悪代官の伏魔殿掲示板
変な広告が出るようになりました
最近、急にsupという名前のサイトに飛ぶようになりました。どうすれば飛ばないようにできるでしょうか?
ログはとったので載せますね
どうかよろしくお願いします
Adobe Flash Player 12 ActiveX Adobe Systems Incorporated 2014/02/04 6.00 MB 12.0.0.44
Adobe Flash Player 12 Plugin Adobe Systems Incorporated 2014/02/05 6.00 MB 12.0.0.44
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 2012/08/05 11.6.5.635
Apple Application Support Apple Inc. 2014/01/28 94.4 MB 3.0
Apple Mobile Device Support Apple Inc. 2014/01/28 22.7 MB 7.1.0.32
Apple Software Update Apple Inc. 2014/01/28 2.38 MB 2.1.3.127
ArcSoft TotalMedia Theatre 5 ArcSoft 2011/08/26 133.6 MB 5.0.1.114
BitSaver BaitSaver 2013/12/30
BlockTheAdAppp BloocckTheAdAApp 2014/01/30
Bonjour Apple Inc. 2014/01/28 2.00 MB 3.0.0.10
Browse2save BrowseToSave 2012/02/20
Canon IJ Network Scanner Selector EX 2011/11/28
Canon IJ Network Tool 2011/11/28
Canon MG6200 series MP Drivers 2011/11/28
Canon ScanGear Starter 2011/07/13
CanoScan Toolbox Ver4.9 2011/07/13
CCleaner Piriform 2011/08/01 3.09
CPUID CPU-Z 1.58 2011/07/08 3.23 MB
CrystalDiskInfo 4.0.2 Crystal Dew World 2011/07/08 3.24 MB 4.0.2
DAEMON Tools Lite DT Soft Ltd 2011/07/10 4.40.2.0131
EasyLife Gadget EasyLife Gadget 2013/02/20 0.14 MB 1.0
Etron USB3.0 Host Controller Etron Technology 2011/08/30 5.24 MB 0.105
Facemoods Toolbar 2012/01/09
FastSys Intellitech 2013/09/05
ffdshow [rev 3154] [2009-12-09] 2013/11/25 14.0 MB 1.0
FileOpener Tweaks 2013/01/08 15.9 MB 1.1.1
FileOpener Packages 2013/01/09
foobar2000 v1.1.13 Peter Pawlowski 2012/07/27 7.80 MB 1.1.13
FoxTab PDF Creator 2012/01/09
FoxTab Video To MP3 2011/12/07
Free Disc Burner version 3.0.6.718 DVDVideoSoft Limited. 2011/07/24 20.7 MB
Google Chrome Google Inc. 2011/07/08 31.0.1650.63
Google 日本語入力 Google Inc. 2013/12/06 84.3 MB 1.12.1591.0
GrreatSavie4U GrreeatSavE4U 2013/12/30
HiDef Media Player 1.1.12 HiDefMedia 2014/02/05 1.1.12
I Want This Smart Apps 2014/02/05 1.0
I Want This 215 Apps 2012/04/08 1.9.146.147
iCloud Apple Inc. 2013/12/24 156.9 MB 3.1.0.40
ImgBurn LIGHTNING UK! 2011/07/10 2.5.5.0
Intel(R) Management Engine Components Intel Corporation 2011/07/09 7.0.0.1118
Intel(R) Processor Graphics Intel Corporation 2011/07/09 8.15.10.2418
Internet Explorer Toolbar 4.7 by SweetPacks SweetIM Technologies Ltd. 2013/01/08 4.63 MB 4.7.0002
iTunes Apple Inc. 2014/01/28 217 MB 11.1.4.62
Java(TM) 6 Update 26 Oracle 2011/07/24 97.1 MB 6.0.260
Java(TM) 7 Update 5 Oracle 2012/08/05 99.3 MB 7.0.50
JWord プラグイン JWord Inc. 2012/06/23 2.5.5.65
McAfee Security Scan Plus McAfee, Inc. 2013/11/18 10.3 MB 3.8.130.10
McAfee SiteAdvisor McAfee, Inc. 2014/01/09 3.6.176
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 2011/07/09 38.8 MB 4.0.30319
Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 Microsoft Corporation 2011/07/09 2.94 MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 2012/06/23 52.0 MB 4.0.30319
Microsoft .NET Framework 4 Extended Language Pack - 日本語 Microsoft Corporation 2012/06/23 10.7 MB 4.0.30319
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 2012/06/23 83.5 MB 4.0.30319
Microsoft Help Viewer 1.0 Microsoft Corporation 2012/06/23 3.97 MB 1.0.30319
Microsoft Security Essentials Microsoft Corporation 2013/11/18 4.4.304.0
Microsoft Silverlight Microsoft Corporation 2013/10/09 149.9 MB 5.1.20913.0
Microsoft SQL Server 2008 (64-bit) Microsoft Corporation 2012/06/23
Microsoft SQL Server 2008 Browser Microsoft Corporation 2012/06/23 7.94 MB 10.1.2531.0
Microsoft SQL Server 2008 Native Client Microsoft Corporation 2012/06/23 7.04 MB 10.1.2531.0
Microsoft SQL Server 2008 R2 管理オブジェクト Microsoft Corporation 2012/06/23 17.3 MB 10.50.1447.4
Microsoft SQL Server 2008 セットアップ サポート ファイル Microsoft Corporation 2012/06/23 34.9 MB 10.1.2731.0
Microsoft SQL Server Compact 3.5 SP2 JPN Microsoft Corporation 2012/06/23 3.67 MB 3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 JPN Microsoft Corporation 2012/06/23 4.79 MB 3.5.8080.0
Microsoft SQL Server System CLR Types Microsoft Corporation 2012/06/23 2.59 MB 10.50.1447.4
Microsoft SQL Server VSS Writer Microsoft Corporation 2012/06/23 3.59 MB 10.1.2531.0
Microsoft Visual C# 2010 Express - 日本語 Microsoft Corporation 2012/06/25 10.0.30319
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2011/07/08 0.77 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2011/08/11 0.77 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 2012/06/23 0.58 MB 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/06/25 0.58 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Corporation 2012/06/23 33.0 MB 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Corporation 2012/06/23 35.5 MB 10.0.30319
Microsoft Visual Studio 2010 Express Prerequisites x64 - JPN Microsoft Corporation 2012/06/23 4.32 MB 10.0.30319
Microsoft ヘルプ ビューアー 1.0 Language Pack - JPN Microsoft Corporation 2012/06/23 1.95 MB 1.0.30319
Monkey's Audio 2012/03/18 3.11 MB
ON_OFF Charge B11.0110.1 GIGABYTE 2011/08/02 1.00.0001
Orbit Downloader www.orbitdownloader.com 2013/01/08
Paint.NET v3.5.10 dotPDN LLC 2011/11/26 10.7 MB 3.60.0
QuickTime Apple Inc. 2013/05/28 74.6 MB 7.74.80.86
Realtek Ethernet Controller Driver Realtek 2011/07/08 7.46.531.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2011/12/02 6.0.1.6482
ScreenManager Pro for LCD (DDC/CI) EIZO NANAO CORPORATION 2012/03/26 5.06 MB 2.3.0
Skype(TM) 6.11 Skype Technologies S.A. 2013/12/01 27.4 MB 6.11.102
SnapCrab for Windows 1.0.1 Fenrir Inc. 2012/08/28 6.82 MB
SoundEngine Free Coderium 2012/01/09 4.6.0.17
SweetIM for Messenger 3.7 SweetIM Technologies Ltd. 2013/01/08 5.13 MB 3.7.0007
Sweetpacks Bundle Uninstaller SweetPacks LTD 2013/01/08 1.0.0.0
System Requirements Lab for Intel Husdawg, LLC 2011/07/24 0.75 MB 4.4.24.0
Uncompressor 2012/04/08
Update for DealPly Update for DealPly 2013/12/24
Update Manager for SweetPacks 1.1 SweetIM Technologies Ltd. 2013/01/08 2.77 MB 1.1.0008
Video Converter 2012/05/03
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 JPN Microsoft Corporation 2012/06/23 11.2 MB 4.0.8080.0
Web Protect for Windows Web Protect 2014/02/05 13.5 MB 10.0.0
Yahoo!かんたんパソコン設定 Yahoo! JAPAN. 2012/11/28 1.1.0
Yahoo!ツールバー Yahoo! JAPAN. 2012/11/28 2.71 MB 7.3.0.18
Yontoo 1.10.02 Yontoo LLC 2012/05/03 1.27 MB 1.10.02
ロジクール SetPoint 6.30 ロジクール 2011/07/08 39.1 MB 6.30.43

