA-ABB9-D2CDF440B902}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD5FDE47-C570-4A20-9C4A-E8972D2EA9BD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5D7FF5F-3E18-4E49-98C4-1F1DB2FCDCEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6EE2267-0AED-4B8F-B861-B5B01D9EFF6C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EDC00711-B531-4785-A382-C9002E55CCA5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EED51D35-0F2A-4FFB-8629-2458146075EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5E50C4B-69BA-4A64-943E-BC0908AC14F0}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F7FA4EB5-B07F-4700-89B1-9F3B9ECC913F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FB111430-85D6-41F2-9B34-D113BB6FCA37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD8A4A18-33A1-41A3-B809-C4018AEAD2BE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

  • はちみつ
  • 2015/06/14 (Sun) 03:22:19
返信フォームへ 
Extras 続き
続きのログを貼ります

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{54F2237F-018C-483B-8884-9FC0D88840C3}" = VC_CRT_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63B4D665-34F5-333A-BE00-6DDE0CBD4A6C}" = Microsoft .NET Framework 4.5.2 (JPN)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041" = Microsoft .NET Framework 4.5.2 (日本語)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision ドライバー 347.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA コントロール パネル 347.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA グラフィックス ドライバー 347.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.4.5.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision コントローラー ドライバー 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX システム ソフトウェア 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.4.5.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD オーディオ ドライバー 1.3.33.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.4.5.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.28
"{B4ED896A-2F5F-4FF4-B403-9DF832E1F21F}" = Intel(R) Network Connections 18.2.63.0
"{B71910C5-BE1F-4091-A685-3FA2342A7635}" = Intel(R) Smart Connect Technology 4.1 x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{E83FDB2A-C81C-403D-8FD3-A816A89AF80C}" = Intel(R) Rapid Storage Technology
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"0AEBEF6F936CFE16E003F7E141631FAB754D9816" = Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349)
"CCleaner" = CCleaner
"PROSetDX" = Intel(R) Network Connections 18.2.63.0
"SteelSeries Engine 3" = SteelSeries Engine 3.3.7.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1823A9EA-B44D-42F5-947C-EFDC7980D975}" = Movie Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype(TM) 7.5
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3909089F-3AC2-42B1-B8EC-06AEF1F8F430}" = Windows Live UX Platform Language Pack
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{42D656E1-DBDB-48DE-B4A7-BBB121866A96}" = Photo Common
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{47954582-81A8-44D4-A631-E6AE58E80399}" = Sound Blaster Z-Series
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85615B5F-F490-452E-87E6-C74F7A1900A0}" = Windows Live Essentials
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92B24D5E-827C-4FF3-A604-BD603FE3A34F}" = フォト ギャラリー
"{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}" = Sound Blaster Z-Series Extras
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18968F4-7246-4482-B375-C15064371302}" = Visual Basic 6.0 ランタイム SP6 for TTSneo
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 17 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-08-01
"Dolby Digital Live Pack" = Dolby Digital Liveパック
"Dxtory2.0_is1" = Dxtory バージョン 2.0.123
"ESN Sonar-0.70.4" = ESN Sonar
"Google Chrome" = Google Chrome
"http://pso2.jp/appid/release_is1" = PHANTASY STAR ONLINE 2
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"Jane Style_is1" = Jane Style Version 3.75
"League of Legends 3.0.1" = League of Legends
"LINE" = LINE
"Neffy" = Neffy 1,2,5,0
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Pmang" = Pmangインストールマネージャー
"Pmang_AVA" = Alliance of Valiant Arms
"Pmang_common" = Common
"Pmang_VoiceChat" = VoiceChat
"PunkBusterSvc" = PunkBuster Services
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"WavePad" = WavePad 音声編集ソフト
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2015/06/07 5:47:54 | Computer Name = kita-PC | Source = ISCTAgent | ID = 1000
Description = ISCT - CISCTPnpDriverApi::CreateInstance *****Unable to open the
ISCT device driver

Error - 2015/06/07 5:48:02 | Computer Name = kita-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (NvVAD endpoint registration failed [0]).

Error - 2015/06/07 5:48:02 | Computer Name = kita-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (Failed to set NvVAD endpoint as default Audio
endpoint [0]).

Error - 2015/06/07 5:48:02 | Computer Name = kita-PC | Source = NvStreamSvc | ID = 133073
Description = An error has occurred (NvVAD initialization failed [6]).

