悪代官の伏魔殿掲示板
マルウェア感染
初めまして。悪代官の伏魔殿別館様より現在はこちらへ相談をと書かれていたので
お忙しいと思いますが、お力をお貸し頂けたらと思い、こちらでご相談させていただきました。

先月より、ごくたまに特定のサイトに勝手に飛んでしまう状態が起きるようになりました。
adwcleanerを使い様子を見ていたのですが、症状はそのままでした。
現在ブラウザはChromeを使用しています。

以下ログです

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:59:19, on 2016/04/01
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTTW\StartUpToolN\StartUpTool_w.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\atsuko\Desktop\たいさく\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 2001:d70:100:0003::80 nc27web40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::80 nc27web50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::80 nc27web60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::80 nc27web70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::80 nc27web80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::80 nc27web90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::80 nc27webf0.w14.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::5060 nc27scc40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::5060 nc27scc50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::5060 nc27scc60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::5060 nc27scc70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::5060 nc27scc80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::5060 nc27scc90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::5060 nc27sccf0.w14.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::5061 nc27imc40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::1:5061 nc27imc41.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::5061 nc27imc50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::1:5061 nc27imc51.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::5061 nc27imc60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::1:5061 nc27imc61.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::5061 nc27imc70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::1:5061 nc27imc71.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::5061 nc27imc80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::1:5061 nc27imc81.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::5061 nc27imc90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::1:5061 nc27imc91.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::5061 nc27imcf0.w14.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::1:5061 nc27imcf1.w14.v2.fletsnet.com # CommunicationTool
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: Windows Live ID サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NTTW_OSA_AUS] "C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe" -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: スタートアップツール.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {4D8DD706-6972-460D-A51B-EB7F7687E450} (ActiveMpp Class) - http://muji.livingstyle.jp/sim/dfls//3dx/ActiveMPP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\Security\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.5 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13614 bytes


ccのログです

Acer Backup Manager NTI Corporation 2012/04/16 337 MB 3.0.0.100
Acer Crystal Eye Webcam CyberLink Corp. 2012/05/16 41.3 MB 1.5.2108.00
Acer ePower Management Acer Incorporated 2012/05/16 6.00.3010
Acer eRecovery Management Acer Incorporated 2012/04/16 5.00.3507
Acer Instant Update Service Acer Incorporated 2012/04/16 9.42 MB 1.00.3004
Acer Registration Acer Incorporated 2012/05/16 1.04.3506
Acer ScreenSaver Acer Incorporated 2012/05/16 20.11.1107.1418
Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2015/10/30 208 MB 15.009.20069
Adobe Flash Player 14 Plugin Adobe Systems Incorporated 2014/06/14 6.00 MB 14.0.0.125
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2016/03/01 17.6 MB 20.0.0.306
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 2012/09/28 11.6.7.637
Apple Application Support(32 ビット) Apple Inc. 2016/03/27 117 MB 4.3
Apple Application Support(64 ビット) Apple Inc. 2016/03/27 131 MB 4.3
Apple Mobile Device Support Apple Inc. 2016/03/27 28.5 MB 9.3.0.15
Apple Software Update Apple Inc. 2016/03/10 2.69 MB 2.2.0.150
Bonjour Apple Inc. 2015/09/22 2.01 MB 3.1.0.1
Broadcom Card Reader Driver Installer Broadcom Corporation 2012/09/16 2.76 MB 15.0.7.2
Broadcom NetLink Controller Broadcom Corporation 2012/05/16 524 KB 15.0.7.1
Broadcom Wireless Utility Broadcom Corporation 2012/05/16 5.100.82.120
CCleaner Piriform 2016/04/01 5.16
Dolby Home Theater v4 Dolby Laboratories Inc 2012/05/16 28.0 MB 7.2.7000.7
ETDWare PS/2-X64 10.6.9.9_WHQL ELAN Microelectronic Corp. 2012/05/16 10.6.9.9
Google Chrome Google Inc. 2013/04/05 49.0.2623.110
iCloud Apple Inc. 2015/12/10 119 MB 5.1.0.34
Identity Card Acer Incorporated 2012/05/16 1.00.3501
Intel(R) Control Center Intel Corporation 2012/05/16 1.2.1.1007
Intel(R) Management Engine Components Intel Corporation 2012/05/16 8.0.2.1410
Intel(R) OpenCL CPU Runtime Intel Corporation 2012/05/16
Intel(R) Processor Graphics Intel Corporation 2012/05/16 8.15.10.2653
Intel(R) Rapid Storage Technology Intel Corporation 2012/05/16 11.1.0.1006
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2012/05/16 1.0.4.220
Intel® Trusted Connect Service Client Intel Corporation 2012/05/16 10.6 MB 1.23.605.1
iTunes Apple Inc. 2016/03/27 215 MB 12.3.3.17
Launch Manager Acer Inc. 2012/05/16 5.1.15
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/02/13 38.8 MB 4.6.01055
Microsoft Silverlight Microsoft Corporation 2016/01/13 447 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2012/04/16 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2012/04/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2012/05/16 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2012/05/16 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/09/02 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 2012/04/16 608 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2012/04/16 586 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/05/16 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/09/02 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2012/09/02 25.6 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2012/09/02 12.1 MB 10.0.30319
MyWinLocker Suite Egis Technology Inc. 2012/04/16 2.63 MB 4.0.14.19
NTI Media Maker 9 NTI Corporation 2012/05/16 0.96 GB 9.0.2.9006
NTT西日本 リモートサポートツール 西日本電信電話株式会社 2013/12/26
QuickTime 7 Apple Inc. 2016/01/14 69.1 MB 7.79.80.95
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2012/05/16 6.0.1.6543
Skype(TM) 7.0 Skype Technologies S.A. 2015/04/15 47.9 MB 7.0.102
Welcome Center Acer Incorporated 2012/05/16 1.02.3507
WIDCOMM Bluetooth Software Broadcom Corporation 2012/05/16 289 MB 6.5.1.2610
Windows Live Essentials Microsoft Corporation 2012/04/16 15.4.3538.0513
インテル(R) ターボ・ブースト・テクノロジー・モニター 2.5 インテル 2012/05/16 13.2 MB 2.5.1.0
スタートアップツール 西日本電信電話株式会社 2014/04/24 2.61 MB 7.3
セキュリティ対策ツール 西日本電信電話株式会社 2015/05/24 450 MB 8.11
セキュリティ申込・設定ツール 西日本電信電話株式会社 2015/05/24 3.59 MB 7.2.0.8
診断復旧ツール 西日本電信電話株式会社 2014/05/31 12.5 MB
コミュニケーションツール 西日本電信電話株式会社 2012/09/12 30.6 MB 7.5.0000

宜しくお願いいたします。
  • ふさふさ野
  • 2016/04/01 (Fri) 15:12:26
まだ主因は見えませんね
こんばんは。
本館管理人の悪代官です。
別館での案内を見てこちらに来てくれたようですね。

説明とログを見せていただきました。

>adwcleanerを使い様子を見ていたのですが、症状はそのままでした

ACで自力対処もされたようですが、異常は消えてないとのことですか。
ログを見るとまだ主因らしいものは見えませんが、問題点は複数見えてます。
慎重に調べていきましょう。

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」(通称:GU)
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

最初にWindowsUpdateの確認して、必要な更新があればそれを全部更新してください。
ですがそこで更新ができないようならこの後に説明する作業はせずに更新失敗の旨をレスで教えてください。
WUが正常にできなくすることで、感染の解析処置を阻害してくる危険なマルウェアが激増しているためです。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

なお、Windows10への更新はユーザー自身がよほど必要でなければ非推奨です。
http://www.japan-secure.com/entry/Windows_Update_7.html
http://www.japan-secure.com/entry/how_to_suppress_the_free_upgrade_of_Windows_10.html

少なくとも下記のアプリは旧バージョンです。
Adobe Flash Player 14 Plugin Adobe Systems Incorporated 2014/06/14 6.00 MB 14.0.0.125

Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2016/03/01 17.6 MB 20.0.0.306

Skype(TM) 7.0 Skype Technologies S.A. 2015/04/15 47.9 MB 7.0.102

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

GUを使って下記をアンインストールしてください。
Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2015/10/30 208 MB 15.009.20069

Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2016/03/01 17.6 MB 20.0.0.306

pdfアプリが必要なら、下記を入れておくといいでしょう。
http://www.forest.impress.co.jp/library/software/pdfxchange/

次にスタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。

このCCの各ログで何か見つかるかが最初の鍵になりそうです
  • 悪代官
  • 2016/04/01 (Fri) 20:09:54
Re: マルウェア感染
お忙しい中、返信ありがとうございます。
症状は、もともと頻繁に起きていなかった為本日は今の所起きはいません。
早速ですがログの方貼らせて頂きます。