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:16, on 2014/02/09
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe
C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\Downloads\HijackThis.exe

R3 - URLSearchHook: MyUrlSearchHook Class - {2ACECADE-0BC7-4C6F-95CF-A221CC161B52} - C:\PROGRA~2\JWord\Plugin2\jwdsrch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 54.204.28.26 pegpmdkoddbpamefiefdnnaeenijmhfk
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [jwdsrch] C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe
O4 - HKLM\..\Run: [ScreenManager Pro for LCD (DDCCI)] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - HKLM\..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [I Want This-repairJob] wscript.exe "C:\Users\Tom\AppData\Local\I Want This\repair.js" "I Want This-repairJob"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SnapCrab.lnk = C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: JWord でサイト検索 - res://C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll/300
O8 - Extra context menu item: Yahoo!ツールバーに追加 - res://C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll/script_search.htm
O8 - Extra context menu item: Yahoo!検索で検索 - res://C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll/script_yahoo.htm
O9 - Extra button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - C:\ProgramData\JWord\plugin2\JwdHelpAbout.html
O9 - Extra 'Tools' menuitem: JWord プラグインについて - {34D67ED2-C837-4627-838C-2264E347D291} - C:\ProgramData\JWord\plugin2\JwdHelpAbout.html
O9 - Extra button: (no name) - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\PROGRA~2\JWord\Plugin2\COMPON~1\JWDEXP~1\JWDEXP~2.DLL
O9 - Extra 'Tools' menuitem: JWord 検索バー - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\PROGRA~2\JWord\Plugin2\COMPON~1\JWDEXP~1\JWDEXP~2.DLL
O9 - Extra button: (no name) - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\PROGRA~2\JWord\Plugin2\JwdPH.dll
O9 - Extra 'Tools' menuitem: JWord プラグインの設定... - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\PROGRA~2\JWord\Plugin2\JwdPH.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\fastsys\fastsys.dll,C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe,-100 (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files (x86)\Web Protect\PCProtect.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12380 bytes
  • taka
  • 2014/02/09 (Sun) 10:10:53
返信フォームへ 
Re: 変な広告が出るようになりました
あ、すみません、クッキーとアドオンの管理?で飛ばなくなるようにできたみたいです
お騒がせしました。
  • taka
  • 2014/02/09 (Sun) 10:14:04
返信フォームへ 
そのままなら再発は不可避でしょうが
こんにちは。
ここの管理人の悪代官です。
夜8時45分頃に成敗されるのがいやなので、日曜朝8時45分頃の美少女戦士にお仕置きされてます。
今日もげんなりウルトラ薄幸!( p_q)エ-ン

>クッキーとアドオンの管理?で飛ばなくなるようにできたみたいです

ログを見たところ、そんな甘いものじゃありませんけどね…?
とりあえず相談を止めるならそれでもいいですが、ログに見えているだけでも『かなりの』複合感染です。
処置するならご自身でもそれなりの手間を覚悟で作業してもらうことにはなるので、その意思もお持ちなら続きのレスをどうぞ
  • 悪代官
  • 2014/02/09 (Sun) 12:14:04
返信フォームへ 
Re: 変な広告が出るようになりました
え(゚д゚)!
そんな深刻な状態だったのですね...
覚悟はあります、どうかご指示お願いします
できれば有料コンテツなど使わずに処理したいのですが、可能ですか...?
  • taka
  • 2014/02/09 (Sun) 13:41:31
返信フォームへ 
費用はまったく発生しないのでご心配なく
早速のレスご苦労様です。

>覚悟はあります

はい、それなら自分もできる限り協力します。

>できれば有料コンテツなど使わずに処理したいのですが、可能ですか...?

大丈夫ですよ。自分はここで商売してるわけでもないので。ここで作業に使う各ツールは、個人・非商用のPCに使う場合は無償使用可のフリーソフトです。

ではまず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「ATF-Cleaner」(通称:ATF)
説明↓
http://freesoft.tvbok.com/freesoft/pc_system/atf-cleaner.html
ダウンロード↓
http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25
中央の赤い文字がダウンロードリンクです。
片付けるときはファイルを直接削除してください。
説明ページではWindowsXpと2000対応と書かれてますが、Win7やVistaにも対応です。

Iobit Uninstaller(通称・IU)
公式ページ↓
http://jp.iobit.com/free/iou.html
解説↓
http://milksizegene.blog.fc2.com/blog-entry-282.html
片付けのときはコントロールパネルからアンインストールですが、ポータブル版をお使いの場合はフォルダごと削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。

準備できたら作業開始です。

少なくとも下記のアプリは旧バージョンです。
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 2012/08/05 11.6.5.635
Java(TM) 7 Update 5 Oracle 2012/08/05 99.3 MB 7.0.50
各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

PCをセーフモードで起動してください(やり方↓)
http://www.pc-master.jp/sousa/s-safemode.html

セーフモードでIUを使って、下記をアンインストールしてください。
BitSaver BaitSaver 2013/12/30

BlockTheAdAppp BloocckTheAdAApp 2014/01/30

Browse2save BrowseToSave 2012/02/20

DAEMON Tools Lite DT Soft Ltd 2011/07/10 4.40.2.0131

EasyLife Gadget EasyLife Gadget 2013/02/20 0.14 MB 1.0

Facemoods Toolbar 2012/01/09

FileOpener Tweaks 2013/01/08 15.9 MB 1.1.1

FileOpener Packages 2013/01/09

FoxTab PDF Creator 2012/01/09

FoxTab Video To MP3 2011/12/07

Free Disc Burner version 3.0.6.718 DVDVideoSoft Limited. 2011/07/24 20.7 MB

GrreatSavie4U GrreeatSavE4U 2013/12/30

HiDef Media Player 1.1.12 HiDefMedia 2014/02/05 1.1.12

I Want This Smart Apps 2014/02/05 1.0

I Want This 215 Apps 2012/04/08 1.9.146.147

JWord プラグイン JWord Inc. 2012/06/23 2.5.5.65

Orbit Downloader www.orbitdownloader.com 2013/01/08

SweetIM for Messenger 3.7 SweetIM Technologies Ltd. 2013/01/08 5.13 MB 3.7.0007

Sweetpacks Bundle Uninstaller SweetPacks LTD 2013/01/08 1.0.0.0

Uncompressor 2012/04/08

Update for DealPly Update for DealPly 2013/12/24

Update Manager for SweetPacks 1.1 SweetIM Technologies Ltd. 2013/01/08 2.77 MB 1.1.0008