Error - 2015/06/07 5:48:57 | Computer Name = kita-PC | Source = WinMgmt | ID = 10
Description =

Error - 2015/06/07 11:31:47 | Computer Name = kita-PC | Source = ISCTAgent | ID = 1000
Description = ISCT - CISCTPnpDriverApi::CreateInstance *****Unable to open the
ISCT device driver

Error - 2015/06/07 11:32:17 | Computer Name = kita-PC | Source = WinMgmt | ID = 10
Description =

Error - 2015/06/07 11:45:40 | Computer Name = kita-PC | Source = MsiInstaller | ID = 11721
Description =

Error - 2015/06/07 11:53:18 | Computer Name = kita-PC | Source = ISCTAgent | ID = 1000
Description = ISCT - CISCTPnpDriverApi::CreateInstance *****Unable to open the
ISCT device driver

Error - 2015/06/07 11:54:16 | Computer Name = kita-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2015/06/11 11:30:46 | Computer Name = kita-PC | Source = Schannel | ID = 36888
Description = 次の致命的な警告が生成されました: 40。内部エラーの状態は 252 です。

Error - 2015/06/11 11:30:46 | Computer Name = kita-PC | Source = Schannel | ID = 36888
Description = 次の致命的な警告が生成されました: 40。内部エラーの状態は 252 です。

Error - 2015/06/11 11:30:46 | Computer Name = kita-PC | Source = Schannel | ID = 36888
Description = 次の致命的な警告が生成されました: 40。内部エラーの状態は 252 です。

Error - 2015/06/11 11:30:46 | Computer Name = kita-PC | Source = Schannel | ID = 36888
Description = 次の致命的な警告が生成されました: 40。内部エラーの状態は 252 です。

Error - 2015/06/12 11:27:10 | Computer Name = kita-PC | Source = Service Control Manager | ID = 7001
Description = Windows Image Acquisition (WIA) サービスは、次のエラーが原因で開始できなかった Shell Hardware
Detection サービスに依存しています: %%1058

Error - 2015/06/13 11:52:41 | Computer Name = kita-PC | Source = Service Control Manager | ID = 7009
Description = Razer Game Scanner サービスの接続を待機中にタイムアウト (30000 ミリ秒) になりました。

Error - 2015/06/13 11:52:41 | Computer Name = kita-PC | Source = Service Control Manager | ID = 7000
Description = Razer Game Scanner サービスを、次のエラーが原因で開始できませんでした: %%1053

Error - 2015/06/13 11:52:43 | Computer Name = kita-PC | Source = Service Control Manager | ID = 7001
Description = Windows Image Acquisition (WIA) サービスは、次のエラーが原因で開始できなかった Shell Hardware
Detection サービスに依存しています: %%1058

Error - 2015/06/13 12:00:11 | Computer Name = kita-PC | Source = DCOM | ID = 10010
Description =

Error - 2015/06/13 12:15:10 | Computer Name = kita-PC | Source = Service Control Manager | ID = 7001
Description = Windows Image Acquisition (WIA) サービスは、次のエラーが原因で開始できなかった Shell Hardware
Detection サービスに依存しています: %%1058


< End of report >
  • はちみつ
  • 2015/06/14 (Sun) 03:23:23
返信フォームへ 
リカバリも可能ということですね
おはようございます。
OTLスキャンログを見せていただきました。

最悪リカバリでの対処も可能ということですね。
ではその準備もしておいてください。

それでは今度はOTLでの処置にかかります。
このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 51 78 DD 4C B4 CE 01 [binary data]
IE - HKU\S-1-5-21-2496508845-3908087860-442368213-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: No name found = C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

:Files
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
  • 悪代官
  • 2015/06/14 (Sun) 09:11:04
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
指示の通りに作業を進め、様子を見ましたが感じられる変化はありません
ノートンの攻撃検知も止まったままです

OTLのログは以下の通りです

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
File move failed. C:\Windows\SysWOW64\ieframe.dll scheduled to be moved on reboot.
HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2496508845-3908087860-442368213-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2496508845-3908087860-442368213-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
File move failed. C:\Windows\SysWOW64\ieframe.dll scheduled to be moved on reboot.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\_metadata folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\images folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0 folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_platform_specific\x86-64_ja folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_platform_specific folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\_metadata folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\audio folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0 folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0\_metadata folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0 folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\_metadata folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\_locales\en folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\_locales folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\RedirectPages folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\images\Widgets folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\images\StatusButton folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\images\SafeBrowse folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\images folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\IdentitySafe folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0 folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419 folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css folder moved successfully.
C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0 folder moved successfully.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File eaterestorepoint] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 06142015_135023

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\ieframe.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


よろしくお願いします
  • はちみつ
  • 2015/06/14 (Sun) 16:07:39
返信フォームへ 
ここでログから全体の再確認です
作業と報告、ご苦労様です。

>指示の通りに作業を進め、様子を見ましたが感じられる変化はありません
>ノートンの攻撃検知も止まったままです

異常も沈静化しているようですね。
ログを見たところ、OTLで処置できるものも処置できたようです。
それではOTLも準備時の説明に従って片付けてください。

ではここで一度ログから全体の再確認しましょう。
またCCで「コンテキストメニュー」を含む各タブのログとインストール情報ログとHJTログを取り直して、それらをレスで見せてください
  • 悪代官
  • 2015/06/14 (Sun) 18:04:02
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
ログをとってきました
まずはインストール情報ログから