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:59:19, on 2016/04/01
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTTW\StartUpToolN\StartUpTool_w.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\atsuko\Desktop\たいさく\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 2001:d70:100:0003::80 nc27web40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::80 nc27web50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::80 nc27web60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::80 nc27web70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::80 nc27web80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::80 nc27web90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::80 nc27webf0.w14.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::5060 nc27scc40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::5060 nc27scc50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::5060 nc27scc60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::5060 nc27scc70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::5060 nc27scc80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::5060 nc27scc90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::5060 nc27sccf0.w14.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::5061 nc27imc40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::1:5061 nc27imc41.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::5061 nc27imc50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::1:5061 nc27imc51.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::5061 nc27imc60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::1:5061 nc27imc61.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::5061 nc27imc70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::1:5061 nc27imc71.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::5061 nc27imc80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::1:5061 nc27imc81.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::5061 nc27imc90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::1:5061 nc27imc91.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::5061 nc27imcf0.w14.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::1:5061 nc27imcf1.w14.v2.fletsnet.com # CommunicationTool
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: Windows Live ID サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NTTW_OSA_AUS] "C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe" -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: スタートアップツール.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {4D8DD706-6972-460D-A51B-EB7F7687E450} (ActiveMpp Class) - http://muji.livingstyle.jp/sim/dfls//3dx/ActiveMPP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\Security\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.5 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13614 bytes

ccログ

Acer Backup Manager NTI Corporation 2012/04/16 337 MB 3.0.0.100
Acer Crystal Eye Webcam CyberLink Corp. 2012/05/16 41.3 MB 1.5.2108.00
Acer ePower Management Acer Incorporated 2012/05/16 6.00.3010
Acer eRecovery Management Acer Incorporated 2012/04/16 5.00.3507
Acer Instant Update Service Acer Incorporated 2012/04/16 9.42 MB 1.00.3004
Acer Registration Acer Incorporated 2012/05/16 1.04.3506
Acer ScreenSaver Acer Incorporated 2012/05/16 20.11.1107.1418
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 2016/04/01 18.4 MB 21.0.0.197
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 2012/09/28 11.6.7.637
Apple Application Support(32 ビット) Apple Inc. 2016/03/27 117 MB 4.3
Apple Application Support(64 ビット) Apple Inc. 2016/03/27 131 MB 4.3
Apple Mobile Device Support Apple Inc. 2016/03/27 28.5 MB 9.3.0.15
Apple Software Update Apple Inc. 2016/03/10 2.69 MB 2.2.0.150
Bonjour Apple Inc. 2015/09/22 2.01 MB 3.1.0.1
Broadcom Card Reader Driver Installer Broadcom Corporation 2012/09/16 2.76 MB 15.0.7.2
Broadcom NetLink Controller Broadcom Corporation 2012/05/16 524 KB 15.0.7.1
Broadcom Wireless Utility Broadcom Corporation 2012/05/16 5.100.82.120
CCleaner Piriform 2016/04/01 5.16
Dolby Home Theater v4 Dolby Laboratories Inc 2012/05/16 28.0 MB 7.2.7000.7
ETDWare PS/2-X64 10.6.9.9_WHQL ELAN Microelectronic Corp. 2012/05/16 10.6.9.9
Google Chrome Google Inc. 2013/04/05 49.0.2623.110
iCloud Apple Inc. 2015/12/10 119 MB 5.1.0.34
Identity Card Acer Incorporated 2012/05/16 1.00.3501
Intel(R) Control Center Intel Corporation 2012/05/16 1.2.1.1007
Intel(R) Management Engine Components Intel Corporation 2012/05/16 8.0.2.1410
Intel(R) OpenCL CPU Runtime Intel Corporation 2012/05/16
Intel(R) Processor Graphics Intel Corporation 2012/05/16 8.15.10.2653
Intel(R) Rapid Storage Technology Intel Corporation 2012/05/16 11.1.0.1006
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2012/05/16 1.0.4.220
Intel® Trusted Connect Service Client Intel Corporation 2012/05/16 10.6 MB 1.23.605.1
iTunes Apple Inc. 2016/03/27 215 MB 12.3.3.17
Launch Manager Acer Inc. 2012/05/16 5.1.15
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/02/13 38.8 MB 4.6.01055
Microsoft Silverlight Microsoft Corporation 2016/01/13 447 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2012/04/16 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2012/04/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2012/05/16 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2012/05/16 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/09/02 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 2012/04/16 608 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2012/04/16 586 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/05/16 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/09/02 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2012/09/02 25.6 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2012/09/02 12.1 MB 10.0.30319
MyWinLocker Suite Egis Technology Inc. 2012/04/16 2.63 MB 4.0.14.19
NTI Media Maker 9 NTI Corporation 2012/05/16 0.96 GB 9.0.2.9006
NTT西日本 リモートサポートツール 西日本電信電話株式会社 2013/12/26
PDF-Viewer Tracker Software Products Ltd 2016/04/01 61.6 MB 2.5.317.0
QuickTime 7 Apple Inc. 2016/01/14 69.1 MB 7.79.80.95
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2012/05/16 6.0.1.6543
Welcome Center Acer Incorporated 2012/05/16 1.02.3507
WIDCOMM Bluetooth Software Broadcom Corporation 2012/05/16 289 MB 6.5.1.2610
Windows Live Essentials Microsoft Corporation 2012/04/16 15.4.3538.0513
インテル(R) ターボ・ブースト・テクノロジー・モニター 2.5 インテル 2012/05/16 13.2 MB 2.5.1.0
スタートアップツール 西日本電信電話株式会社 2014/04/24 2.61 MB 7.3
セキュリティ対策ツール 西日本電信電話株式会社 2015/05/24 450 MB 8.11
セキュリティ申込・設定ツール 西日本電信電話株式会社 2015/05/24 3.59 MB 7.2.0.8
診断復旧ツール 西日本電信電話株式会社 2014/05/31 12.5 MB
コミュニケーションツール 西日本電信電話株式会社 2012/09/12 30.6 MB 7.5.0000

ccの各ログ

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run BackupManagerTray NTI Corporation "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
有効 HKLM:Run Broadcom Wireless Manager UI Broadcom Corporation C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
有効 HKLM:Run Dolby Home Theater v4 Dolby Laboratories Inc. "C:\Dolby PCEE4\pcee4.exe" -autostart
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run InstantUpdate Acer Incorporated C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
有効 HKLM:Run IntelTBRunOnce Microsoft Corporation wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run LManager Dritek System Inc. C:\Program Files (x86)\Launch Manager\LManager.exe
有効 HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
有効 HKLM:Run NTTW_OSA_AUS 西日本電信電話株式会社 "C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe" -silent
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSessionAgent.exe" -StartUp
有効 HKLM:Run Power Management Acer Incorporated C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
有効 HKLM:Run RtHDVBg_Dolby Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SuiteTray Egis Technology Inc. "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
有効 Startup Common スタートアップツール.lnk C:\Windows\Installer\{A162AF3F-7908-44E1-A072-67FB887A9517}\_3B47FDE35444B41F912355.exe

有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task EgisUpdate Egis Technology Inc. "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task PMMUpdate Egis Technology Inc. "C:\Program Files\EgisTec IPS\PMMUpdate.exe"
有効 Task TrackerAutoUpdate Tracker Software Products (Canada) Ltd. C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
有効 Task UALU notificatin Acer Incorporated "C:\Program Files\Acer\Acer Updater\UALU.exe"

有効 File MWLIVShellExt Egis Technology Inc. C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll
有効 File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
有効 File ShredderContextMenu Egis Technology Inc. C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run BackupManagerTray NTI Corporation "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
有効 HKLM:Run Broadcom Wireless Manager UI Broadcom Corporation C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
有効 HKLM:Run Dolby Home Theater v4 Dolby Laboratories Inc. "C:\Dolby PCEE4\pcee4.exe" -autostart
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run InstantUpdate Acer Incorporated C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
有効 HKLM:Run IntelTBRunOnce Microsoft Corporation wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run LManager Dritek System Inc. C:\Program Files (x86)\Launch Manager\LManager.exe
有効 HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
有効 HKLM:Run NTTW_OSA_AUS 西日本電信電話株式会社 "C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe" -silent
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSessionAgent.exe" -StartUp
有効 HKLM:Run Power Management Acer Incorporated C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
有効 HKLM:Run RtHDVBg_Dolby Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SuiteTray Egis Technology Inc. "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
有効 Startup Common スタートアップツール.lnk C:\Windows\Installer\{A162AF3F-7908-44E1-A072-67FB887A9517}\_3B47FDE35444B41F912355.exe

有効 App Gmail 8.1 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google Search 0.0.0.60 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0
有効 App Google ドライブ 14.1 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
有効 App YouTube 4.2.8 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Gestures for Google Chrome™ 1.13.4 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0
無効 Extension Google オフライン ドキュメント 1.4 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0
無効 Extension Google ドキュメント 0.9 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
無効 Extension Trend ツールバー 9.0.0.1255 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf\9.0.0.1255_0
無効 Extension twitter画像原寸ボタン 2.0.5 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcomcgcopagkhcbmcmcfhpcmdolfijg\2.0.5_0
有効 Plugin Adobe Acrobat 10.1.6.1 最初のユーザー C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
有効 Plugin Browser Exploit Prevention 7.5.0.1115 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1115_0\nptmbep.dll
有効 Plugin Chrome PDF Viewer 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll
有効 Plugin Chrome Remote Desktop Viewer 最初のユーザー internal-remoting-viewer
有効 Plugin Google Update 1.3.21.135 最初のユーザー C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
有効 Plugin Intel® Identity Protection Technology 2.0.59.0 最初のユーザー C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin iTunes Application Detector 1.0.1.1 最初のユーザー C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Native Client 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll
有効 Plugin QuickTime Plug-in 7.7.3 7.7.3 (1680.64) 最初のユーザー C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
有効 Plugin Shockwave Flash 11.6.602.180 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll
有効 Plugin Shockwave for Director 11.6.7r637 最初のユーザー C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
有効 Plugin Silverlight Plug-In 5.1.20125.0 最初のユーザー c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
有効 Plugin Trend Micro Titanium 6.11.0.1149 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.11.0.1175_0\npToolbarChrome.dll
有効 Plugin Windows Live™ Photo Gallery 15.4.3538.0513_ship.wlx.w4m4 (ship) 最初のユーザー C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

宜しくお願いいたします。
  • ふさふさ野
  • 2016/04/02 (Sat) 00:27:34
CCのIEタブログもお願いします
作業と報告、ご苦労様です。

>症状は、もともと頻繁に起きていなかった為本日は今の所起きはいません。

なるほど、異常の頻度もそれほど多くはなかったようですか。

CCの各ログを見せてもらいましたが、「IE」タブのログだけ抜けているようなので、このログも追加で見せてください。
一つでも見落としがあると全体の解決できないことも多いので、これも見たうえで続きの対処に進みましょう。

焦らなくていいのでお時間ある時に作業とレスしてもらえばいいです
  • 悪代官
  • 2016/04/02 (Sat) 20:54:56
Re: マルウェア感染
抜け落ちていたようで、気づかず失礼しました。
落ち着いて作業をする事を心がけたいと思います。