Video Converter 2012/05/03

Web Protect for Windows Web Protect 2014/02/05 13.5 MB 10.0.0

Yontoo 1.10.02 Yontoo LLC 2012/05/03 1.27 MB 1.10.02

IU起動して、該当のアプリを選択して、アンインストール→パワースキャンの順にスキャンして、残骸ファイル、レジストリも表示されたらそれにチェックして削除です。
なお、IUは削除後ごくまれに異常が出ることもあるので、もし異常があればWindows標準のシステムの復元で、削除時の復元ポイントに戻してください。
見てのとおりかなり多いですが、間違って正規のアプリを削除しないようによく見て作業を。

セーフモードのままでATFを起動して、「Recycle bin」(ゴミ箱)以外の箇所全部にチェックしてから、下部の「Empty selected」を押してください。
これでPC内の一時ファイル等のゴミが掃除できます。
ゴミ箱を空にしないのは、もし間違って安全なファイルを削除しても戻せるようにとの対処です。

HJTを起動して、スキャン後表示された中の下記エントリをfixしてください。ただし、先のアンインストール後になくなった箇所は探しても見つからなければスルーして次へ進んでいいです。
R3 - URLSearchHook: MyUrlSearchHook Class - {2ACECADE-0BC7-4C6F-95CF-A221CC161B52} - C:\PROGRA~2\JWord\Plugin2\jwdsrch.dll

O1 - Hosts: 54.204.28.26 pegpmdkoddbpamefiefdnnaeenijmhfk

O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I

O4 - HKLM\..\Run: [jwdsrch] C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe

O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKLM\..\RunOnce: [I Want This-repairJob] wscript.exe "C:\Users\Tom\AppData\Local\I Want This\repair.js" "I Want This-repairJob"

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: JWord でサイト検索 - res://C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll/300

O9 - Extra button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - C:\ProgramData\JWord\plugin2\JwdHelpAbout.html

O9 - Extra 'Tools' menuitem: JWord プラグインについて - {34D67ED2-C837-4627-838C-2264E347D291} - C:\ProgramData\JWord\plugin2\JwdHelpAbout.html

O9 - Extra button: (no name) - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\PROGRA~2\JWord\Plugin2\COMPON~1\JWDEXP~1\JWDEXP~2.DLL

O9 - Extra 'Tools' menuitem: JWord 検索バー - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\PROGRA~2\JWord\Plugin2\COMPON~1\JWDEXP~1\JWDEXP~2.DLL

O9 - Extra button: (no name) - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\PROGRA~2\JWord\Plugin2\JwdPH.dll

O9 - Extra 'Tools' menuitem: JWord プラグインの設定... - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\PROGRA~2\JWord\Plugin2\JwdPH.dll

O20 - AppInit_DLLs: c:\progra~3\fastsys\fastsys.dll,C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL

O23 - Service: PCProtect - Objectify Media Inc - C:\Program Files (x86)\Web Protect\PCProtect.exe

O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe

O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe

対象エントリ左の「□」内にチェックして、下部の「Fix checked」を押せばfixされます。
この直後HJT画面が初期化されるので、そこでHJTを終了してください。
ここも多いので、対象外の正規エントリを間違ってfixしないように注意です。

今度はACを起動してください。
起動したら「Scan」したあと、そのスキャン終了後に続けて「Clean」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。

今度はCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

続いて「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。
ただし、「コンテキストメニュー」のログは取らなくていいです。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、ACとCCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。

上記の応急処置が効いたら異常もいくらか沈静化するかもしれませんが、沈静化してもしなくてもまだ「解決」にはならないので、時間はかかってもいいですから落ち着いて続きの作業とレスもお願いします。
作業が多いのと、様子見の時間もあるので、作業後の報告レスも明日か明後日でもいいです
  • 悪代官
  • 2014/02/09 (Sun) 14:39:19
返信フォームへ 
Re: 変な広告が出るようになりました
指示ありがとうございます
最初にとったログです
・AC
# AdwCleaner v3.018 - Report created 09/02/2014 at 18:09:17
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Tom - TOM-PC
# Running from : C:\Users\Tom\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2Save
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\EasyLife
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Users\Tom\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Tom\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Tom\AppData\Roaming\baidu
Folder Deleted : C:\Users\Tom\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Tom\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Tom\Documents\PC Health Kit
Folder Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Tom\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Google Chrome v

[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13094 octets] - [09/02/2014 18:08:50]
AdwCleaner[S0].txt - [12185 octets] - [09/02/2014 18:09:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12246 octets] ##########

・CC
有効 HKCU:Run Google Update Google Inc. "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
有効 HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
有効 HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
有効 HKCU:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run EvtMgr6 Logicool, Inc. C:\Program Files\Logicool\SetPointP\SetPoint.exe /launchGaming
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run IJNetworkScannerSelectorEX CANON INC. C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
有効 HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ScreenManager Pro for LCD (DDCCI) EIZO NANAO CORPORATION C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
有効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
無効 Startup Common TotalMedia Server.lnk ArcSoft Inc. C:\PROGRA~2\ArcSoft\TOTALM~1\TOTALM~1\TMSERV~1.EXE
無効 Startup User Logicool . 製品の登録.lnk Leader Technologies/Logicool C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=JPN /_WFM="."
有効 Startup User SnapCrab.lnk Fenrir Inc. C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe


有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\ssv.dll
有効 Helper McAfee SiteAdvisor BHO McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll



有効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0
無効 Extension DealPly 3.9.7.9 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.9.7.9_0
有効 Extension Google ウォレット 0.0.6.0 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
無効 Extension GrreatSavie4U 2.3 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbbomjedhgloinlanfgghjcnijdjpnc\2.3
有効 Extension I Want This 1.0 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pegpmdkoddbpamefiefdnnaeenijmhfk\1.0_0
無効 Extension SiteAdvisor 3.6.4.1311 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_1



有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task bench-S-1-5-21-3158885393-1646961979-1402308167-1000 C:\Program Files (x86)\Bench\Updater\updater.exe -runmode=checkupdate
有効 Task bench-sys C:\Program Files (x86)\Bench\Updater\updater.exe -runmode=checkupdate
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task Core Temp Autostart Tom "C:\Users\Tom\Downloads\CoreTemp64\Core Temp.exe"
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task GoogleUpdateTaskUserS-1-5-21-3158885393-1646961979-1402308167-1000Core Google Inc. C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskUserS-1-5-21-3158885393-1646961979-1402308167-1000UA Google Inc. C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task SaveSenseLiveUpdateTaskMachineCore SaveSense C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /c
有効 Task SaveSenseLiveUpdateTaskMachineUA SaveSense C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /ua /installsource scheduler
有効 Task SidebarExecute Microsoft Corporation C:\Program Files (x86)\Windows Sidebar\sidebar.exe
有効 Task Updater2258.exe Innovative Apps C:\Users\Tom\AppData\Local\Updater2258\Updater2258.exe /extensionid=2258 /extensionname="I Want This" /chromeid=mpfapcdfbbledbojijcbcclmlieaoogk
有効 Task {26BE9364-006A-4026-9ECD-08C641E40F2E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Tom\Downloads\5400f_64jp\SetupSG.exe -d C:\Users\Tom\Downloads\5400f_64jp



先ほど取り出したログです
・HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:42, on 2014/02/10
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [ScreenManager Pro for LCD (DDCCI)] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - HKLM\..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SnapCrab.lnk = C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O8 - Extra context menu item: Yahoo!ツールバーに追加 - res://C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll/script_search.htm
O8 - Extra context menu item: Yahoo!検索で検索 - res://C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll/script_yahoo.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe,-100 (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9974 bytes