Adobe Flash Player 18 ActiveX Adobe Systems Incorporated 2015/06/14 17.0 MB 18.0.0.160
Adobe Reader XI (11.0.11) - Japanese 2015/06/08
Alliance of Valiant Arms 株式会社ゲームオン 2015/06/14 13028096
Battlefield 4™ Electronic Arts 2015/06/14 24.7 GB 1.0.0.1
Battlelog Web Plugins EA Digital Illusions CE AB 2015/06/14 2.3.0
CCleaner Piriform 2015/06/07 5.06
Combined Community Codec Pack 2013-08-01 CCCP Project 2013/09/23 30.0 MB 2013.08.01.0
Common GameOn 2015/06/14 36752112
Creative Media Toolbox 6 Creative Technology Limited 2015/06/14 6.02
Creative Media Toolbox 6 (Shared Components) Creative Labs 2015/06/14 2.80.12
CyberLink Media Suite 10 CyberLink Corp. 2015/06/14 191 MB 10.0
Dolby Digital Liveパック Creative Technology Limited 2015/06/14 3.03
Dxtory バージョン 2.0.123 ExKode Co. Ltd. 2013/09/19 33.9 MB 2.0.123
ESN Sonar ESN Social Software AB 2015/06/14 0.70.4
Google Chrome Google Inc. 2015/04/05 43.0.2357.124
Google Toolbar for Internet Explorer Google Inc. 2015/06/14 7.5.6227.252
Intel(R) Control Center Intel Corporation 2013/09/16 1.2.1.1011
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/09/16 54.8 MB 1.0.0.36702
Intel(R) Management Engine Components Intel Corporation 2013/09/16 9.0.0.1323
Intel(R) Network Connections 18.2.63.0 Intel 2013/09/16 27.0 MB 18.2.63.0
Intel(R) Rapid Storage Technology Intel Corporation 2013/09/16 12.6.0.1033
Intel(R) Smart Connect Technology 4.1 x64 Intel 2013/09/16 44.0 MB 4.1.40.2143
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2013/04/11 2.0.0.102
Jane Style Version 3.75 Jane, Inc. 2014/05/31 3.75
League of Legends Riot Games 2015/06/14 3.0.1
LINE LINE Corporation 2015/06/14 3.4.0.21
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/03/01 38.8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (日本語) Microsoft Corporation 2015/06/08 2.93 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2014/10/19 1.59 MB 4.0.40804.0
Microsoft Silverlight Microsoft Corporation 2015/06/08 50.7 MB 5.1.40416.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/10/12 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/09/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2014/12/21 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2013/09/24 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2013/10/13 786 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/06/14 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/06/14 17.3 MB 11.0.61030.0
Neffy 1,2,5,0 CDNetworks 2015/06/14 1,2,5,0
Norton Internet Security Symantec Corporation 2013/11/18 21.7.0.11
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/06 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
NVIDIA GeForce Experience 2.4.5.28 NVIDIA Corporation 2015/06/08 2.4.5.28
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/06 1.3.33.0
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2014/09/28 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
Origin Electronic Arts, Inc. 2015/06/14 9.3.11.2762
osu! peppy 2013/09/19 149 MB 0.0.0.0
PHANTASY STAR ONLINE 2 SEGA 2014/01/25 7.51 MB
Pmangインストールマネージャー GameOn,Pmang 2015/06/14 1.0.1.1
PunkBuster Services Even Balance, Inc. 2015/06/14 0.993
Razer Synapse Razer Inc. 2015/06/08 9.20 MB 1.18.21.26027
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/09/16 6.0.1.6873
Skype Click to Call Microsoft Corporation 2015/05/31 9.94 MB 7.4.0.9058
Skype(TM) 7.5 Skype Technologies S.A. 2015/06/08 79.1 MB 7.5.102
Sound Blaster Z-Series Creative Technology Limited 2013/09/16 143 MB 1.00.05
Sound Blaster Z-Series Extras Creative Technology Limited 2015/06/14 1.0
SteelSeries Engine 3.3.7.1 SteelSeries ApS 2015/06/08 3.3.7.1
TeamSpeak 3 Client TeamSpeak Systems GmbH 2014/01/16 3.0.13.1
Unity Web Player Unity Technologies ApS 2014/02/05 12.0 MB
Visual Basic 6.0 ランタイム SP6 for TTSneo ゆうと 2014/02/11 2.73 MB 1.0.0.0
VoiceChat GameOn 2015/06/14 32972600
WavePad 音声編集ソフト NCH Software 2015/06/14 5.71
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) Microsoft 2015/06/08 08/13/2009 2.1.0.1349
Windows Live Essentials Microsoft Corporation 2013/10/12 16.4.3508.0205


windowsログ

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
無効 HKCU:Run Overwolf C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
有効 HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
無効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
有効 HKLM:Run IAStorIcon Intel Corporation "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
有効 HKLM:Run IMSS Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
無効 HKLM:Run LogMeIn Hamachi Ui "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
無効 HKLM:Run Nvtmru "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
無効 HKLM:Run Razer Synapse Razer Inc. "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
無効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
有効 HKLM:Run Sound Blaster Z-Series Control Panel Creative Technology Ltd "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
有効 HKLM:Run UpdReg Creative Technology Ltd. C:\Windows\UpdReg.EXE
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 Startup Common iSCTsysTray.lnk Intel Corporation C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
有効 Startup Common SteelSeries Engine 3.lnk SteelSeries ApS C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe


IEログ

有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
無効 Helper Google Toolbar Helper Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
無効 Helper Google Toolbar Helper Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
有効 Helper Microsoft アカウント サインイン ヘルパー Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
無効 Helper Norton Identity Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
無効 Helper Norton Identity Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll
無効 Helper Norton Vulnerability Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL
無効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
有効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
無効 Toolbar Google Toolbar Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
無効 Toolbar Google Toolbar Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
無効 Toolbar Norton Toolbar Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
無効 Toolbar Norton Toolbar Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll

firefoxログ

無効 Extension Norton Toolbar 2014.7.12.14 Symantec Corporation default C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
有効 Plugin 3.0.72.0 Intel Corporation default C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin 3.0.72.0 Intel Corporation default C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
有効 Plugin Adobe Acrobat 11.0.11.18 default C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin Battlelog Game Launcher 2.3.2.0 EA Digital Illusions CE AB default C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
有効 Plugin ESN Launch Mozilla Plugin 2.3.0.0 ESN Social Software AB default C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
有効 Plugin ESN Sonar API 0.70.4.0 ESN Social Software AB default C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
有効 Plugin Google Update 1.3.24.15 default C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
有効 Plugin NVIDIA 3D Vision 7.17.13.4752 NVIDIA Corporation default C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
有効 Plugin NVIDIA 3D VISION 7.17.13.4752 NVIDIA Corporation default C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
有効 Plugin Photo Gallery 16.4.3508.205 Microsoft Corporation default C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin pmangdiagnostic 1.0.0.1 gameon default C:\GameOn\Common files\nppmangdiagnostic.dll
有効 Plugin pmangsupport 1.0.0.1 gameon default C:\GameOn\Common files\nppmangsupport.dll
有効 Plugin pmangvoicechat 1.0.0.1 gameon default C:\GameOn\VoiceChat\nppmangvoicechat_0.dll
有効 Plugin Unity Player 4.3.5.32006 Unity Technologies ApS default C:\Users\Norden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

chrome ログ

有効 App Gmail 8.1 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google Search 0.0.0.30 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0
有効 App Google ドライブ 6.4 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0
有効 App YouTube 4.2.7 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0
有効 Extension Google ドキュメント 0.7 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0
無効 Extension Norton Identity Safe 1.0.5 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0
無効 Extension Norton Security Toolbar 2014.7.6.17 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0
無効 Extension Skype Click to Call 7.4.0.9058 最初のユーザー C:\Users\Norden\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.4.0.9058_0


タスクログ

有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
有効 Task {0C8041F3-1536-4168-966D-67F5BF13E387} LINE Corporation C:\Program Files (x86)\Naver\LINE\Line.exe
有効 Task {9C5FD40C-CA3F-46E3-94C7-47D5B13CED71} LINE Corporation C:\Program Files (x86)\Naver\LINE\Line.exe


コンテキストメニューログ
有効 Drive ShExplzh64
有効 Drive Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\NavShExt.dll"
有効 File Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\NavShExt.dll"
有効 Folder ShExplzh64
有効 Folder Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\NavShExt.dll"


HJTログ
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:20:13, on 2015/06/14
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
E:\悪代官様\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: iSCTsysTray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6}
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CyberLink Product - 2013/09/16 15:12:59 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Sound Blaster Audio Service (CtHdaSvc) - Creative Technology Ltd - C:\Windows\sysWow64\CtHdaSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12946 bytes

以上になります
よろしくお願いします
  • はちみつ
  • 2015/06/14 (Sun) 22:22:20
返信フォームへ 
Adobe更新と、HJTで少し処置を
作業と報告、ご苦労様です。
何とか回線が復旧したようなのでレスに来ました。

ログも見せていただきましたが、まだ少し問題点は残っているので、また説明を読んでから作業をお願いします。

下記がまだ最新版になってないので、これはGUを使って一度アンインストールしてください。
>Adobe Reader XI (11.0.11) - Japanese 2015/06/08

削除後に一度PC再起動後、ディスククリーンアップしてから、Adobe公式サイトに行って同アプリの最新版を再インストールしてみてください。
これで最新になるはずです。

次にまたセーフモードでHJTでスキャンして、表示された中の下記をfixしてください。
>R3 - Default URLSearchHook is missing

ここまでできたらまたPC再起動後、HJTとインストール情報のログだけ取り直して、それをまたレスください
  • 悪代官
  • 2015/06/15 (Mon) 06:38:17
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
GUでAdobe Reader XI (11.0.11) - Japanese 2015/06/08  をアンインストールしようとしたのですが
GUを起動しても見当たりませんでした
CCでなら確認できるのですが
この場合はどうすればよろしいでしょうか