以下IEログです。

有効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Extension 故障かな?と思ったら・・・ 西日本電信電話株式会社 C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll
有効 Helper Trend Micro IE Protection Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
有効 Helper Trend Micro IE Protection Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll
有効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll
有効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
有効 Helper Windows Live ID サインイン ヘルパー Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
有効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll
  • ふさふさ野
  • 2016/04/02 (Sat) 22:07:39
確認を兼ねてAC作業です
作業と報告、ご苦労様です。
情報ログも見せていただきました。
今のところは怪しいものはまだ見えないようです。

では更に踏み込んで調べていきましょう。

次は下記のツールを準備してください。
「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html
ただ、これは既に相談前にも使ったようですが、確認を兼ねてここでまた使います。
説明も見直しておいてください。

Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/

ダウンロード
https://www.malwarebytes.org/mwb-download/thankyou/
ファイル直リンです。保存しておいてください。

使い方の説明サイト
http://www.gigafree.net/security/MalwarebytesAnti-MalwareFree.html

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

次にMBAMも起動して定義のアップデートだけしてから、MBAMも終了しておいてください。

両ツールのアップデートができたらディスククリーンアップを使ってゴミファイルの掃除したあと、PCをセーフモードで再起動してしてください。

続いてPCをセーフモード起動してから、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

ACでの作業ができたら次はMBAMの作業です。
またセーフモード起動してからMBAM起動してスキャンしてください。
MBAM起動したら「スキャン」タブで「カスタムスキャン」選択後、Cドライブを含む全ドライブを選択してください。
それとルートキットスキャンの項目もチェック入れておいてください。

この形でスキャンすると時間はかかりますができるだけ細かくスキャンするためです。

両ツールのスキャンの順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、画面右下にその結果を知らせるメッセージが出るので、それを押すとその結果が表示されるはずです。
そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとしばらくPC状態を様子見後、作業後に保存したACとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。
  • 悪代官
  • 2016/04/03 (Sun) 05:58:19
Re: マルウェア感染
無事に二つとも、作業が終っておりましたのでご報告します。
AdwCleanerの方は特に検出されませんでしたが、念のために貼らせて頂きます。

そして作業の参考のために他の方の投稿を見ていたところ、
悪代官の伏魔殿別館様の方で、ご相談されていた方と同じ3つのサイトに
飛ばされている事を、履歴を調べてみた所確認できました。
別館にて2016.2.12よりご相談されていた、さなえ様と言う方の8つ目の投稿にて書かれていたアドレスです。
念のためにご報告させていただきます。



# AdwCleaner v5.108 - ログファイルの作成日 03/04/2016 作成時間 22:41:30
# 更新日 30/03/2016 作成元 Xplode
# データベース : 2016-03-30.1 [ローカル]
# オペレーティングシステム : Windows 7 Home Premium Service Pack 1 (x64)
# ユーザー名 : atsuko - A-PC
# 実行場所 : C:\Users\atsuko\Desktop\adwcleaner_5.108.exe
# オプション : スキャン
# サポート : http://toolslib.net/forum

***** [ サービス ] *****


***** [ フォルダ ] *****


***** [ ファイル ] *****


***** [ DLL ] *****


***** [ ショートカット ] *****


***** [ スケジュールタスク ] *****


***** [ レジストリ ] *****


***** [ Webブラウザ ] *****


*************************

MBAMのログです

Malwarebytes Anti-Malware
www.malwarebytes.org

スキャン日付: 2016/04/03
スキャン時刻: 22:51
ログファイル: mbam0403.txt
管理者: はい

バージョン: 2.2.1.1043
マルウェアデータベース: v2016.04.03.03
ルートキットデータベース: v2016.03.30.01
ライセンス: 無料版
マルウェア保護機能: 無効
悪質ウェブサイト保護機能: 無効
自己防衛: 無効

OS: Windows 7 Service Pack 1
CPU: x64
ファイルシステム: NTFS
ユーザー: atsuko

スキャン形式: カスタムスキャン
結果: 完了しました
スキャンされたオブジェクト数: 754615
経過時間: 5 時間, 33 分, 4 秒

メモリ: 有効
スタートアップ: 有効
ファイルシステム: 有効
アーカイブ: 有効
ルートキット: 有効
ヒューリスティック: 有効
PUP: 有効
PUM: 有効

プロセス: 0
(なし悪意のある項目を検出)

モジュール: 0
(なし悪意のある項目を検出)

レジストリキー: 0
(なし悪意のある項目を検出)

レジストリ値: 0
(なし悪意のある項目を検出)

レジストリデータ: 0
(なし悪意のある項目を検出)

フォルダー: 0
(なし悪意のある項目を検出)

ファイル: 0
(なし悪意のある項目を検出)

物理セクタ: 0
(なし悪意のある項目を検出)


(end)

以上です。
  • ふさふさ野
  • 2016/04/04 (Mon) 06:27:26
努力と言うより悪あがきですね
作業と報告、ご苦労様です。

ログを見せてもらったところでは検出はないみたいですが、別館のさなえさんスレで見つかったURLがこちらでも見つかったとのことですか。
http://other-place.bbs.fc2.com/?act=reply&tid=6759113

MBAMとACでも検出できないとなると、どうやらまた解析処置逃れを更に巧妙化してきましたね。
ですがそのことも当方は想定の範囲です。
悪意のプログラムやその作成配布者は常に処置逃れのための工作を日々続けています。
仕事のための努力なら本来は立派な行為として認めてあげたいところですが、一般ユーザーの誤認や過失につけ込んで迷惑プログラムを仕込むのが仕事というなら少なくとも自分はそんなの行為を努力と認めるつもりはありません。

それでは今度は別のツールで別の角度から調べます。

今度は以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで分割して、複数回に分けてレス送信してください。

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
  • 悪代官
  • 2016/04/04 (Mon) 21:00:35
OTLログ(1)
こんばんは、毎日お忙しい中ありがとうございます。

そちらのアドレスの方です。見覚えが有りもしやと思い確認したところ同じでした。
巧妙化ですか・・・嫌なものですね。


OTLのログを貼らせていただきます。

OTL logfile created on: 2016/04/04 21:45:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\atsuko\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.84 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.54% Memory free
15.68 Gb Paging File | 13.63 Gb Available in Paging File | 86.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 210.15 Gb Free Space | 46.84% Space Free | Partition Type: NTFS