・CC
有効 HKCU:Run Google Update Google Inc. "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
有効 HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
有効 HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
有効 HKCU:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run EvtMgr6 Logicool, Inc. C:\Program Files\Logicool\SetPointP\SetPoint.exe /launchGaming
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run IJNetworkScannerSelectorEX CANON INC. C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
有効 HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ScreenManager Pro for LCD (DDCCI) EIZO NANAO CORPORATION C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
有効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
無効 Startup Common TotalMedia Server.lnk ArcSoft Inc. C:\PROGRA~2\ArcSoft\TOTALM~1\TOTALM~1\TMSERV~1.EXE
無効 Startup User Logicool . 製品の登録.lnk Leader Technologies/Logicool C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=JPN /_WFM="."
有効 Startup User SnapCrab.lnk Fenrir Inc. C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe


有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\ssv.dll
有効 Helper McAfee SiteAdvisor BHO McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll


有効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0
有効 Extension Google ウォレット 0.0.6.0 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
無効 Extension GrreatSavie4U 2.3 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbbomjedhgloinlanfgghjcnijdjpnc\2.3



有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task bench-S-1-5-21-3158885393-1646961979-1402308167-1000 C:\Program Files (x86)\Bench\Updater\updater.exe -runmode=checkupdate
有効 Task bench-sys C:\Program Files (x86)\Bench\Updater\updater.exe -runmode=checkupdate
有効 Task bench-Updater removing /verysilent
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task Core Temp Autostart Tom "C:\Users\Tom\Downloads\CoreTemp64\Core Temp.exe"
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task GoogleUpdateTaskUserS-1-5-21-3158885393-1646961979-1402308167-1000Core Google Inc. C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskUserS-1-5-21-3158885393-1646961979-1402308167-1000UA Google Inc. C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task SaveSenseLiveUpdateTaskMachineCore SaveSense C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /c
有効 Task SaveSenseLiveUpdateTaskMachineUA SaveSense C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /ua /installsource scheduler
有効 Task SidebarExecute Microsoft Corporation C:\Program Files (x86)\Windows Sidebar\sidebar.exe
有効 Task {26BE9364-006A-4026-9ECD-08C641E40F2E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Tom\Downloads\5400f_64jp\SetupSG.exe -d C:\Users\Tom\Downloads\5400f_64jp


慎重にやったのでおそらく手違いなくできたと思います..
今のところ広告らしきものは見当たりません
再度指示お願いします




昨日の深夜に行い、今ブラウザを確認したところ、今のところは以上は見られません
  • taka
  • 2014/02/10 (Mon) 18:47:07
返信フォームへ 
少し作業と、追加のログを
作業と報告、御苦労さまです。

>今のところは異常見られません

はい、まずは沈静化成功ですね。でもまだ「解決」じゃないので、また説明を読んでから続きの作業をお願いします。

まずACはもういいので、準備時の説明に沿って片づけてください。

作業後のインストール情報のログがなかったので、これはまた次回レスで見せてください。

またCCを起動して、「Chrome」タブ内の下記を右クリックして「無効」にしたあと「エントリの削除」してください。
>有効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0
>有効 Extension Google ウォレット 0.0.6.0 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
>無効 Extension GrreatSavie4U 2.3 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmbbomjedhgloinlanfgghjcnijdjpnc\2.3
ログが文字化けしていたのでわかりにくいかもしれませんが、先の作業後に残っていた3つを全部削除するわけです。
無効化できないものはそのまま削除してもいいです。

次に「スケジュールされたタスク」内の下記も同様に処置です。
>有効 Task bench-S-1-5-21-3158885393-1646961979-1402308167-1000 C:\Program Files (x86)\Bench\Updater\updater.exe -runmode=checkupdate
>有効 Task bench-sys C:\Program Files (x86)\Bench\Updater\updater.exe -runmode=checkupdate
>有効 Task bench-Updater removing /verysilent
>有効 Task SaveSenseLiveUpdateTaskMachineCore SaveSense C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /c
>有効 Task SaveSenseLiveUpdateTaskMachineUA SaveSense C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /ua /installsource scheduler

これができたら一度PC再起動後、またしばらく様子見してから、インストール情報ログを返信に貼って、状態報告とともにレスください
  • 悪代官
  • 2014/02/10 (Mon) 19:35:17
返信フォームへ 
Re: 変な広告が出るようになりました
インストール情報ログ貼りますね
Adobe Flash Player 12 ActiveX Adobe Systems Incorporated 2014/02/05 6.00 MB 12.0.0.44
Adobe Flash Player 12 Plugin Adobe Systems Incorporated 2014/02/06 6.00 MB 12.0.0.44
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 2014/02/09 12.0.7.148
Apple Application Support Apple Inc. 2014/01/29 94.4 MB 3.0
Apple Mobile Device Support Apple Inc. 2014/01/29 22.7 MB 7.1.0.32
Apple Software Update Apple Inc. 2014/01/29 2.38 MB 2.1.3.127
ArcSoft TotalMedia Theatre 5 ArcSoft 2011/08/27 133 MB 5.0.1.114
Bonjour Apple Inc. 2014/01/29 2.00 MB 3.0.0.10
Canon IJ Network Scanner Selector EX 2011/11/29
Canon IJ Network Tool 2011/11/29
Canon MG6200 series MP Drivers 2011/11/29
Canon ScanGear Starter 2011/07/14
CanoScan Toolbox Ver4.9 2011/07/14
CCleaner Piriform 2014/02/09 4.10
CPUID CPU-Z 1.58 2011/07/09 3.22 MB
CrystalDiskInfo 4.0.2 Crystal Dew World 2011/07/09 3.24 MB 4.0.2
Etron USB3.0 Host Controller Etron Technology 2011/08/31 5.23 MB 0.105
FastSys Intellitech 2013/09/06
ffdshow [rev 3154] [2009-12-09] 2013/11/26 14.0 MB 1.0
foobar2000 v1.1.13 Peter Pawlowski 2012/07/28 7.80 MB 1.1.13
Google Chrome Google Inc. 2011/07/09 31.0.1650.63
Google 日本語入力 Google Inc. 2013/12/07 84.3 MB 1.12.1591.0
iCloud Apple Inc. 2013/12/25 156 MB 3.1.0.40
ImgBurn LIGHTNING UK! 2011/07/11 2.5.5.0
Intel(R) Management Engine Components Intel Corporation 2011/07/09 7.0.0.1118
Intel(R) Processor Graphics Intel Corporation 2011/08/31 8.15.10.2418
iTunes Apple Inc. 2014/01/29 216 MB 11.1.4.62
Java 7 Update 51 Oracle 2014/02/09 118 MB 7.0.510
Java(TM) 6 Update 26 Oracle 2011/07/25 97.0 MB 6.0.260
McAfee Security Scan Plus McAfee, Inc. 2013/11/19 10.2 MB 3.8.130.10
McAfee SiteAdvisor McAfee, Inc. 2014/01/10 3.6.176
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 2012/06/24 83.4 MB 4.0.30319
Microsoft .NET Framework 4.5.1 Microsoft Corporation 2014/02/09 38.8 MB 4.5.50938
Microsoft .NET Framework 4.5.1 (日本語) Microsoft Corporation 2014/02/09 2.93 MB 4.5.50938
Microsoft Help Viewer 1.1 Microsoft Corporation 2014/02/09 3.97 MB 1.1.40219
Microsoft Help Viewer 1.1 Language Pack - JPN Microsoft Corporation 2014/02/09 1.95 MB 1.1.40219
Microsoft Security Essentials Microsoft Corporation 2013/11/19 4.4.304.0
Microsoft Silverlight Microsoft Corporation 2013/10/10 149 MB 5.1.20913.0
Microsoft SQL Server 2008 (64-bit) Microsoft Corporation 2012/06/24
Microsoft SQL Server 2008 Browser Microsoft Corporation 2012/06/24 7.94 MB 10.1.2531.0
Microsoft SQL Server 2008 Native Client Microsoft Corporation 2012/06/24 7.03 MB 10.1.2531.0
Microsoft SQL Server 2008 R2 管理オブジェクト Microsoft Corporation 2014/02/09 14.4 MB 10.50.1750.9
Microsoft SQL Server 2008 セットアップ サポート ファイル Microsoft Corporation 2012/06/24 34.9 MB 10.1.2731.0
Microsoft SQL Server Compact 3.5 SP2 JPN Microsoft Corporation 2012/06/24 3.66 MB 3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 JPN Microsoft Corporation 2012/06/24 4.78 MB 3.5.8080.0
Microsoft SQL Server System CLR Types Microsoft Corporation 2014/02/09 991 KB 10.50.1750.9
Microsoft SQL Server VSS Writer Microsoft Corporation 2012/06/24 3.59 MB 10.1.2531.0
Microsoft Visual C# 2010 Express - 日本語 Microsoft Corporation 2014/02/09 10.0.40219
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2011/07/09 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2011/08/12 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 2012/06/24 599 KB 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/06/26 594 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/02/09 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 Microsoft Corporation 2014/02/09 33.4 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/02/09 11.1 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Corporation 2014/02/09 26.3 MB 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Corporation 2014/02/09 36.2 MB 10.0.40219
Microsoft Visual Studio 2010 Express Prerequisites x64 - JPN Microsoft Corporation 2014/02/09 21.6 MB 10.0.40219
Microsoft Visual Studio 2010 Service Pack 1 Microsoft Corporation 2014/02/09 75.9 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2014/02/09 10.0.40303
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 2014/02/09 10.0.40303
Monkey's Audio 2012/03/19 3.10 MB
ON_OFF Charge B11.0110.1 GIGABYTE 2011/08/03 1.00.0001
Paint.NET v3.5.10 dotPDN LLC 2011/11/27 10.6 MB 3.60.0
QuickTime Apple Inc. 2013/05/29 74.6 MB 7.74.80.86
Realtek Ethernet Controller Driver Realtek 2011/07/09 7.46.531.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2011/12/03 6.0.1.6482
ScreenManager Pro for LCD (DDC/CI) EIZO NANAO CORPORATION 2012/03/27 5.05 MB 2.3.0
Skype(TM) 6.11 Skype Technologies S.A. 2013/12/02 27.3 MB 6.11.102
SnapCrab for Windows 1.0.1 Fenrir Inc. 2012/08/29 6.81 MB
SoundEngine Free Coderium 2012/01/10 4.6.0.17
System Requirements Lab for Intel Husdawg, LLC 2011/07/25 763 KB 4.4.24.0
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 JPN Microsoft Corporation 2012/06/24 11.2 MB 4.0.8080.0
Yahoo!かんたんパソコン設定 Yahoo! JAPAN. 2012/11/29 1.1.0
Yahoo!ツールバー Yahoo! JAPAN. 2012/11/29 2.71 MB 7.3.0.18
ロジクール SetPoint 6.30 ロジクール 2011/07/09 39.0 MB 6.30.43