取得したログは以下のとおりです

HJT ログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:23:27, on 2015/06/16
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
E:\悪代官様\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: iSCTsysTray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CyberLink Product - 2013/09/16 15:12:59 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Sound Blaster Audio Service (CtHdaSvc) - Creative Technology Ltd - C:\Windows\sysWow64\CtHdaSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11103 bytes

インストール情報 ログ

Adobe Flash Player 18 ActiveX Adobe Systems Incorporated 2015/06/14 17.0 MB 18.0.0.160
Adobe Reader XI (11.0.11) - Japanese 2015/06/08
Alliance of Valiant Arms 株式会社ゲームオン 2015/06/14 13028096
Battlefield 4™ Electronic Arts 2015/06/14 24.7 GB 1.0.0.1
Battlelog Web Plugins EA Digital Illusions CE AB 2015/06/14 2.3.0
CCleaner Piriform 2015/06/07 5.06
Combined Community Codec Pack 2013-08-01 CCCP Project 2013/09/23 30.0 MB 2013.08.01.0
Common GameOn 2015/06/14 36752112
Creative Media Toolbox 6 Creative Technology Limited 2015/06/14 6.02
Creative Media Toolbox 6 (Shared Components) Creative Labs 2015/06/14 2.80.12
CyberLink Media Suite 10 CyberLink Corp. 2015/06/14 191 MB 10.0
Dolby Digital Liveパック Creative Technology Limited 2015/06/14 3.03
Dxtory バージョン 2.0.123 ExKode Co. Ltd. 2013/09/19 33.9 MB 2.0.123
ESN Sonar ESN Social Software AB 2015/06/14 0.70.4
Google Chrome Google Inc. 2015/04/05 43.0.2357.124
Google Toolbar for Internet Explorer Google Inc. 2015/06/14 7.5.6227.252
Intel(R) Control Center Intel Corporation 2013/09/16 1.2.1.1011
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/09/16 54.8 MB 1.0.0.36702
Intel(R) Management Engine Components Intel Corporation 2013/09/16 9.0.0.1323
Intel(R) Network Connections 18.2.63.0 Intel 2013/09/16 27.0 MB 18.2.63.0
Intel(R) Rapid Storage Technology Intel Corporation 2013/09/16 12.6.0.1033
Intel(R) Smart Connect Technology 4.1 x64 Intel 2013/09/16 44.0 MB 4.1.40.2143
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2013/04/11 2.0.0.102
Jane Style Version 3.75 Jane, Inc. 2014/05/31 3.75
League of Legends Riot Games 2015/06/14 3.0.1
LINE LINE Corporation 2015/06/14 3.4.0.21
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/03/01 38.8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (日本語) Microsoft Corporation 2015/06/08 2.93 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2014/10/19 1.59 MB 4.0.40804.0
Microsoft Silverlight Microsoft Corporation 2015/06/08 50.7 MB 5.1.40416.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/10/12 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/09/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2014/12/21 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2013/09/24 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2013/10/13 786 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/06/14 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/06/14 17.3 MB 11.0.61030.0
Neffy 1,2,5,0 CDNetworks 2015/06/14 1,2,5,0
Norton Internet Security Symantec Corporation 2013/11/18 21.7.0.11
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/06 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
NVIDIA GeForce Experience 2.4.5.28 NVIDIA Corporation 2015/06/08 2.4.5.28
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/06 1.3.33.0
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2014/09/28 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
Origin Electronic Arts, Inc. 2015/06/14 9.3.11.2762
osu! peppy 2013/09/19 149 MB 0.0.0.0
PHANTASY STAR ONLINE 2 SEGA 2014/01/25 7.51 MB
Pmangインストールマネージャー GameOn,Pmang 2015/06/14 1.0.1.1
PunkBuster Services Even Balance, Inc. 2015/06/14 0.993
Razer Synapse Razer Inc. 2015/06/08 9.20 MB 1.18.21.26027
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/09/16 6.0.1.6873
Skype Click to Call Microsoft Corporation 2015/05/31 9.94 MB 7.4.0.9058
Skype(TM) 7.5 Skype Technologies S.A. 2015/06/08 79.1 MB 7.5.102
Sound Blaster Z-Series Creative Technology Limited 2013/09/16 143 MB 1.00.05
Sound Blaster Z-Series Extras Creative Technology Limited 2015/06/14 1.0
SteelSeries Engine 3.3.7.1 SteelSeries ApS 2015/06/08 3.3.7.1
TeamSpeak 3 Client TeamSpeak Systems GmbH 2014/01/16 3.0.13.1
Unity Web Player Unity Technologies ApS 2014/02/05 12.0 MB
Visual Basic 6.0 ランタイム SP6 for TTSneo ゆうと 2014/02/11 2.73 MB 1.0.0.0
VoiceChat GameOn 2015/06/14 32972600
WavePad 音声編集ソフト NCH Software 2015/06/14 5.71
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) Microsoft 2015/06/08 08/13/2009 2.1.0.1349
Windows Live Essentials Microsoft Corporation 2013/10/12 16.4.3508.0205

よろしくお願いします
  • はちみつ
  • 2015/06/16 (Tue) 01:29:17
返信フォームへ 
手動でAdobeのDLを
作業と報告、ご苦労様です。