Computer Name: A-PC | User Name: atsuko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/04/04 21:37:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\atsuko\Desktop\OTL.exe
PRC - [2016/02/02 18:23:00 | 000,252,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
PRC - [2013/12/05 09:37:24 | 001,179,232 | ---- | M] (西日本電信電話株式会社) -- C:\Program Files (x86)\NTTW\StartUpToolN\StartUpTool_w.exe
PRC - [2012/04/06 20:29:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/04/06 20:29:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/03/23 18:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/03/23 18:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/03/23 18:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/03/23 18:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/02/29 22:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/27 20:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/08 11:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/02/08 11:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/02/08 11:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 17:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/05 14:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 14:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2016/03/10 03:10:37 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8a5ccf679e51f3a863c9951807a69f93\System.Windows.Forms.ni.dll
MOD - [2016/02/13 05:46:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ca97db61d7b1564dd115248a1439194e\System.Drawing.ni.dll
MOD - [2016/02/13 05:45:39 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ef80bf7db724bb3ab5fea4c0e2117cae\System.ni.dll
MOD - [2014/09/10 19:20:54 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2012/04/06 20:29:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/04/06 20:29:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012/01/05 14:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:[b]64bit:[/b] - [2016/02/09 03:14:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2015/07/23 09:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/05/04 15:23:50 | 001,187,328 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe -- (Platinum Host Service)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/05/16 01:14:28 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2012/03/21 13:03:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:[b]64bit:[/b] - [2012/02/07 17:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:[b]64bit:[/b] - [2012/02/06 17:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:[b]64bit:[/b] - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2012/01/20 16:15:14 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:[b]64bit:[/b] - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/11/05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/05/16 01:18:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/23 18:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 22:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/02/20 13:18:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/08 11:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/08 11:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/08 11:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/05 14:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/06/21 12:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/07/20 18:20:22 | 000,122,440 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:[b]64bit:[/b] - [2015/07/20 18:19:16 | 000,093,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:[b]64bit:[/b] - [2015/07/20 18:18:12 | 000,307,352 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:[b]64bit:[/b] - [2015/06/10 23:08:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/07/10 00:02:56 | 000,106,296 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:[b]64bit:[/b] - [2014/06/30 19:06:54 | 000,106,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmusa.sys -- (tmusa)
DRV:[b]64bit:[/b] - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/05/16 01:14:26 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2012/05/16 01:14:26 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2012/05/16 01:14:25 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:[b]64bit:[/b] - [2012/05/03 22:59:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:[b]64bit:[/b] - [2012/04/16 23:48:03 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2012/04/16 23:48:03 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2012/04/16 23:48:03 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2012/03/22 06:23:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:[b]64bit:[/b] - [2012/03/22 06:23:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:[b]64bit:[/b] - [2012/03/22 06:23:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2012/03/22 06:23:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2012/03/22 06:23:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:[b]64bit:[/b] - [2012/03/22 06:23:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2012/03/07 22:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/27 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2012/02/27 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012/02/27 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2012/02/15 03:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/02/07 15:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2012/02/07 15:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:[b]64bit:[/b] - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2012/01/20 16:14:34 | 000,016,128 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:[b]64bit:[/b] - [2012/01/19 00:30:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:[b]64bit:[/b] - [2011/12/06 20:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2011/11/10 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2011/11/04 10:21:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:[b]64bit:[/b] - [2011/11/04 10:21:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:[b]64bit:[/b] - [2011/09/02 14:36:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:[b]64bit:[/b] - [2011/07/14 16:32:23 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/07/14 16:32:23 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-822167610-4187586497-2688661879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-822167610-4187586497-2688661879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.jp/
IE - HKU\S-1-5-21-822167610-4187586497-2688661879-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-822167610-4187586497-2688661879-1000\..\SearchScopes\{E82513C2-C14E-4E84-BE7B-2FF814F2124F}: "URL" = http://search.yahoo.co.jp/search?b=1&n=10&ei=UTF-8&fr=ie8sc&p={searchTerms}
IE - HKU\S-1-5-21-822167610-4187586497-2688661879-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-822167610-4187586497-2688661879-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\PROGRAM FILES\NTTW\SECURITY\AMSP\MODULE\20002\9.1.1035\9.1.1035\FIREFOXEXTENSION [2016/03/22 00:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tmbepff@trendmicro.com: C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2016/03/22 00:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\NTTW\Security\SEC\UIFramework\Toolbar\firefoxextension [2015/11/04 17:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}: C:\Program Files\NTTW\Security\AMSP\module\20013\FxExt\firefoxextension\ [2016/03/22 00:48:25 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcomcgcopagkhcbmcmcfhpcmdolfijg\2.0.5_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf\9.0.0.1255_0\
CHR - Extension: No name found = C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2012/09/12 11:45:53 | 000,002,900 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 2001:d70:100:0003::80 nc27web40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::80 nc27web50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::80 nc27web60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::80 nc27web70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::80 nc27web80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::80 nc27web90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::80 nc27webf0.w14.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::5060 nc27scc40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::5060 nc27scc50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::5060 nc27scc60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::5060 nc27scc70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::5060 nc27scc80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::5060 nc27scc90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:000e::5060 nc27sccf0.w14.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::5061 nc27imc40.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0003::1:5061 nc27imc41.w3.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::5061 nc27imc50.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0004::1:5061 nc27imc51.w4.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::5061 nc27imc60.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0005::1:5061 nc27imc61.w5.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::5061 nc27imc70.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0006::1:5061 nc27imc71.w6.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::5061 nc27imc80.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0007::1:5061 nc27imc81.w7.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 2001:d70:100:0008::5061 nc27imc90.w8.v2.fletsnet.com # CommunicationTool
O1 - Hosts: 3 more lines...
O2:[b]64bit:[/b] - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (Trend Micro IE Protection) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Trend Micro IE Protection) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll (Trend Micro Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (セキュリティツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (セキュリティツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Platinum] C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NTTW_OSA_AUS] C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe (西日本電信電話株式会社)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-822167610-4187586497-2688661879-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe (西日本電信電話株式会社)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4D8DD706-6972-460D-A51B-EB7F7687E450} http://muji.livingstyle.jp/sim/dfls//3dx/ActiveMPP.cab (ActiveMpp Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77F2CAEF-BD87-4CDA-863E-FC455F11258D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F757B5EC-0773-42CA-923D-9F31888D019B}: DhcpNameServer = 172.20.10.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\Security\SEC\UIFramework\ProToolbarIMRatingActiveX.dll (西日本電信電話株式会社)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  • ふさふさ野
  • 2016/04/04 (Mon) 22:42:16
OTLログ(2)
OTLログ(2)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/04/04 21:37:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\atsuko\Desktop\OTL.exe
[2016/04/03 22:01:36 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/04/03 22:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/04/03 22:01:18 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/04/03 22:01:18 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/04/03 22:01:18 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/04/03 22:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/04/03 22:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/04/01 21:54:51 | 000,000,000 | ---D | C] -- C:\Users\atsuko\AppData\Roaming\Geek Uninstaller
[2016/04/01 21:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2016/04/01 21:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/04/01 21:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2016/04/01 21:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2016/04/01 21:30:48 | 000,000,000 | ---D | C] -- C:\Users\atsuko\AppData\Local\Programs
[2016/04/01 14:49:10 | 000,000,000 | ---D | C] -- C:\Users\atsuko\Desktop\たいさく
[2016/03/27 23:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2016/03/27 23:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2016/03/27 23:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2016/03/27 23:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2016/03/22 01:41:05 | 000,000,000 | ---D | C] -- C:\Users\atsuko\Documents\CommunicationTool
[2016/03/22 00:23:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/03/11 04:44:45 | 000,000,000 | ---D | C] -- C:\Users\atsuko\AppData\Local\{3F4EB202-F01A-4656-B844-6157CA136318}
[2016/03/11 00:13:47 | 000,000,000 | ---D | C] -- C:\Users\atsuko\AppData\Local\{402BB63A-E8BC-43D8-9DB0-23A687634A14}
[2016/03/11 00:13:16 | 000,000,000 | ---D | C] -- C:\Users\atsuko\AppData\Local\{6EA2C791-193C-438C-82EC-A090D2D8C937}
[2016/03/10 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2016/03/09 18:42:14 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2016/03/09 18:42:13 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2016/03/09 18:42:13 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2016/03/09 18:42:13 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2016/03/09 18:42:13 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2016/03/09 18:42:13 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2016/03/09 18:42:13 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/03/09 18:42:13 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/03/09 18:42:13 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2016/03/09 18:42:13 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2016/03/09 18:42:13 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2016/03/09 18:42:13 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2016/03/09 18:42:13 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2016/03/09 18:42:13 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2016/03/09 18:42:13 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2016/03/09 18:42:13 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2016/03/09 18:42:13 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2016/03/09 18:42:13 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2016/03/09 18:42:13 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2016/03/09 18:42:13 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2016/03/09 18:42:13 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/03/09 18:42:13 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2016/03/09 18:42:13 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2016/03/09 18:42:13 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2016/03/09 18:42:13 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2016/03/09 18:42:13 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2016/03/09 18:42:13 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2016/03/09 18:42:13 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2016/03/09 18:42:13 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2016/03/09 18:42:13 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2016/03/09 18:42:13 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2016/03/09 18:42:09 | 003,169,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016/03/09 18:42:09 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016/03/09 18:42:07 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016/03/09 18:42:07 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016/03/09 18:42:07 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016/03/09 18:42:07 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016/03/09 18:42:07 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016/03/09 18:42:07 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016/03/09 18:42:07 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2016/03/09 18:42:07 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2016/03/09 18:42:07 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016/03/09 18:42:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2016/03/09 18:42:07 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016/03/09 18:42:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2016/03/09 18:42:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2016/03/09 18:41:59 | 000,862,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2016/03/09 18:41:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/03/09 18:41:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/03/09 18:41:48 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016/03/09 18:41:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/03/09 18:41:48 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/03/09 18:41:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016/03/09 18:41:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016/03/09 18:41:47 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016/03/09 18:41:47 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/03/09 18:41:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016/03/09 18:41:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/03/09 18:41:46 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/03/09 18:41:46 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016/03/09 18:41:46 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/03/09 18:41:45 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/03/09 18:41:45 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016/03/09 18:41:45 | 000,798,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/03/09 18:41:45 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/03/09 18:41:45 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/03/09 18:41:45 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/03/09 18:41:45 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016/03/09 18:41:45 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016/03/09 18:41:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016/03/09 18:41:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016/03/09 18:41:44 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/03/09 18:41:44 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/03/09 18:41:44 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/03/09 18:41:44 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/03/09 18:41:44 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/03/09 18:41:44 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/03/09 18:41:44 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/03/09 18:41:44 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/03/09 18:41:43 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016/03/09 18:41:43 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016/03/09 18:41:43 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016/03/09 18:41:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/03/09 18:41:42 | 006,052,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/03/09 18:41:42 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/03/09 18:41:42 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016/03/09 18:41:42 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016/03/09 18:41:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016/03/09 18:41:41 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016/03/09 18:41:41 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016/03/09 18:41:16 | 005,572,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/03/09 18:41:11 | 001,733,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/03/09 18:41:07 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/03/09 18:41:06 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/03/09 18:41:03 | 003,994,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/03/09 18:41:00 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016/03/09 18:41:00 | 000,880,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/03/09 18:40:59 | 001,461,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/03/09 18:40:59 | 001,214,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016/03/09 18:40:59 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016/03/09 18:40:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016/03/09 18:40:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016/03/09 18:40:59 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/03/09 18:40:59 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016/03/09 18:40:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016/03/09 18:40:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016/03/09 18:40:59 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016/03/09 18:40:59 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016/03/09 18:40:59 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016/03/09 18:40:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016/03/09 18:40:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016/03/09 18:40:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016/03/09 18:40:59 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016/03/09 18:40:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016/03/09 18:40:58 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016/03/09 18:40:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016/03/09 18:40:58 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/03/09 18:40:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/03/09 18:40:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016/03/09 18:40:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/03/09 18:40:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/03/09 18:40:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/03/09 18:40:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016/03/09 18:40:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/03/09 18:40:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016/03/09 18:40:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/03/09 18:40:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016/03/09 18:40:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/03/09 18:40:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/03/09 18:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/03/09 18:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016/03/09 18:40:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/03/09 18:40:57 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/03/09 18:40:57 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/03/09 18:40:57 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016/03/09 18:40:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/03/09 18:40:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016/03/09 18:40:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2016/03/09 18:40:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2016/03/09 18:40:51 | 000,372,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016/03/09 18:40:51 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/03/09 18:40:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016/03/09 18:40:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016/03/09 18:40:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016/03/09 18:40:51 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016/03/09 18:40:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016/03/09 18:40:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016/03/09 18:40:49 | 014,634,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2016/03/09 18:40:48 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2016/03/09 18:40:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2016/03/09 18:40:48 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2016/03/09 18:40:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2016/03/09 18:40:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2016/03/09 18:40:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2016/03/09 18:40:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2016/03/09 18:40:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2016/03/09 18:40:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2016/03/09 18:40:47 | 001,373,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/03/09 18:40:47 | 001,168,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/03/09 18:40:47 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/03/09 18:40:47 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/03/09 18:40:47 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/03/09 18:40:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016/03/09 18:40:47 | 000,038,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2016/03/06 19:48:13 | 000,000,000 | ---D | C] -- C:\Users\atsuko\Desktop\cat

  • ふさふさ野
  • 2016/04/04 (Mon) 22:44:16
OTLログ(3)
OTLログ(3)