状況については、再発してきました
CCのchoromeの blocktheadapp~ が、無効にして削除しても、再起動するとまた出てきてるみたいです...


  • taka
  • 2014/02/10 (Mon) 23:00:59
返信フォームへ 
GoogleUpdateが妙です
おはようございます。また再発したようですね。
では以下の手順で作業してください。

またCCを起動して「WIndows」タブの下記を「無効」にしてください。
>有効 HKCU:Run Google Update Google Inc. "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c

次に「Chrome」タブの下記をまた無効です。
>有効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0

続いて「スケジュール」タブの下記も無効化です。
>有効 Task GoogleUpdateTaskUserS-1-5-21-3158885393-1646961979-1402308167-1000Core Google Inc. C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /c
>有効 Task GoogleUpdateTaskUserS-1-5-21-3158885393-1646961979-1402308167-1000UA Google Inc. C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

見た目はGoogleですが、よく見ると妙なのでこれを無効化します。削除はしないように。

このあとPC再起動後、またしばらく様子見した後、あらたにCCで各タブのログを取り直して、それを状態報告とともにレスください
  • 悪代官
  • 2014/02/11 (Tue) 06:44:48
返信フォームへ 
Re: 変な広告が出るようになりました
異常はみられません

CCのログです
無効 HKCU:Run Google Update Google Inc. "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
有効 HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
有効 HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
有効 HKCU:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run EvtMgr6 Logicool, Inc. C:\Program Files\Logicool\SetPointP\SetPoint.exe /launchGaming
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run IJNetworkScannerSelectorEX CANON INC. C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
有効 HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ScreenManager Pro for LCD (DDCCI) EIZO NANAO CORPORATION C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
有効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
無効 Startup Common TotalMedia Server.lnk ArcSoft Inc. C:\PROGRA~2\ArcSoft\TOTALM~1\TOTALM~1\TMSERV~1.EXE
無効 Startup User Logicool . 製品の登録.lnk Leader Technologies/Logicool C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=JPN /_WFM="."
有効 Startup User SnapCrab.lnk Fenrir Inc. C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe

有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\ssv.dll
有効 Helper McAfee SiteAdvisor BHO McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
有効 Helper McAfee SiteAdvisor BHO McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

無効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0
有効 Extension Google ウォレット 0.0.6.0 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
有効 Extension SiteAdvisor 1.65.118.5 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\1.65.118.5_1

有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task Core Temp Autostart Tom "C:\Users\Tom\Downloads\CoreTemp64\Core Temp.exe"
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
無効 Task GoogleUpdateTaskUserS-1-5-21-3158885393-1646961979-1402308167-1000Core Google Inc. C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /c
無効 Task GoogleUpdateTaskUserS-1-5-21-3158885393-1646961979-1402308167-1000UA Google Inc. C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task SidebarExecute Microsoft Corporation C:\Program Files (x86)\Windows Sidebar\sidebar.exe
有効 Task {26BE9364-006A-4026-9ECD-08C641E40F2E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Tom\Downloads\5400f_64jp\SetupSG.exe -d C:\Users\Tom\Downloads\5400f_64jp


  • taka
  • 2014/02/11 (Tue) 15:07:51
返信フォームへ 
とりあえずしばらく様子見を
作業と報告、ご苦労様です。

>異常はみられません

はい、今のところ沈静化してますか。
では今回無効化したエントリが本当に偽装かどうかを見極めるために、そのまま1週間様子見してください。

1週たって再発しなければ、無効化したエントリがクロと確定するので、その時点で無効化したエントリをCCから「エントリの削除」することになるでしょう。

1週たたずに同じ異常が再発したら、待たなくていいのでその時点で報告ください
  • 悪代官
  • 2014/02/11 (Tue) 17:26:22
返信フォームへ 
Re: 変な広告が出るようになりました
すいません、遅れました。
再発しなかったので、このまま削除で終了でしょうか?
  • taka
  • 2014/02/19 (Wed) 10:08:41
返信フォームへ 
お疲れ様でした。解決ですね
レスが遅くなってすみません。
その後再発もなく落ち着いたようですね。

では各ツールを導入時の説明に沿って片づけてから「解決」でいいでしょう。

以後の再被害を防ぐ自衛策も忘れないように。
ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

このところ他の方の相談でも見つかってますが、今回処置したのはGoogleを騙る偽装プログラムですね。先の処置後に異常が消えたことではっきりしました。
大手の社を名乗るプログラムやサイトでも、実は偽装という事例がどんどん増えています。

それらを見極めるのは難しいかもしれませんが、まずは怪しいサイトやよくわからないファイルに手を出さないことから自衛を固めてください。

慣れない作業をお疲れ様でした。
以後は安全で快適なPCライフを
  • 悪代官
  • 2014/02/19 (Wed) 17:10:45
返信フォームへ 
Re: 変な広告が出るようになりました
すみません、再発しました
無効にしてる間はなにもなかったのですが、削除して、ブラウザを開くと、
BlockTheAdAppp
だけ再び有効のまま現れました...
どうしたらよいのでしょうか?
無効のままにしておいても大丈夫なのでしょうか?
  • taka
  • 2014/02/20 (Thu) 18:10:01
返信フォームへ 
無効化したエントリは削除しましたか?
こんばんは。

>無効にしてる間はなにもなかったのですが、削除して、ブラウザを開くと、
>BlockTheAdAppp
>だけ再び有効のまま現れました...