>GUでAdobe Reader XI (11.0.11) - Japanese 2015/06/08  をアンインストールしようとしたのですが
>GUを起動しても見当たりませんでした
>CCでなら確認できるのですが

はい、わかりました。
また削除不全バグが出たようですね。
ではとりあえずこれは置いといて次の作業をお願いします。

まずAdobeサイトの下記のページにアクセスしてください。
https://get.adobe.com/jp/reader/otherversions/

そこで「オペレーティングシステム選択」で「Winodws7」を、次の「言語」で日本語を選択して、その下の「バージョン選択」で「Reader DC 2015」を選択してから、それをダウンロードとインストールしてください。

このバージョンが現在のARの最新版で、以前とはアプリ名自体も改称されています。

これができたらまたCCでインストール情報ログだけ取り直して、それをレスで見せてください。
ですがこのバージョンのインストールもできないときは無理に進めず、そのことをレスで教えてください
  • 悪代官
  • 2015/06/16 (Tue) 21:49:31
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
指示通りにインストールを進めたのですが
新しいバージョンはインストール済みですと表示され
インストールできませんでした
  • はちみつ
  • 2015/06/18 (Thu) 00:39:11
返信フォームへ 
pdfアプリの入れ替えを
おはようございます。

>指示通りにインストールを進めたのですが
>新しいバージョンはインストール済みですと表示され
>インストールできませんでした

はい、いよいよ更新不全と削除不全がひどくなったみたいですね。
では別の角度から対処しますか。

下記のサイトで説明しているpdfアプリをダウンロードしてください。
「PDF-XChange Viewer」
http://www.forest.impress.co.jp/library/software/pdfxchange/

これはAdobe Readerよりも動作が軽く、脆弱性更新も高いとされるpdfアプリです。

サイト説明を読んだらアプリをインストールしてから、それを規定のpdfアプリに設定しておいてください。

これができたらAdobe Reader XI (11.0.11)のほうはGUを使ってアンインストールしていいです。

このあとまたCCでインストール情報ログだけ取り直して、それをレスで見せてください
  • 悪代官
  • 2015/06/18 (Thu) 07:59:58
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
Adobe Reader XI (11.0.11)についてなのですが
CCのインストール情報では表示されるのですがGUでは表示されません
どうすればよろしいでしょうか?
  • はちみつ
  • 2015/06/18 (Thu) 23:56:49
返信フォームへ 
再度CCから「エントリの削除」を
おはようございます。

>Adobe Reader XI (11.0.11)についてなのですが
>CCのインストール情報では表示されるのですがGUでは表示されません

なるほど、やはりですね。
その状態ならアプリ自体は既に削除されています。
わずかに残った残骸にCCだけが反応して、そのアプリ名も消えずに張り付いている状態です。
では一応CCのインストール情報画面を開いて、Adobe Readerを「エントリの削除」してみてください。
これで残骸も消えればいいのですが、消えないときは無理に進めずそこでキャンセルしていいです。

PDF-XChange Viewerのインストールもできていれば、またインストール情報ログを取り直して、それをレスください
  • 悪代官
  • 2015/06/19 (Fri) 06:41:19
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
エントリの削除をしようとしたのですが
MSIインストーラーは削除できませんと表示されてしまい進めることができませんでした。