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/04/04 21:37:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\atsuko\Desktop\OTL.exe
[2016/04/04 21:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/04/04 18:35:23 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/04/04 18:35:23 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/04/04 18:28:51 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/04/04 18:28:03 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/04/04 18:19:49 | 2020,360,191 | -HS- | M] () -- C:\hiberfil.sys
[2016/04/03 22:51:34 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/04/03 22:01:21 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/04/02 20:36:35 | 000,190,778 | ---- | M] () -- C:\Users\atsuko\Desktop\bookmarks_2016_04_02.html
[2016/04/01 22:31:42 | 000,000,638 | ---- | M] () -- C:\Windows\tasks\TrackerAutoUpdate.job
[2016/04/01 22:11:27 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/04/01 22:11:27 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/04/01 21:32:50 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2016/04/01 02:35:44 | 003,102,720 | ---- | M] () -- C:\Users\atsuko\Desktop\adwcleaner_5.108.exe
[2016/03/29 19:32:31 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/03/27 23:51:36 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2016/03/22 18:44:19 | 000,263,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/03/10 14:08:58 | 000,140,672 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/03/10 03:30:00 | 001,375,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/03/10 03:30:00 | 000,677,504 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/03/10 03:30:00 | 000,434,452 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2016/03/10 03:30:00 | 000,130,146 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2016/03/10 03:30:00 | 000,130,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/04/03 22:01:21 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/04/02 20:36:34 | 000,190,778 | ---- | C] () -- C:\Users\atsuko\Desktop\bookmarks_2016_04_02.html
[2016/04/01 21:32:52 | 000,000,638 | ---- | C] () -- C:\Windows\tasks\TrackerAutoUpdate.job
[2016/04/01 21:32:50 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2016/04/01 02:35:39 | 003,102,720 | ---- | C] () -- C:\Users\atsuko\Desktop\adwcleaner_5.108.exe
[2016/03/27 23:51:36 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/05/14 22:00:06 | 000,782,021 | ---- | C] () -- C:\Users\atsuko\nko.png
[2015/05/02 04:04:25 | 000,792,122 | ---- | C] () -- C:\Users\atsuko\kote03.png
[2014/11/19 01:30:36 | 000,395,717 | ---- | C] () -- C:\Users\atsuko\awib.png
[2014/09/12 22:24:36 | 000,378,512 | ---- | C] () -- C:\Users\atsuko\po.png
[2014/07/28 20:14:02 | 000,389,822 | ---- | C] () -- C:\Users\atsuko\haru.png
[2014/06/29 22:16:01 | 000,377,512 | ---- | C] () -- C:\Users\atsuko\sendai.png
[2014/06/18 22:06:26 | 000,872,659 | ---- | C] () -- C:\Users\atsuko\i8.png
[2014/06/07 06:17:50 | 000,543,693 | ---- | C] () -- C:\Users\atsuko\hiryu.png
[2014/06/01 15:24:41 | 000,143,911 | ---- | C] () -- C:\Users\atsuko\yamato.jpg
[2014/05/25 00:24:51 | 000,676,000 | ---- | C] () -- C:\Users\atsuko\nagamon.png
[2014/05/23 21:10:16 | 000,452,111 | ---- | C] () -- C:\Users\atsuko\hag.png
[2013/02/21 21:42:47 | 000,253,226 | ---- | C] () -- C:\Users\atsuko\IMG_1306.png
[2013/01/29 19:57:46 | 002,739,871 | ---- | C] () -- C:\Users\atsuko\IMG_0482.JPG
[2013/01/15 02:49:09 | 000,000,036 | ---- | C] () -- C:\Users\atsuko\AppData\Local\housecall.guid.cache
[2012/11/09 00:16:08 | 002,113,081 | ---- | C] () -- C:\Users\atsuko\IMGP0179.JPG
[2012/11/09 00:16:00 | 002,361,400 | ---- | C] () -- C:\Users\atsuko\IMGP0178.JPG
[2012/11/09 00:15:33 | 002,310,858 | ---- | C] () -- C:\Users\atsuko\IMGP0176.JPG
[2012/11/09 00:15:22 | 002,342,053 | ---- | C] () -- C:\Users\atsuko\IMGP0175.JPG
[2012/11/09 00:14:58 | 002,337,082 | ---- | C] () -- C:\Users\atsuko\IMGP0173.JPG
[2012/09/28 22:39:01 | 000,057,066 | ---- | C] () -- C:\Users\atsuko\130.gif
[2012/09/28 22:37:07 | 000,005,226 | ---- | C] () -- C:\Users\atsuko\010.gif
[2012/09/28 22:29:20 | 000,032,293 | ---- | C] () -- C:\Users\atsuko\38.png
[2012/09/02 03:52:08 | 000,134,692 | ---- | C] () -- C:\Users\atsuko\6a0133f38cb3f3970b0167624f2989970b.png
[2012/09/02 01:15:40 | 000,000,242 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/01/22 15:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 15:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2012/05/16 00:59:12 | 000,000,000 | -H-D | M] -- C:\book
[2012/05/16 00:55:09 | 000,000,000 | -H-D | M] -- C:\Intel
[2012/09/01 23:55:09 | 000,000,000 | -H-D | M] -- C:\OEM
[2016/04/03 22:01:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk
[2012/09/02 00:30:13 | 000,000,000 | -H-D | M] -- C:\OEM\Registration
[2012/09/04 03:48:24 | 000,000,000 | -H-D | M] -- C:\OEM\Preload\OEM\Recovery\HPartition
[2016/03/22 01:37:34 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/05/16 01:02:03 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2016/03/27 23:51:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\Apple Computer\iTunes\SC Info
[2012/09/14 00:19:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\BDNAV
[2013/11/30 21:34:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2012/09/02 04:33:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\MediaEspresso\6.5
[2012/09/02 04:32:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MediaEspresso\6.5
[2012/09/14 00:19:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\Movie SDK\9.00
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2010/11/21 16:25:02 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR
[2015/05/24 15:42:21 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR
[2015/05/24 15:42:21 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\2015-05-24-06-42-21
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\2015-05-24-07-07-57
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\bffaae00
[2015/05/24 15:42:21 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\bffaae00\2015-05-24-06-42-21
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\bffaae00\2015-05-24-07-07-57
[2015/05/24 15:42:21 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR\2015-05-24-06-42-21
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR\2015-05-24-07-07-57
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\bffaae00
[2015/05/24 15:42:21 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\bffaae00\2015-05-24-06-42-21
[2015/05/24 16:07:57 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\bffaae00\2015-05-24-07-07-57
[2012/09/01 23:53:12 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2016/03/27 23:51:36 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Apple Computer\iTunes\SC Info
[2012/09/14 00:19:51 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\BDNAV
[2013/11/30 21:34:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2012/09/02 04:33:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\MediaEspresso\6.5
[2012/09/02 04:32:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MediaEspresso\6.5
[2012/09/14 00:19:53 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\Movie SDK\9.00
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2010/11/21 16:25:02 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2012/09/01 23:53:23 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData
[2012/09/20 22:40:52 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2012/09/01 23:55:30 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2016/03/23 05:34:44 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2012/09/02 02:38:13 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2012/09/01 23:55:35 | 000,000,000 | RH-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Windows\Burn\Burn
[2012/09/11 00:48:58 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
[2012/09/02 01:36:53 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}
[2012/09/11 00:47:39 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}
[2012/09/11 00:48:58 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{A8977498-2FDF-42B7-A726-8D3B2A53CD2C}
[2012/09/11 00:35:43 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{E2856B15-A196-4C82-BDA1-C75D273DF989}
[2013/11/30 21:33:56 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Roaming\CyberLink\MediaCache
[2015/05/24 15:37:21 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/02/19 01:56:54 | 000,000,000 | -H-D | M] -- C:\Users\atsuko\AppData\Roaming\Microsoft\Windows\DNTException\Low
[2009/07/14 12:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2016/04/03 22:01:21 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 11:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2012/09/02 00:04:57 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2013/11/30 21:33:49 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
[2013/11/30 21:33:50 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{7AD1ACC7-6558-427a-8564-76F67706C366}\Version\6.5
[2014/11/26 23:57:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/07/14 13:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2012/09/02 00:05:19 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2012/09/02 01:15:40 | 000,000,000 | -H-D | M] -- C:\Windows\SysNative\GroupPolicy

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2016/04/04 18:28:03 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/04/04 18:28:51 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/04/01 22:31:42 | 000,000,638 | ---- | M] () -- C:\Windows\tasks\TrackerAutoUpdate.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9500325AS
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 17.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 18254659584
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 449.00GB
Starting Offset: 18359517184
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/10/30 02:50:29 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2015/06/25 19:01:17 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2016/02/12 02:32:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2015/04/28 04:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2015/04/28 04:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/07/14 16:24:58 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/09/21 20:51:57 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2012/02/11 15:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2016/02/12 02:32:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2016/02/09 18:55:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2016/02/12 02:32:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/06 02:56:14 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2015/06/16 06:44:47 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2015/06/16 06:42:49 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2016/02/13 03:22:06 | 002,610,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >
  • ふさふさ野
  • 2016/04/04 (Mon) 22:45:43
Extrasログ
Extrasログです

OTL Extras logfile created on: 2016/04/04 21:45:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\atsuko\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.84 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.54% Memory free
15.68 Gb Paging File | 13.63 Gb Available in Paging File | 86.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 210.15 Gb Free Space | 46.84% Space Free | Partition Type: NTFS