おや、CCで無効化したエントリを様子見のあと「エントリの削除」してなかったんでしょうか?
これを削除してもまだ再発するなら、先の手順でまたHJTとインストール情報ログと、CCでの各タブのログをあらたに取り直して、それをまたレスで見せてもらえますか。

他の方でも一度処置したはずが、油断してまたあらたな感染してしまう事例が続いているので、あらたな感染ならそれも調べてみましょう
  • 悪代官
  • 2014/02/20 (Thu) 18:27:59
返信フォームへ 
Re: 変な広告が出るようになりました
なんか色々と間違えてすみません...

HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:36, on 2014/02/20
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [ScreenManager Pro for LCD (DDCCI)] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe"

--mode=prelaunch_processes
O4 - HKLM\..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ypcsm] C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SnapCrab.lnk = C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: Yahoo!ツールバーに追加 - res://C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules

\YahooToolBar.dll/script_search.htm
O8 - Extra context menu item: Yahoo!検索で検索 - res://C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules

\YahooToolBar.dll/script_yahoo.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcprotect.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe,-100 (GoogleIMEJaCacheService) -

Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows

\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files

(x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security

Scan\3.8.141\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\monitorsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update

\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update

\SaveSenseLive.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file

missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files

(x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file

missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows

Media Player\wmpnetwk.exe (file missing)

--
End of file - 10225 bytes

インストール情報ログ
Adobe Flash Player 12 ActiveX Adobe Systems Incorporated 2014/02/05 6.00 MB 12.0.0.44
Adobe Flash Player 12 Plugin Adobe Systems Incorporated 2014/02/06 6.00 MB 12.0.0.44
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 2014/02/09 12.0.7.148
Apple Application Support Apple Inc. 2014/01/29 94.4 MB 3.0
Apple Mobile Device Support Apple Inc. 2014/01/29 22.7 MB 7.1.0.32
Apple Software Update Apple Inc. 2014/01/29 2.38 MB 2.1.3.127
ArcSoft TotalMedia Theatre 5 ArcSoft 2011/08/27 133 MB 5.0.1.114
Bonjour Apple Inc. 2014/01/29 2.00 MB 3.0.0.10
Canon IJ Network Scanner Selector EX 2011/11/29
Canon IJ Network Tool 2011/11/29
Canon MG6200 series MP Drivers 2011/11/29
Canon ScanGear Starter 2011/07/14
CanoScan Toolbox Ver4.9 2011/07/14
CCleaner Piriform 2014/02/09 4.10
CPUID CPU-Z 1.58 2011/07/09 3.22 MB
Etron USB3.0 Host Controller Etron Technology 2011/08/31 5.23 MB 0.105
ffdshow [rev 3154] [2009-12-09] 2013/11/26 14.0 MB 1.0
foobar2000 v1.1.13 Peter Pawlowski 2012/07/28 7.80 MB 1.1.13
Google Chrome Google Inc. 2011/07/09 31.0.1650.63
Google 日本語入力 Google Inc. 2013/12/07 84.3 MB 1.12.1591.0
iCloud Apple Inc. 2013/12/25 156 MB 3.1.0.40
Intel(R) Management Engine Components Intel Corporation 2011/07/09 7.0.0.1118
Intel(R) Processor Graphics Intel Corporation 2011/08/31 8.15.10.2418
iTunes Apple Inc. 2014/01/29 216 MB 11.1.4.62
Java 7 Update 51 Oracle 2014/02/09 118 MB 7.0.510
Java(TM) 6 Update 26 Oracle 2011/07/25 97.0 MB 6.0.260
McAfee Security Scan Plus McAfee, Inc. 2014/02/11 10.2 MB 3.8.141.11
McAfee SiteAdvisor McAfee, Inc. 2014/02/11 3.6.135
Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 2012/06/24 83.4 MB 4.0.30319
Microsoft .NET Framework 4.5.1 Microsoft Corporation 2014/02/09 38.8 MB 4.5.50938
Microsoft .NET Framework 4.5.1 (日本語) Microsoft Corporation 2014/02/09 2.93 MB 4.5.50938
Microsoft Help Viewer 1.1 Microsoft Corporation 2014/02/09 3.97 MB 1.1.40219
Microsoft Help Viewer 1.1 Language Pack - JPN Microsoft Corporation 2014/02/09 1.95 MB 1.1.40219
Microsoft Security Essentials Microsoft Corporation 2013/11/19 4.4.304.0
Microsoft Silverlight Microsoft Corporation 2013/10/10 149 MB 5.1.20913.0
Microsoft SQL Server 2008 (64-bit) Microsoft Corporation 2012/06/24
Microsoft SQL Server 2008 Browser Microsoft Corporation 2012/06/24 7.94 MB 10.1.2531.0
Microsoft SQL Server 2008 Native Client Microsoft Corporation 2012/06/24 7.03 MB 10.1.2531.0
Microsoft SQL Server 2008 R2 管理オブジェクト Microsoft Corporation 2014/02/09 14.4 MB 10.50.1750.9
Microsoft SQL Server 2008 セットアップ サポート ファイル Microsoft Corporation 2012/06/24 34.9 MB 10.1.2731.0
Microsoft SQL Server Compact 3.5 SP2 JPN Microsoft Corporation 2012/06/24 3.66 MB 3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 JPN Microsoft Corporation 2012/06/24 4.78 MB 3.5.8080.0
Microsoft SQL Server System CLR Types Microsoft Corporation 2014/02/09 991 KB 10.50.1750.9
Microsoft SQL Server VSS Writer Microsoft Corporation 2012/06/24 3.59 MB 10.1.2531.0
Microsoft Visual C# 2010 Express - 日本語 Microsoft Corporation 2014/02/09 10.0.40219
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2011/07/09 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2011/08/12 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 2012/06/24 599 KB 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/06/26 594 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/02/09 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 Microsoft Corporation 2014/02/09 33.4 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/02/09 11.1 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Corporation 2014/02/09 26.3 MB 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Corporation 2014/02/09 36.2 MB 10.0.40219
Microsoft Visual Studio 2010 Express Prerequisites x64 - JPN Microsoft Corporation 2014/02/09 21.6 MB 10.0.40219
Microsoft Visual Studio 2010 Service Pack 1 Microsoft Corporation 2014/02/09 75.9 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2014/02/09 10.0.40303
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 2014/02/09 10.0.40303
Monkey's Audio 2012/03/19 3.10 MB
ON_OFF Charge B11.0110.1 GIGABYTE 2011/08/03 1.00.0001
Paint.NET v3.5.10 dotPDN LLC 2011/11/27 10.6 MB 3.60.0
QuickTime Apple Inc. 2013/05/29 74.6 MB 7.74.80.86
Realtek Ethernet Controller Driver Realtek 2011/07/09 7.46.531.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2011/12/03 6.0.1.6482
ScreenManager Pro for LCD (DDC/CI) EIZO NANAO CORPORATION 2012/03/27 5.05 MB 2.3.0
Skype(TM) 6.11 Skype Technologies S.A. 2013/12/02 27.3 MB 6.11.102
SnapCrab for Windows 1.0.1 Fenrir Inc. 2012/08/29 6.81 MB
SoundEngine Free Coderium 2012/01/10 4.6.0.17
System Requirements Lab for Intel Husdawg, LLC 2011/07/25 763 KB 4.4.24.0
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 JPN Microsoft Corporation 2012/06/24 11.2 MB 4.0.8080.0
Yahoo!かんたんパソコン設定 Yahoo! JAPAN. 2012/11/29 1.1.0
Yahoo!ツールバー Yahoo! JAPAN. 2012/11/29 2.71 MB 7.3.0.18
ロジクール SetPoint 6.30 ロジクール 2011/07/09 39.0 MB 6.30.43