取得したログは以下の通りです

Adobe Flash Player 18 ActiveX Adobe Systems Incorporated 2015/06/14 17.0 MB 18.0.0.160
Adobe Reader XI (11.0.11) - Japanese 2015/06/08
Alliance of Valiant Arms 株式会社ゲームオン 2015/06/14 13028096
Battlefield 4™ Electronic Arts 2015/06/14 24.7 GB 1.0.0.1
Battlelog Web Plugins EA Digital Illusions CE AB 2015/06/14 2.3.0
CCleaner Piriform 2015/06/07 5.06
Combined Community Codec Pack 2013-08-01 CCCP Project 2013/09/23 30.0 MB 2013.08.01.0
Common GameOn 2015/06/14 36752112
Creative Media Toolbox 6 Creative Technology Limited 2015/06/14 6.02
Creative Media Toolbox 6 (Shared Components) Creative Labs 2015/06/14 2.80.12
CyberLink Media Suite 10 CyberLink Corp. 2015/06/14 191 MB 10.0
Dolby Digital Liveパック Creative Technology Limited 2015/06/14 3.03
Dxtory バージョン 2.0.123 ExKode Co. Ltd. 2013/09/19 33.9 MB 2.0.123
ESN Sonar ESN Social Software AB 2015/06/14 0.70.4
Google Chrome Google Inc. 2015/04/05 43.0.2357.124
Google Toolbar for Internet Explorer Google Inc. 2015/06/14 7.5.6227.252
Intel(R) Control Center Intel Corporation 2013/09/16 1.2.1.1011
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/09/16 54.8 MB 1.0.0.36702
Intel(R) Management Engine Components Intel Corporation 2013/09/16 9.0.0.1323
Intel(R) Network Connections 18.2.63.0 Intel 2013/09/16 27.0 MB 18.2.63.0
Intel(R) Rapid Storage Technology Intel Corporation 2013/09/16 12.6.0.1033
Intel(R) Smart Connect Technology 4.1 x64 Intel 2013/09/16 44.0 MB 4.1.40.2143
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2013/04/11 2.0.0.102
Jane Style Version 3.75 Jane, Inc. 2014/05/31 3.75
League of Legends Riot Games 2015/06/14 3.0.1
LINE LINE Corporation 2015/06/14 3.4.0.21
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/03/01 38.8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (日本語) Microsoft Corporation 2015/06/08 2.93 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2014/10/19 1.59 MB 4.0.40804.0
Microsoft Silverlight Microsoft Corporation 2015/06/08 50.7 MB 5.1.40416.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/10/12 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/09/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2014/12/21 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2013/09/24 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2013/10/13 786 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2013/09/16 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/06/14 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/06/14 17.3 MB 11.0.61030.0
Neffy 1,2,5,0 CDNetworks 2015/06/14 1,2,5,0
Norton Internet Security Symantec Corporation 2013/11/18 21.7.0.11
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/06 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
NVIDIA GeForce Experience 2.4.5.28 NVIDIA Corporation 2015/06/08 2.4.5.28
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/06 1.3.33.0
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2014/09/28 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/06 347.52
Origin Electronic Arts, Inc. 2015/06/14 9.3.11.2762
osu! peppy 2013/09/19 149 MB 0.0.0.0
PDF-Viewer Tracker Software Products Ltd 2015/06/18 58.6 MB 2.5.313.0
PHANTASY STAR ONLINE 2 SEGA 2014/01/25 7.51 MB
Pmangインストールマネージャー GameOn,Pmang 2015/06/14 1.0.1.1
PunkBuster Services Even Balance, Inc. 2015/06/14 0.993
Razer Synapse Razer Inc. 2015/06/08 9.20 MB 1.18.21.26027
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/09/16 6.0.1.6873
Skype Click to Call Microsoft Corporation 2015/05/31 9.94 MB 7.4.0.9058
Skype(TM) 7.5 Skype Technologies S.A. 2015/06/08 79.1 MB 7.5.102
Sound Blaster Z-Series Creative Technology Limited 2013/09/16 143 MB 1.00.05
Sound Blaster Z-Series Extras Creative Technology Limited 2015/06/14 1.0
SteelSeries Engine 3.3.7.1 SteelSeries ApS 2015/06/08 3.3.7.1
TeamSpeak 3 Client TeamSpeak Systems GmbH 2014/01/16 3.0.13.1
Unity Web Player Unity Technologies ApS 2014/02/05 12.0 MB
Visual Basic 6.0 ランタイム SP6 for TTSneo ゆうと 2014/02/11 2.73 MB 1.0.0.0
VoiceChat GameOn 2015/06/14 32972600
WavePad 音声編集ソフト NCH Software 2015/06/14 5.71
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) Microsoft 2015/06/08 08/13/2009 2.1.0.1349
Windows Live Essentials Microsoft Corporation 2013/10/12 16.4.3508.0205

よろしくお願いします
  • はちみつ
  • 2015/06/20 (Sat) 00:22:41
返信フォームへ 
回線障害中につきレスが遅れてます
レスが遅くなってすみません。
現在【また】うちの回線障害発生中で、掲示板へのレスも閲覧もままならない状態です。
何とかつながっている間に可能な分だけでもレスしましょう。

>エントリの削除をしようとしたのですが
>MSIインストーラーは削除できませんと表示されてしまい進めることができませんでした。

はい、ではそこはスルーしていいです。

それと確認ですが、CCのインストール情報ではAdobeが表示されているのにGUでは出ないとのことですが、コントロールパネルには表示されてますか?
コンパネにも表示されてなければそのアプリはもう削除されている状態になります。
なのでこの場合はAdobeの強制削除も不要です。
前述の作業でも削除できないのはそれが原因です。

これの確認結果を見たうえで次の対応しましょう
  • 悪代官
  • 2015/06/20 (Sat) 22:55:30
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
確認してみましたが、コントロールパネルにも表示されていませんでした
ノートンの攻撃検知も止まったままです
  • はちみつ
  • 2015/06/21 (Sun) 15:45:57
返信フォームへ 
Skype更新もしておいてください
レスが遅くなってすみません。

>確認してみましたが、コントロールパネルにも表示されていませんでした
>ノートンの攻撃検知も止まったままです

はい、ではやはりアプリ自体は既に消えているのでいいです。
ノートンでの検出もなくなっているならそれもいいでしょう。

pdfファイルの使用についてはPDF-Viewerがあるので、これをpdf閲覧に使えばいいですが、そのアプリが使いにくいようならレスで教えてください。
その場合は別のpdfアプリを案内してもいいです。

それと、下記も最新版がリリースされたようなので更新しておいてください。
>Skype(TM) 7.5 Skype Technologies S.A. 2015/06/08 79.1 MB 7.5.102