Computer Name: A-PC | User Name: atsuko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00673338-3345-4C0E-8ECB-FEF47CC1B920}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{05A1E7E0-341A-4F43-922B-5DACB03F1B6E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0EF8067C-500F-40B7-9DDC-8F2FCB08B8F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17C20271-89AE-4277-9475-7919D76D1B92}" = lport=137 | protocol=17 | dir=in | app=system |
"{191F411A-0309-40E6-92BF-FA79B83A6C0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{20652E7B-A285-4DC2-A0D5-D51E26B500D7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2322E236-AC08-445F-B834-12A887859095}" = rport=445 | protocol=6 | dir=out | app=system |
"{3266B361-0062-4FA0-B086-EBF1EF6DA3CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{38C21635-E8E5-4B3D-89F0-A96A2A916CF7}" = lport=138 | protocol=17 | dir=in | app=system |
"{5AA59C7D-4014-477D-B42A-D2FA83AE3063}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CABFEC9-B340-4DB6-837D-DAFE6B6104F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{613FE233-E0C6-4001-A50A-48916C252C19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71FAA00C-67DB-4227-9713-E423A4F0B59E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7A1A6C3C-5403-4786-A42D-1289F80B31BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{934860D1-8670-4BEB-A0B1-F938F905DD38}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{989F6B15-F2AB-4EE9-9C6D-4A78AE18FB5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A7C827F-1B64-41EA-8992-A2CCE3B124DE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C9ABAC0-6FD7-4B9C-BF2B-61F21F65F5DA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{A6F24D01-F77A-4642-B606-FF4E99F8EF08}" = rport=139 | protocol=6 | dir=out | app=system |
"{C4D0D8D5-E7F1-4CA9-9E56-8BDEF18C9D89}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C74FB15C-8F17-4AD0-80FC-99B6CF1F3AD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD53235D-30E8-413F-93BD-3E297EBEC251}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EFCD8D9E-C145-446F-A4BC-7E0A2060F2E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3E338F5-9745-417E-A860-A6146E10F41F}" = rport=138 | protocol=17 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025A8607-1490-4CD8-B98C-D7D3C45C82FD}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1105B0AC-A29E-4EDE-815B-5F241FC09FCA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{15C9162A-927E-48D9-A78F-FBC7028EBE94}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1BB91484-5DF7-4C55-A023-9CC300CE330E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{22B399EB-92FC-4713-9FA1-452B4D6FB7B5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2516EDC9-886C-42B1-B3AD-BF82BE4139A9}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |
"{32CF19AE-6BB9-4105-B895-E88B35BCBC03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3CA431E6-A2B6-4229-9D6C-A45F934F6BA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4AEE4888-256A-4E36-96EC-86EDCF7864B3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CCE96DD-46EF-4840-99FA-45FC1DF466F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4EBE6A8F-0654-4763-A612-6CD098D618D2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{50258977-E1DF-4450-A433-C344E74FF92B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{534488EF-FAFF-40AF-96BD-17F6610CD645}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E3A9875-2ABF-40D3-A1C5-32FACE610103}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64BCDB9B-0E51-45E6-9DB7-15520C7637A7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6913A5DB-2112-4EB8-9177-E50619E3368A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{698B86F6-642F-46DF-BC95-9856200ED746}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{6DD4E819-6CD4-41EA-A118-E4665C4004B9}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{6F286104-B4FC-4FBC-95A6-E83467A69D81}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{70A894F6-D511-41C5-AD8C-C07269D8F6A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A1152E1-B27D-4497-B6FF-4F87C4115E98}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7AF74056-D5A2-4577-859E-86E4B11ADCE2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89EBDDBF-E7A3-4978-87ED-3914AC04E5C2}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{8AF5E3C3-A060-428A-94AB-3104F9ADD7DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E1D6F70-5AA3-4B87-9EA0-078FDE668E13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9006689C-D3E8-46B4-8DD5-94A42D2C0824}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{943CB216-8158-4501-B244-7BA03659BB97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94882DA9-09DC-44F5-B080-13F7EC13AFD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DA9B872-DF4A-445D-87AE-67B9378BCBFF}" = protocol=58 | dir=in | app=system |
"{AA33C98E-AC8A-463D-A9EE-26A12AB65208}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B035EF26-1D81-47E4-B755-AFCB11A54BB1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B3BEBD0E-9354-4320-A8F3-F0FDFD34369A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{C2B4346A-8129-4774-A906-A99E753DDFF2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C2FDA95F-B07A-4584-80CA-B0B0815E7F55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C4B2027B-909A-4EFF-93A7-5733B129D891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6D5315B-F894-48C3-A9CA-A85FED71B147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA758B82-A234-4959-932D-B1C4C08FF9BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E3898130-4216-4004-8E99-1382D5B5616E}" = protocol=6 | dir=out | app=system |
"{F64EE6EF-C18F-4727-A82D-F54EDDD0CBD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCD8F6BB-399C-44C6-9018-4D8C316E96DE}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2937FD88-C9D6-4B82-B539-37CD0A572F42}" = Apple Application Support(64 ビット)
"{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support
"{3BF2C0A8-2C44-4A36-AA96-3BD6FB7BB01F}" = Windows Live Remote Client Resources
"{42E08F76-1021-4B1D-8413-7AA26B1C05A0}" = Acer Instant Update Service
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}" = iCloud
"{54C5B89F-0A8C-4C07-A51D-7380974DA459}" = Windows Live Remote Service Resources
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = インテル(R) ターボ・ブースト・テクノロジー・モニター 2.5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A31C5565-90D9-4615-AE13-94D86C3836C7}" = iTunes
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = セキュリティ対策ツール
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019EF473-6D0A-415C-9A2E-1AF5F66AC60F}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
"{139C06F6-2DC5-485F-B34A-D333AA122379}" = セキュリティ申込・設定ツール
"{15D95497-8F76-41E5-8894-EDDB59E39BD9}" = Windows Live メール
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB64BE6-F975-40C0-90F9-648154433097}" = コミュニケーションツール
"{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7134EF35-DA07-41F8-A71F-66709E194BB5}" = Windows Live Mesh
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
"{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォト ギャラリー
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A162AF3F-7908-44E1-A072-67FB887A9517}" = スタートアップツール
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}" = Apple Application Support(32 ビット)
"{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}" = QuickTime 7
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{6AB64BE6-F975-40C0-90F9-648154433097}" = コミュニケーションツール
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware バージョン 2.2.1.1043
"RemoteToolGuider.west_is1" = NTT西日本 リモートサポートツール
"WinLiveSuite" = Windows Live Essentials
"診断復旧ツール_is1" = 診断復旧ツール

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2016/04/03 8:36:09 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/03 9:19:44 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/03 9:23:32 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/03 9:25:44 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/03 9:42:05 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/03 9:43:57 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/03 9:47:21 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/03 9:50:38 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/03 15:29:37 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/04/04 5:21:41 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2016/04/03 15:16:27 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/03 15:16:28 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/03 15:16:29 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/03 15:17:02 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/03 15:17:04 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/03 15:17:05 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/03 15:17:06 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/03 15:17:07 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/03 15:17:28 | Computer Name = a-PC | Source = iaStor | ID = 262153
Description = デバイス \Device\Ide\iaStor0 はタイムアウト期間内に応答しませんでした。

Error - 2016/04/04 8:32:25 | Computer Name = a-PC | Source = DCOM | ID = 10010
Description =


< End of report >

宜しく、お願いいたします。
  • ふさふさ野
  • 2016/04/04 (Mon) 22:49:09
今度はOTLでブラウザの掃除です
作業と報告、ご苦労様です。
OTLスキャンログを見せていただきました。

やはりIE拡張に怪しいものが隠れてましたね。
今度はそれをOTLで掃除にかかります。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE - HKU\S-1-5-21-822167610-4187586497-2688661879-1000\..\SearchScopes\{E82513C2-C14E-4E84-BE7B-2FF814F2124F}: "URL" = http://search.yahoo.co.jp/search?b=1&n=10&ei=UTF-8&fr=ie8sc&p={searchTerms}
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
  • 悪代官
  • 2016/04/05 (Tue) 19:25:40
OTLの作業ログ
こんばんは。お世話になっております。

OTL作業のログを貼らせて頂きます。

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-822167610-4187586497-2688661879-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E82513C2-C14E-4E84-BE7B-2FF814F2124F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E82513C2-C14E-4E84-BE7B-2FF814F2124F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D46B6DC-2207-486B-B523-A557E6D54B47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D46B6DC-2207-486B-B523-A557E6D54B47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: atsuko
->Temp folder emptied: 3818363 bytes
->Temporary Internet Files folder emptied: 118032758 bytes
->Google Chrome cache emptied: 429667516 bytes
->Flash cache emptied: 595 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 570201373 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304116 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,110.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 04052016_213744

Files\Folders moved on Reboot...
C:\Users\atsuko\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\atsuko\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

よろしくお願いいたします。
  • ふさふさ野
  • 2016/04/05 (Tue) 22:24:11
ここで全体の見直しを
作業と報告、ご苦労様です。
処置後のOTLログを見せてもらいましたが、OTLでの処置はできているようです。
対象の各エントリもsuccessfully(処置成功)になってます。

ではOTLは準備時の説明に沿って片付けていいです。

現在まだ何か異常が出ていれば、その症状を教えてください。

特に異常出てなければ、ここで一度全体の見直ししましょう。

またHJTログと、CCでインストール情報と各タブのログも取り直して、それらをレスで見せてください。

処置後の取りこぼしか、別口の感染受けてないかも含めて全体を洗い直します
  • 悪代官
  • 2016/04/06 (Wed) 20:30:25
Re: マルウェア感染
こんばんは。お世話になっております。

異常は4月1日にこちらでご相談させていただく前におきたのを最後に、今の所おきてないです。
今まで症状が出る間隔は、7日ー10日位に一度でしたので注意してみております。

HJTとCCのログの報告させていただきます。

HJTログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:06:49, on 2016/04/06
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\NTTW\StartUpToolN\StartUpTool_w.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\atsuko\Desktop\たいさく\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: Windows Live ID サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NTTW_OSA_AUS] "C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: スタートアップツール.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {4D8DD706-6972-460D-A51B-EB7F7687E450} (ActiveMpp Class) - http://muji.livingstyle.jp/sim/dfls//3dx/ActiveMPP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\Security\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.5 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10964 bytes