windows
有効 HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
有効 HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
有効 HKCU:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run EvtMgr6 Logicool, Inc. C:\Program Files\Logicool\SetPointP\SetPoint.exe /launchGaming
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run IJNetworkScannerSelectorEX CANON INC. C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
有効 HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ScreenManager Pro for LCD (DDCCI) EIZO NANAO CORPORATION C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
有効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
無効 Startup Common TotalMedia Server.lnk ArcSoft Inc. C:\PROGRA~2\ArcSoft\TOTALM~1\TOTALM~1\TMSERV~1.EXE
無効 Startup User Logicool . 製品の登録.lnk Leader Technologies/Logicool C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=JPN /_WFM="."
有効 Startup User SnapCrab.lnk Fenrir Inc. C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe

internet
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\ssv.dll
有効 Helper McAfee SiteAdvisor BHO McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
有効 Helper McAfee SiteAdvisor BHO McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

chorome
無効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0
有効 Extension Google ウォレット 0.0.6.1 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0
有効 Extension SiteAdvisor 3.65.135.1 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0

スケジュール
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task Core Temp Autostart Tom "C:\Users\Tom\Downloads\CoreTemp64\Core Temp.exe"
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task SidebarExecute Microsoft Corporation C:\Program Files (x86)\Windows Sidebar\sidebar.exe
有効 Task {26BE9364-006A-4026-9ECD-08C641E40F2E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Tom\Downloads\5400f_64jp\SetupSG.exe -d C:\Users\Tom\Downloads\5400f_64jp

お願いします
  • taka
  • 2014/02/20 (Thu) 19:10:09
返信フォームへ 
では早速処置します
早速ログを上げてくれてご苦労様です。
では処置にかかりましょう。

まず下記は旧バージョンなので、一度アンインストール後に最新版を再インストールしてください。
>ffdshow [rev 3154] [2009-12-09] 2013/11/26 14.0 MB 1.0
>Skype(TM) 6.11 Skype Technologies S.A. 2013/12/02 27.3 MB 6.11.102

そしてJavaの旧バージョンである下記はコンパネからアンインストールしてください。
>Java(TM) 6 Update 26 Oracle 2011/07/25 97.0 MB 6.0.260

次にCCを起動して「Chrome」タブの下記を右クリックから「エントリの削除」してください。
>無効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0
これで再発もなくなるはずです。

これができたら、先に使ったACの最新版をまたダウンロードしてから、それを使ってClean作業してください。

作業後、ACのログを返信に貼って、状態報告とともにレスください
  • 悪代官
  • 2014/02/20 (Thu) 19:19:37
返信フォームへ 
Re: 変な広告が出るようになりました
AC
# AdwCleaner v3.019 - Report created 20/02/2014 at 21:00:27
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Tom - TOM-PC
# Running from : C:\Users\Tom\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Google Chrome v

[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1977 octets] - [20/02/2014 20:44:31]
AdwCleaner[R1].txt - [901 octets] - [20/02/2014 20:48:00]
AdwCleaner[R2].txt - [978 octets] - [20/02/2014 20:57:01]
AdwCleaner[R3].txt - [1098 octets] - [20/02/2014 20:59:55]
AdwCleaner[S0].txt - [1963 octets] - [20/02/2014 20:45:27]
AdwCleaner[S1].txt - [963 octets] - [20/02/2014 20:49:37]
AdwCleaner[S2].txt - [1038 octets] - [20/02/2014 20:57:26]
AdwCleaner[S3].txt - [1020 octets] - [20/02/2014 21:00:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1080 octets] ##########


またもや、削除したあと、再起動してブラウザを開くと再発してしまいました。

  • taka
  • 2014/02/20 (Thu) 21:05:39
返信フォームへ 
本格的に再発ですか
早速の作業と報告、ご苦労様です。

>またもや、削除したあと、再起動してブラウザを開くと再発してしまいました。

うーん、どうもまたこじれているようですね。
ではじっくり調べ直しましょう。
ACはまた削除しておいてください。

まず確認ですが、現在異常が出ているブラウザはChromeだけですか?
IEなど他ブラウザでも出ているならそれに沿った対処が必要になるので。

次にCCでまた各タブのログを取り直してください。

取り直したらそのログと、前述のブラウザのお返事をレスください
  • 悪代官
  • 2014/02/20 (Thu) 21:13:02
返信フォームへ 
Re: 変な広告が出るようになりました
IEではなにも起きていないようなので、choromeだけかと思われます

windows
有効 HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
有効 HKCU:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run EvtMgr6 Logicool, Inc. C:\Program Files\Logicool\SetPointP\SetPoint.exe /launchGaming
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run IJNetworkScannerSelectorEX CANON INC. C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
有効 HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ScreenManager Pro for LCD (DDCCI) EIZO NANAO CORPORATION C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
無効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run ypcsm Yahoo! Japan Corporation. C:\PROGRA~2\Yahoo!J\PCSERV~1\ypcsm.exe
有効 Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
無効 Startup Common TotalMedia Server.lnk ArcSoft Inc. C:\PROGRA~2\ArcSoft\TOTALM~1\TOTALM~1\TMSERV~1.EXE
無効 Startup User Logicool . 製品の登録.lnk Leader Technologies/Logicool C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=JPN /_WFM="."
有効 Startup User SnapCrab.lnk Fenrir Inc. C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe

IE
有効 Helper McAfee SiteAdvisor BHO McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
有効 Helper McAfee SiteAdvisor BHO McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
有効 Toolbar McAfee SiteAdvisor Toolbar McAfee, Inc. c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll

chorome
有効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0
有効 Extension Google ウォレット 0.0.6.1 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0
有効 Extension SiteAdvisor 3.65.135.1 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0

スケジュール
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task Core Temp Autostart Tom "C:\Users\Tom\Downloads\CoreTemp64\Core Temp.exe"
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task SidebarExecute Microsoft Corporation C:\Program Files (x86)\Windows Sidebar\sidebar.exe
有効 Task {26BE9364-006A-4026-9ECD-08C641E40F2E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Tom\Downloads\5400f_64jp\SetupSG.exe -d C:\Users\Tom\Downloads\5400f_64jp


次のレスは、明日になりそうです..
  • taka
  • 2014/02/20 (Thu) 21:48:27
返信フォームへ 
先の作業の再確認です
作業と報告、ご苦労様です。

ログを見たところ、先に処置してもらったはずの、「Chrome」タブ内の下記がまだありますね。
>有効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0

