悪代官の伏魔殿掲示板

Extras.txtも確認しました。
OTLで駆除を開始しましょう。

メモ帳を起動させ、以下をコピペしてください。
なお、:OTL、:Files、:Commands等はOTLでの処理方法を決める命令文です。
削除なされないようご注意ください。

------コピペこの下より------
:OTL
SRV - [2015/08/04 02:51:08 | 007,596,575 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\senintenceopzption\senintenceopzption.exe -- (senintenceopzption)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AEB3768-227F-4FBF-AC92-70853EFD50A5}: DhcpNameServer = 172.30.200.21 172.30.200.41
[2015/09/02 17:34:40 | 000,000,000 | ---D | C] -- C:\Users\1423127\AppData\Roaming\Malwarebytes
[2015/09/02 17:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/08/13 05:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\gffjcikofjlmbigbpeaoepfbgfaeocdo
[2015/08/04 02:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\senintenceopzption
[2015/08/06 20:41:30 | 000,000,020 | ---- | M] () -- C:\Users\1423127\AppData\Roaming\appdataFr2.bin
[2015/06/06 10:18:23 | 000,000,024 | ---- | C] () -- C:\Users\1423127\AppData\Roaming\appdataFr25.bin
[2015/03/06 15:10:33 | 000,000,020 | ---- | C] () -- C:\Users\1423127\AppData\Roaming\appdataFr3.bin

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{420AE76D-D1DE-41A5-9A0C-E665E3862A96}C:\xampp\apache\bin\httpd.exe"=-
"TCP Query User{6896B81B-1EBC-4BCD-BAEC-EE877F4B2634}C:\users\1423127\desktop\xampp\apache\bin\httpd.exe"=-
"UDP Query User{3A1F8009-2132-4940-900D-1DABD6F6CBC7}C:\users\1423127\desktop\xampp\apache\bin\httpd.exe"=-
"UDP Query User{48E80045-C151-4963-90C1-40410E8F23F1}C:\xampp\apache\bin\httpd.exe"=-

:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[emptytemp]
[createrestorepoint]
[reboot]
------コピペこの上まで------

コピペが完了しましたら、分かりやすいお名前をつけて保存してください。
その後、PCをセーフモードで起動させてください。
再度OTLを起動させ、Custom Scan/Fixesの項目内に上記で保存した内容をコピペしてください。
今回は駆除作業のため、その他のチェック項目はありません。
赤い文字の[Run Fix]をクリックして処置を開始してください。
OTLの処置に従って進めてゆき、通常モードで再起動を行う前後いずれかに処置ログが表示されますので、
そちらのログを貼り付けてご連絡ください。
またその際に状況報告もお願いいたします。
なおOTLは割と高確率で処置に失敗するので、その場合は今一度処置を行っていただく場合があります。

System Center 2012 Endpoint Protectionsでフルスキャンが完了しました。
今回ウイルスなどは全く検出されませんでした。

２週間前の作業から普通にパソコンを使う分には何も異常は出ていませんでしたが、セキュリティソフトでフルスキャンを行うと毎回何かしら検出されていたので、それだけが気がかりでした。

今回はそちらも問題なしでしたので、非常に気持ちが楽になりました。

やっぱり処理に失敗してたんですか。ログが短すぎでしたからね……ｗ。
今度はしっかりと処理に成功したと思われます。

All processes killed
========== OTL ==========
Error: No service named senintenceopzption was found to stop!
Service\Driver key senintenceopzption not found.
File C:\Program Files (x86)\senintenceopzption\senintenceopzption.exe not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7AEB3768-227F-4FBF-AC92-70853EFD50A5}\\DhcpNameServer| /E : value set successfully!
Folder C:\Users\1423127\AppData\Roaming\Malwarebytes\ not found.
Folder C:\ProgramData\Malwarebytes\ not found.
Folder C:\ProgramData\gffjcikofjlmbigbpeaoepfbgfaeocdo\ not found.
Folder C:\Program Files (x86)\senintenceopzption\ not found.
File C:\Users\1423127\AppData\Roaming\appdataFr2.bin not found.
File C:\Users\1423127\AppData\Roaming\appdataFr25.bin not found.
File C:\Users\1423127\AppData\Roaming\appdataFr3.bin not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: 1423127
->Flash cache emptied: 34518 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: 1423127
->Java cache emptied: 0 bytes

User: All Users

User: Default
->Java cache emptied: 0 bytes

User: Default User
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: 1423127
->Temp folder emptied: 56977 bytes
->Temporary Internet Files folder emptied: 248866168 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1614 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 75828020 bytes

Total Files Cleaned = 310.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 09032015_131409

Files\Folders moved on Reboot...
C:\Users\1423127\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\1423127\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

前回のは例外的なバグでしたね。
ただしなぜかOTLでの処置は一部正常に動作していた模様です。
今回の処置ログを見たところ、処置に成功したのは1件だけで、
ほかはすべて処置済みとなっていました。
そして今回はいつものバグが発生して、一部だけ処置ができていません。
そちらの処置を再度行いましょう。

------コピペこの下より------
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{420AE76D-D1DE-41A5-9A0C-E665E3862A96}C:\xampp\apache\bin\httpd.exe"=-
"TCP Query User{6896B81B-1EBC-4BCD-BAEC-EE877F4B2634}C:\users\1423127\desktop\xampp\apache\bin\httpd.exe"=-
"UDP Query User{3A1F8009-2132-4940-900D-1DABD6F6CBC7}C:\users\1423127\desktop\xampp\apache\bin\httpd.exe"=-
"UDP Query User{48E80045-C151-4963-90C1-40410E8F23F1}C:\xampp\apache\bin\httpd.exe"=-

:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[emptytemp]
[createrestorepoint]
[reboot]
------コピペこの上まで------

再度OTLで処理をしました。

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{420AE76D-D1DE-41A5-9A0C-E665E3862A96}C:\xampp\apache\bin\httpd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6896B81B-1EBC-4BCD-BAEC-EE877F4B2634}C:\users\1423127\desktop\xampp\apache\bin\httpd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3A1F8009-2132-4940-900D-1DABD6F6CBC7}C:\users\1423127\desktop\xampp\apache\bin\httpd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{48E80045-C151-4963-90C1-40410E8F23F1}C:\xampp\apache\bin\httpd.exe deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: 1423127
->Flash cache emptied: 682 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: 1423127
->Java cache emptied: 0 bytes

User: All Users

User: Default
->Java cache emptied: 0 bytes

User: Default User
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: 1423127
->Temp folder emptied: 57126 bytes
->Temporary Internet Files folder emptied: 67535994 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 808 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 09032015_140525

Files\Folders moved on Reboot...
C:\Users\1423127\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\1423127\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...