CCログ

Acer Backup Manager NTI Corporation 2012/04/16 337 MB 3.0.0.100
Acer Crystal Eye Webcam CyberLink Corp. 2012/05/16 41.3 MB 1.5.2108.00
Acer ePower Management Acer Incorporated 2012/05/16 6.00.3010
Acer eRecovery Management Acer Incorporated 2012/04/16 5.00.3507
Acer Instant Update Service Acer Incorporated 2012/04/16 9.42 MB 1.00.3004
Acer Registration Acer Incorporated 2016/04/06 1.04.3506
Acer ScreenSaver Acer Incorporated 2016/04/06 20.11.1107.1418
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 2016/04/06 18.4 MB 21.0.0.197
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 2016/04/06 11.6.7.637
Apple Application Support(32 ビット) Apple Inc. 2016/03/27 117 MB 4.3
Apple Application Support(64 ビット) Apple Inc. 2016/03/27 131 MB 4.3
Apple Mobile Device Support Apple Inc. 2016/03/27 28.5 MB 9.3.0.15
Apple Software Update Apple Inc. 2016/03/10 2.69 MB 2.2.0.150
Bonjour Apple Inc. 2015/09/22 2.01 MB 3.1.0.1
Broadcom Card Reader Driver Installer Broadcom Corporation 2012/09/16 2.76 MB 15.0.7.2
Broadcom NetLink Controller Broadcom Corporation 2012/05/16 524 KB 15.0.7.1
Broadcom Wireless Utility Broadcom Corporation 5.100.82.120
CCleaner Piriform 2016/04/01 5.16
Dolby Home Theater v4 Dolby Laboratories Inc 2012/05/16 28.0 MB 7.2.7000.7
ETDWare PS/2-X64 10.6.9.9_WHQL ELAN Microelectronic Corp. 2012/05/16 10.6.9.9
Google Chrome Google Inc. 2013/04/05 49.0.2623.110
iCloud Apple Inc. 2015/12/10 119 MB 5.1.0.34
Identity Card Acer Incorporated 2016/04/06 1.00.3501
Intel(R) Control Center Intel Corporation 1.2.1.1007
Intel(R) Management Engine Components Intel Corporation 8.0.2.1410
Intel(R) OpenCL CPU Runtime Intel Corporation
Intel(R) Processor Graphics Intel Corporation 8.15.10.2653
Intel(R) Rapid Storage Technology Intel Corporation 11.1.0.1006
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 1.0.4.220
Intel® Trusted Connect Service Client Intel Corporation 2012/05/16 10.6 MB 1.23.605.1
iTunes Apple Inc. 2016/03/27 215 MB 12.3.3.17
Launch Manager Acer Inc. 2016/04/06 5.1.15
Malwarebytes Anti-Malware バージョン 2.2.1.1043 Malwarebytes 2016/04/03 66.8 MB 2.2.1.1043
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/02/13 38.8 MB 4.6.01055
Microsoft Silverlight Microsoft Corporation 2016/01/13 447 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2012/04/16 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2012/04/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2012/05/16 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2012/05/16 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/09/02 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 2012/04/16 608 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2012/04/16 586 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/05/16 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/09/02 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2012/09/02 25.6 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2012/09/02 12.1 MB 10.0.30319
MyWinLocker Suite Egis Technology Inc. 2012/04/16 2.63 MB 4.0.14.19
NTI Media Maker 9 NTI Corporation 2012/05/16 0.96 GB 9.0.2.9006
NTT西日本 リモートサポートツール 西日本電信電話株式会社 2013/12/26
PDF-Viewer Tracker Software Products Ltd 2016/04/01 61.6 MB 2.5.317.0
QuickTime 7 Apple Inc. 2016/01/14 69.1 MB 7.79.80.95
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2012/05/16 6.0.1.6543
Welcome Center Acer Incorporated 2016/04/06 1.02.3507
WIDCOMM Bluetooth Software Broadcom Corporation 2012/05/16 289 MB 6.5.1.2610
Windows Live Essentials Microsoft Corporation 2012/04/16 15.4.3538.0513
インテル(R) ターボ・ブースト・テクノロジー・モニター 2.5 インテル 2012/05/16 13.2 MB 2.5.1.0
スタートアップツール 西日本電信電話株式会社 2014/04/24 2.61 MB 7.3
セキュリティ対策ツール 西日本電信電話株式会社 2015/05/24 450 MB 8.11
セキュリティ申込・設定ツール 西日本電信電話株式会社 2015/05/24 3.59 MB 7.2.0.8
診断復旧ツール 西日本電信電話株式会社 2014/05/31 12.5 MB
コミュニケーションツール 西日本電信電話株式会社 2012/09/12 30.6 MB 7.5.0000

宜しくお願いいたします。
  • ふさふさ野
  • 2016/04/06 (Wed) 22:19:12
Re: マルウェア感染
補足です。
「7日ー10日位に一度でしたので」と、言うのは
7日ー10日位に日に1度、特定の3つのサイトに飛ぶ事という症状が4回ほど有りました。
と言う事でした、分かりにくく言葉が足らない書き方をしてしまいすみません。
  • ふさふさ野
  • 2016/04/06 (Wed) 22:28:42
CCのログが足りておりませんでした。
重ね重ねすみません、CCのログが足りてませんでした。
追加で貼らせて頂きます。

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run BackupManagerTray NTI Corporation "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
有効 HKLM:Run Broadcom Wireless Manager UI Broadcom Corporation C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
有効 HKLM:Run Dolby Home Theater v4 Dolby Laboratories Inc. "C:\Dolby PCEE4\pcee4.exe" -autostart
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run InstantUpdate Acer Incorporated C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
有効 HKLM:Run IntelTBRunOnce Microsoft Corporation wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run LManager Dritek System Inc. C:\Program Files (x86)\Launch Manager\LManager.exe
有効 HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
有効 HKLM:Run NTTW_OSA_AUS 西日本電信電話株式会社 "C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe" -silent
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSessionAgent.exe" -StartUp
有効 HKLM:Run Power Management Acer Incorporated C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
有効 HKLM:Run RtHDVBg_Dolby Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SuiteTray Egis Technology Inc. "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
有効 Startup Common スタートアップツール.lnk C:\Windows\Installer\{A162AF3F-7908-44E1-A072-67FB887A9517}\_3B47FDE35444B41F912355.exe

有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task EgisUpdate Egis Technology Inc. "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task PMMUpdate Egis Technology Inc. "C:\Program Files\EgisTec IPS\PMMUpdate.exe"
有効 Task TrackerAutoUpdate Tracker Software Products (Canada) Ltd. C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
有効 Task UALU notificatin Acer Incorporated "C:\Program Files\Acer\Acer Updater\UALU.exe"

有効 File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
有効 File MWLIVShellExt Egis Technology Inc. C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll
有効 File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
有効 File ShredderContextMenu Egis Technology Inc. C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll

有効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Extension 故障かな?と思ったら・・・ 西日本電信電話株式会社 C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll
有効 Helper Trend Micro IE Protection Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
有効 Helper Trend Micro IE Protection Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll
有効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll
有効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
有効 Helper Windows Live ID サインイン ヘルパー Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
有効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll

有効 App Gmail 8.1 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google Search 0.0.0.60 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0
有効 App Google ドライブ 14.1 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
有効 App YouTube 4.2.8 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Gestures for Google Chrome™ 1.13.4 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0
無効 Extension Google オフライン ドキュメント 1.4 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0
無効 Extension Google ドキュメント 0.9 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
無効 Extension Trend ツールバー 9.0.0.1255 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf\9.0.0.1255_0
有効 Plugin Adobe Acrobat 10.1.6.1 最初のユーザー C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
有効 Plugin Browser Exploit Prevention 7.5.0.1115 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1115_0\nptmbep.dll
有効 Plugin Chrome PDF Viewer 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll
有効 Plugin Chrome Remote Desktop Viewer 最初のユーザー internal-remoting-viewer
有効 Plugin Google Update 1.3.21.135 最初のユーザー C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
有効 Plugin Intel® Identity Protection Technology 2.0.59.0 最初のユーザー C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin iTunes Application Detector 1.0.1.1 最初のユーザー C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Native Client 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll
有効 Plugin QuickTime Plug-in 7.7.3 7.7.3 (1680.64) 最初のユーザー C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
有効 Plugin Shockwave Flash 11.6.602.180 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll
有効 Plugin Shockwave for Director 11.6.7r637 最初のユーザー C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
有効 Plugin Silverlight Plug-In 5.1.20125.0 最初のユーザー c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
有効 Plugin Trend Micro Titanium 6.11.0.1149 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.11.0.1175_0\npToolbarChrome.dll
有効 Plugin Windows Live™ Photo Gallery 15.4.3538.0513_ship.wlx.w4m4 (ship) 最初のユーザー C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

申し訳ございません宜しくお願いいたします。
  • ふさふさ野
  • 2016/04/06 (Wed) 23:09:08
あとは様子見の結果次第ですね
おはようございます。
現在のログを見せてもらいました。

>異常は4月1日にこちらでご相談させていただく前におきたのを最後に、今の所おきてないです。
>今まで症状が出る間隔は、7日ー10日位に一度でしたので注意してみております。

はい、異常が出てないならそれに越したことはないですね。
ログ上でも不審なものは見えないようです。

ではあとはしばらく様子見に入りましょう。
普通にPCを使いながら1週間様子見してください。

そして1週間後に、今回と同じHJTとCCでの各ログを取り直して、それらを様子見中の状態報告とともにレスください。
この時点でのログと状態で、異常や再発がなくなってればいいのですが、何かまた異常出るようなら1週間待たなくていいのでそこで報告ください
  • 悪代官
  • 2016/04/07 (Thu) 07:33:59
Re: マルウェア感染
こんばんは。お世話になっております。
熊本の地震、一日でも早くの復旧復興されますよう願っております。
またお時間が有るときに目を通して頂けたら幸いです。

1週間使用して様子をみておりましたが、症状の方起こっておりません。
他も気になるところも特に無く、無事に使用する事ができております。

各ログの方貼らせていただきます。

HJT

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:07:10, on 2016/04/15
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTTW\StartUpToolN\StartUpTool_w.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\atsuko\Desktop\たいさく\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: Windows Live ID サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NTTW_OSA_AUS] "C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: スタートアップツール.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {4D8DD706-6972-460D-A51B-EB7F7687E450} (ActiveMpp Class) - http://muji.livingstyle.jp/sim/dfls//3dx/ActiveMPP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\Security\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.5 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10964 bytes