更新できたらその結果と、pdfアプリの使用の可否をレスください
  • 悪代官
  • 2015/06/21 (Sun) 21:05:56
返信フォームへ 
新しい攻撃を検知しました
PDF-Viewerは特に問題なく使えてます
使い勝手に問題は感じません
skypeの更新もすませました

また、PCを使用しているとWeb Attack: Angler Exploit Kit Website6という警告名の攻撃をノートンが感知しました
1回しか見ていないのですが、まだ何か残っているということでしょうか

よろしくお願いします
  • はちみつ
  • 2015/06/23 (Tue) 00:03:03
返信フォームへ 
MBAMでも再スキャンを
おはようございます。

pdfアプリの使い勝手はいいみたいですね。
Skypeも更新したならいいです。

ノートンでWeb Attack: Angler Exploit Kit Website6の検出があったということですね。
これが一度だけの物か、その後も続くかによっても大きく対応が変わりそうです。
とりあえずMBAMとACを再度用意してから、それで先の要領でまたスキャンしてみてください。

スキャンで検出があったらそれを処置後、その後の状態報告と結果ログをレスください
  • 悪代官
  • 2015/06/23 (Tue) 08:20:58
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
返信遅くなってしまい申し訳ありません
再スキャンを行いましたがACのみ検出がありました
ノートンの攻撃の検出は今の所ないです

ログは以下の通りです

# AdwCleaner v4.207 - ログファイルの作成日 25/06/2015 作成時間 23:50:05
# 更新日 21/06/2015 作成元 Xplode
# データベース : 2015-06-21.1 [ローカル]
# オペレーティングシステム : Windows 7 Home Premium Service Pack 1 (x64)
# ユーザー名 : Norden - KITA-PC
# 実行場所 : E:\悪代官様\AdwCleaner.exe
# オプション : 削除

***** [ サービス ] *****


***** [ ファイル / フォルダ ] *****

フォルダ 削除済み項目 : C:\ProgramData\SaverPro

***** [ スケジュールタスク ] *****


***** [ ショートカット ] *****


***** [ レジストリ ] *****

キー 削除済み項目 : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
キー 削除済み項目 : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Webブラウザ ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [1000 bytes] - [25/06/2015 23:49:13]
AdwCleaner[S0].txt - [919 bytes] - [25/06/2015 23:50:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [977 bytes] ##########

よろしくお願いします
  • はちみつ
  • 2015/06/26 (Fri) 00:50:03
返信フォームへ 
今夜も遅くなりました
いつもながらレスが遅くなってすみません。
まあ人生が手遅れなのでこれが芸風とでも思ってください(謎

>ノートンの攻撃の検出は今の所ないです

はい、ACではレジストリだけ少し検出あったようですがそれも掃除したならいいでしょう。

ではノートンの検出がこのあと再発するかしないかが最後のヤマになりそうですね。

お手数ですが再検出が出ないなら、あと1週間様子見をお願いします。
悪玉が復活する場合は大体1週間を区切りにスケジュールに食い込んでいることが多いので、この1週間で再発も出なければ今度は治まりそうです。

再発が出たなら1週待たなくていいのでそこでレスをお願いします
  • 悪代官
  • 2015/06/26 (Fri) 20:54:23
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
返信遅くなってしまってすみません
最近忙しくて(テストとかテストとかテストとか)完全に忘れておりました
ただ、忘れてしまう程には平和なものであれ以来検知はありません
  • はちみつ
  • 2015/07/16 (Thu) 00:22:03
返信フォームへ 
あとはそのPCを大事に使ってあげてください
おはようございます。

その後は再度の検出はないようですね。
どうやら片付いたみたいですね。

では作業に使ったツール類は準備時の説明に従って片付けてください。

他に異常も出てなければ何とか終了ですね。
あとは以後の再被害を防ぐための自衛も怠りなく。
ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

このところ他の相談者さん環境でもノートンの誤検出やバグらしき症状が連発しています。
本来は高性能と評価されていたノートンがどうしたんでしょうかね。
ですが高性能なセキュリティソフトほど過剰反応による誤検出が多くなるのも常です。
どのセキュリティソフトを使うにしても検出されたものを慌ててすぐに削除するのでなく、それが本当に危険なものか誤検出かを見極めてから判断しましょう。

バイトで苦労して買ったPCを大事に使いながら、以後はわかる範囲からでもひとつずつPC環境とセキュリティ意識を再構築していってください。

慣れない作業を頑張ってくれてお疲れ様でした。
以後は安全で快適なPCライフを
  • 悪代官
  • 2015/07/16 (Thu) 07:10:02
返信フォームへ 
Re: System Infected: Trojan Bedep Activity 2 他2つ
いろいろありがとうございました
今後はセキュリティ意識をしっかりと持ち、大切に扱っていこうと思います
  • はちみつ
  • 2015/07/17 (Fri) 00:22:21
返信フォームへ 

返信フォーム
プレビュー (投稿前に内容を確認)
  
Template by  マシマロック