CC各ログ


Acer Backup Manager NTI Corporation 2012/04/16 337 MB 3.0.0.100
Acer Crystal Eye Webcam CyberLink Corp. 2012/05/16 41.3 MB 1.5.2108.00
Acer ePower Management Acer Incorporated 2012/05/16 6.00.3010
Acer eRecovery Management Acer Incorporated 2012/04/16 5.00.3507
Acer Instant Update Service Acer Incorporated 2012/04/16 9.42 MB 1.00.3004
Acer Registration Acer Incorporated 2016/04/06 1.04.3506
Acer ScreenSaver Acer Incorporated 2016/04/06 20.11.1107.1418
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 2016/04/06 18.4 MB 21.0.0.197
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 2016/04/06 11.6.7.637
Apple Application Support(32 ビット) Apple Inc. 2016/03/27 117 MB 4.3
Apple Application Support(64 ビット) Apple Inc. 2016/03/27 131 MB 4.3
Apple Mobile Device Support Apple Inc. 2016/03/27 28.5 MB 9.3.0.15
Apple Software Update Apple Inc. 2016/03/10 2.69 MB 2.2.0.150
Bonjour Apple Inc. 2015/09/22 2.01 MB 3.1.0.1
Broadcom Card Reader Driver Installer Broadcom Corporation 2012/09/16 2.76 MB 15.0.7.2
Broadcom NetLink Controller Broadcom Corporation 2012/05/16 524 KB 15.0.7.1
Broadcom Wireless Utility Broadcom Corporation 2012/05/16 5.100.82.120
CCleaner Piriform 2016/04/01 5.16
Dolby Home Theater v4 Dolby Laboratories Inc 2012/05/16 28.0 MB 7.2.7000.7
ETDWare PS/2-X64 10.6.9.9_WHQL ELAN Microelectronic Corp. 2012/05/16 10.6.9.9
Google Chrome Google Inc. 2013/04/05 49.0.2623.112
iCloud Apple Inc. 2015/12/10 119 MB 5.1.0.34
Identity Card Acer Incorporated 2016/04/06 1.00.3501
Intel(R) Control Center Intel Corporation 2012/05/16 1.2.1.1007
Intel(R) Management Engine Components Intel Corporation 2012/05/16 8.0.2.1410
Intel(R) OpenCL CPU Runtime Intel Corporation 2012/05/16
Intel(R) Processor Graphics Intel Corporation 2012/05/16 8.15.10.2653
Intel(R) Rapid Storage Technology Intel Corporation 2012/05/16 11.1.0.1006
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2012/05/16 1.0.4.220
Intel® Trusted Connect Service Client Intel Corporation 2012/05/16 10.6 MB 1.23.605.1
iTunes Apple Inc. 2016/03/27 215 MB 12.3.3.17
Launch Manager Acer Inc. 2016/04/06 5.1.15
Malwarebytes Anti-Malware バージョン 2.2.1.1043 Malwarebytes 2016/04/03 66.8 MB 2.2.1.1043
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/02/13 38.8 MB 4.6.01055
Microsoft Silverlight Microsoft Corporation 2016/01/13 447 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2012/04/16 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2012/04/16 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2012/05/16 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2012/05/16 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/09/02 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 2012/04/16 608 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2012/04/16 586 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/05/16 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/09/02 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2012/09/02 25.6 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2012/09/02 12.1 MB 10.0.30319
MyWinLocker Suite Egis Technology Inc. 2012/04/16 2.63 MB 4.0.14.19
NTI Media Maker 9 NTI Corporation 2012/05/16 0.96 GB 9.0.2.9006
NTT西日本 リモートサポートツール 西日本電信電話株式会社 2013/12/26
PDF-Viewer Tracker Software Products Ltd 2016/04/01 61.6 MB 2.5.317.0
QuickTime 7 Apple Inc. 2016/01/14 69.1 MB 7.79.80.95
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2012/05/16 6.0.1.6543
Welcome Center Acer Incorporated 2016/04/06 1.02.3507
WIDCOMM Bluetooth Software Broadcom Corporation 2012/05/16 289 MB 6.5.1.2610
Windows Live Essentials Microsoft Corporation 2012/04/16 15.4.3538.0513
インテル(R) ターボ・ブースト・テクノロジー・モニター 2.5 インテル 2012/05/16 13.2 MB 2.5.1.0
スタートアップツール 西日本電信電話株式会社 2014/04/24 2.61 MB 7.3
セキュリティ対策ツール 西日本電信電話株式会社 2015/05/24 450 MB 8.11
セキュリティ申込・設定ツール 西日本電信電話株式会社 2015/05/24 3.59 MB 7.2.0.8
診断復旧ツール 西日本電信電話株式会社 2014/05/31 12.5 MB
コミュニケーションツール 西日本電信電話株式会社 2012/09/12 30.6 MB 7.5.0000

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run BackupManagerTray NTI Corporation "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
有効 HKLM:Run Broadcom Wireless Manager UI Broadcom Corporation C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
有効 HKLM:Run Dolby Home Theater v4 Dolby Laboratories Inc. "C:\Dolby PCEE4\pcee4.exe" -autostart
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run InstantUpdate Acer Incorporated C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
有効 HKLM:Run IntelTBRunOnce Microsoft Corporation wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
有効 HKLM:Run LManager Dritek System Inc. C:\Program Files (x86)\Launch Manager\LManager.exe
有効 HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
有効 HKLM:Run NTTW_OSA_AUS 西日本電信電話株式会社 "C:\Program Files (x86)\NTTW\OSA_Aus\acs.exe" -silent
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSessionAgent.exe" -StartUp
有効 HKLM:Run Power Management Acer Incorporated C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
有効 HKLM:Run RtHDVBg_Dolby Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SuiteTray Egis Technology Inc. "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
有効 Startup Common スタートアップツール.lnk C:\Windows\Installer\{A162AF3F-7908-44E1-A072-67FB887A9517}\_3B47FDE35444B41F912355.exe


有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task EgisUpdate Egis Technology Inc. "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task PMMUpdate Egis Technology Inc. "C:\Program Files\EgisTec IPS\PMMUpdate.exe"
有効 Task TrackerAutoUpdate Tracker Software Products (Canada) Ltd. C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
有効 Task UALU notificatin Acer Incorporated "C:\Program Files\Acer\Acer Updater\UALU.exe"

有効 File MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
有効 File MWLIVShellExt Egis Technology Inc. C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll
有効 File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
有効 File ShredderContextMenu Egis Technology Inc. C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll

有効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Extension 故障かな?と思ったら・・・ 西日本電信電話株式会社 C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg32.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20013\3.5.1255\2.0.1039\TmopIEPlg.dll
有効 Helper Trend Micro IE Protection Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll
有効 Helper Trend Micro IE Protection Trend Micro Inc. C:\Program Files\NTTW\Security\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll
有効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll
有効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
有効 Helper Windows Live ID サインイン ヘルパー Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
有効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll

有効 App Gmail 8.1 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google Search 0.0.0.60 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0
有効 App Google ドライブ 14.1 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
有効 App YouTube 4.2.8 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Gestures for Google Chrome™ 1.13.4 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.13.4_0
無効 Extension Google オフライン ドキュメント 1.4 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0
無効 Extension Google ドキュメント 0.9 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
無効 Extension Trend ツールバー 9.0.0.1255 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf\9.0.0.1255_0
有効 Plugin Adobe Acrobat 10.1.6.1 最初のユーザー C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
有効 Plugin Browser Exploit Prevention 7.5.0.1115 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\7.5.0.1115_0\nptmbep.dll
有効 Plugin Chrome PDF Viewer 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll
有効 Plugin Chrome Remote Desktop Viewer 最初のユーザー internal-remoting-viewer
有効 Plugin Google Update 1.3.21.135 最初のユーザー C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
有効 Plugin Intel® Identity Protection Technology 2.0.59.0 最初のユーザー C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin iTunes Application Detector 1.0.1.1 最初のユーザー C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Native Client 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll
有効 Plugin QuickTime Plug-in 7.7.3 7.7.3 (1680.64) 最初のユーザー C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
有効 Plugin Shockwave Flash 11.6.602.180 最初のユーザー C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll
有効 Plugin Shockwave for Director 11.6.7r637 最初のユーザー C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
有効 Plugin Silverlight Plug-In 5.1.20125.0 最初のユーザー c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
有効 Plugin Trend Micro Titanium 6.11.0.1149 最初のユーザー C:\Users\atsuko\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.11.0.1175_0\npToolbarChrome.dll
有効 Plugin Windows Live™ Photo Gallery 15.4.3538.0513_ship.wlx.w4m4 (ship) 最初のユーザー C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

宜しくお願いいたします。
  • ふさふさ野
  • 2016/04/15 (Fri) 17:43:58
きれいになったPCを今後もうまく運用してください
こんばんは。
様子見後の報告ですね。

>熊本の地震、一日でも早くの復旧復興されますよう願っております。

はい、下記の案内もご覧になりましたか。
http://akudaikan-0.bbs.fc2.com/?act=reply&tid=6846254#14397939

おかげさまで災害掲示板や自分へのメール等で、他の方々からも情報提供や応援の声をいただいております。
もっとも自分などには応援されなくてもいいので被災地の方々に役立つ情報や暖かい声を送ってくださるとそれが何よりうれしゅうございます。

>1週間使用して様子をみておりましたが、症状の方起こっておりません。

異常もなくなっているようですね。
ログも見せてもらいましたが、不審なところはなさそうですね。

どうやら片付いたようなので、本題の処置は終了と言うことでいいでしょう。
作業ツール類は導入時の説明に沿って片付けていいです。

異常は消えても以後の再被害を防ぐための自衛はここからが始まりということも認識してください。

「俺たちの自衛は始まったばかりだ!」
【ふさふさ野先生の次回作にご期待ください】(←それ打ち切りのバッドエンドだから

ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

今回のスレでは不安や苦労したこともあったかと思いますが、その苦労を糧に替えて、以後は少しずつでもPC環境とセキュリティ意識を再構築していってください。
災害時に貴重な情報・通信の命綱にもなるPCをこれからもうまく維持と運用してください。

慣れない作業を長期間頑張ってくれてお疲れ様でした。
以後は安全で快適なPCライフを
  • 悪代官
  • 2016/04/15 (Fri) 19:29:33
Re: マルウェア感染
悪代官様

お忙しい中、貴重なお時間を割いて助けていただき有難うございました。
またじっくり他の方の書き込みをみて、少しでも改めて気をつけて安全に使用していければと思っております。
本当に有難うございました。
  • ふさふさ野
  • 2016/04/15 (Fri) 23:35:13

返信フォーム






プレビュー (投稿前に内容を確認)