削除してもまた復活したんでしょうか?
単に処置を見落としただけならこれを再度「エントリの削除」してからまた様子見後に報告レスください。

処置後にこのエントリがまた復活するならそのことも教えてください
  • 悪代官
  • 2014/02/21 (Fri) 06:54:31
返信フォームへ 
Re: 変な広告が出るようになりました
先のgoogleの偽のやつは、大丈夫だったのですが、それだけは削除してもブラウザを開くと復活するみたいです..
  • taka
  • 2014/02/21 (Fri) 09:22:46
返信フォームへ 
OTLで調べましょう
レスが遅くなってすみません。

>先のgoogleの偽のやつは、大丈夫だったのですが、それだけは削除してもブラウザを開くと復活するみたいです

なるほど、削除しても復活しますか。かなり面倒な改変してきたようですね。

では今度は別の方向から調べます。
以下のツールを用意してください。
OTL(OldTimer Listit)
これはHJT以上に高い解析能力を持つツールです。これを使って状態を調べます。
ファイル直リンなので、DLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けのときは起動後に「clean up」を押せば自動で削除されます。

OTLの起動後、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
PC環境にもよりますが数分ほどするとすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLのログを返信に貼って、レスで見せてください。

OTLでスキャンしただけでは何も変化はありません。
この結果を調べてから、次回以降の作業で処置していくことになるでしょう
  • 悪代官
  • 2014/02/21 (Fri) 17:44:00
返信フォームへ 
Re: 変な広告が出るようになりました
OLT
OTL logfile created on: 2014/02/21 22:10:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.92 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 75.48% Memory free
15.84 Gb Paging File | 13.66 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.09 Gb Total Space | 66.63 Gb Free Space | 56.90% Space Free | Partition Type: NTFS
Drive D: | 814.32 Gb Total Space | 40.61 Gb Free Space | 4.99% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/02/21 22:09:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2014/02/03 12:03:18 | 000,805,280 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/02/03 11:01:54 | 000,487,501 | ---- | M] () -- C:\monitor.exe
PRC - [2014/01/24 16:26:54 | 000,404,592 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2013/12/03 19:59:21 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/21 08:31:00 | 001,347,096 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
PRC - [2013/11/21 08:30:56 | 054,319,640 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
PRC - [2013/11/21 08:30:54 | 000,754,712 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
PRC - [2012/07/11 15:17:06 | 001,439,104 | ---- | M] (Fenrir Inc.) -- C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
PRC - [2012/01/26 19:45:30 | 000,124,544 | ---- | M] (Yahoo! Japan Corporation.) -- C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
PRC - [2011/06/15 15:25:48 | 004,875,632 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/04 11:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013/12/04 11:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 11:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 11:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 11:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014/02/06 19:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/01/16 09:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:[b]64bit:[/b] - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2011/06/17 16:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:[b]64bit:[/b] - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/06 07:50:10 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/03 11:00:18 | 000,034,244 | ---- | M] () [Auto | Stopped] -- C:\monitorsvc.exe -- (ProtectMonitor)
SRV - [2014/01/22 16:46:10 | 000,123,384 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/11/21 08:30:54 | 000,754,712 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe -- (GoogleIMEJaCacheService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/08/17 19:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:[b]64bit:[/b] - [2011/08/17 19:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:[b]64bit:[/b] - [2011/07/11 21:50:28 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011/06/10 12:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011/06/01 12:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011/04/30 20:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - [2011/04/30 20:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2011/04/30 20:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:[b]64bit:[/b] - [2011/04/30 20:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:[b]64bit:[/b] - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010/09/21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/09/21 09:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jp.hao123.com/?tn=incore_pay_hp_01_hao123_jp
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 DF 1C A1 16 CE CD 01 [binary data]
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{1FC59D8B-5D28-4CCB-AE79-83716FAE5062}: "URL" = http://search.yahoo.co.jp/search?ei=UTF-8&fr=ie8scint&p={searchTerms}
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{4D705D18-5D3F-43C6-9FF8-A8E87746612B}: "URL" = http://search.jword.jp/cns.dll?type=jwd&fm=10&agent=&bypass=2&partner=AP&lang=utf8&name={searchTerms}
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{BE6AE966-95A1-4161-BB02-5A2DD7136B62}: "URL" = http://search.yahoo.co.jp/search?ei=UTF-8&fr=mcafeess1&p={SearchTerms}
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/02/11 10:14:48 | 000,000,000 | ---D | M]

[2013/01/10 00:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://jp.hao123.com/?tn=bbl_pay_hp_02_hao123_jp
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: SiteAdvisor = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: BlockTheAdAppp = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0\
CHR - Extension: Google \u30A6\u30A9\u30EC\u30C3\u30C8 = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/02/09 17:53:04 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\Toolbar\WebBrowser: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logicool\SetPointP\SetPoint.exe (Logicool, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Japanese Input Prelauncher] C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe (Google Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [ScreenManager Pro for LCD (DDCCI)] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [ypcsm] C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe (Yahoo! Japan Corporation.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000..\Run: [ypcsm] C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe (Yahoo! Japan Corporation.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SnapCrab.lnk = C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe (Fenrir Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: Yahoo!ツールバーに追加 - C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O8:[b]64bit:[/b] - Extra context menu item: Yahoo!検索で検索 - C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O8 - Extra context menu item: Yahoo!ツールバーに追加 - C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O8 - Extra context menu item: Yahoo!検索で検索 - C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O18:[b]64bit:[/b] - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ee7db14b-a9e3-11e0-8a31-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee7db14b-a9e3-11e0-8a31-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/02/21 22:08:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2014/02/20 21:04:14 | 035,100,320 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Tom\Desktop\SkypeSetupFull.exe
[2014/02/20 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Skype
[2014/02/20 20:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/02/20 20:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/02/20 20:41:37 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/02/20 20:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2014/02/20 20:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2014/02/20 20:39:17 | 004,789,787 | ---- | C] (ffdshow ) -- C:\Users\Tom\Desktop\ffdshow_rev3814_20110411_clsid.exe
[2014/02/13 14:09:24 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/13 14:08:54 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/13 14:08:54 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/13 14:08:54 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/13 14:08:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/13 14:08:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/13 14:08:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/13 14:08:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/13 14:08:52 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/13 14:08:52 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/13 14:08:52 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/13 14:08:52 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/13 14:08:52 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/13 14:08:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/13 14:08:52 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/13 14:08:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/13 14:08:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/13 14:08:51 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/13 14:08:51 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/13 14:08:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/13 14:08:51 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/13 14:08:49 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/13 14:08:49 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/13 14:08:47 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/13 13:43:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 13:43:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 13:43:19 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 13:43:19 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 13:43:18 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 13:43:18 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 13:43:18 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 13:43:18 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 13:43:18 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 13:43:18 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 13:43:18 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 13:43:18 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 13:43:18 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 13:43:18 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 13:43:17 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 13:43:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 13:43:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 13:43:17 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 13:43:17 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 13:43:12 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/13 13:43:12 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/11 20:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/02/11 20:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/02/10 20:50:16 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Apple Computer
[2014/02/10 18:40:42 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Apple
[2014/02/09 17:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GrreatSavie4U
[2014/02/09 17:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlockTheAdAppp
[2014/02/09 17:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitSaver
[2014/02/09 17:45:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\IObitUninstallerPortable
[2014/02/09 15:49:56 | 004,901,896 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Tom\Desktop\Shockwave_Installer_Slim.exe
[2014/02/09 15:24:40 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/09 15:22:02 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2014/02/09 15:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2014/02/09 15:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/09 15:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/09 15:09:33 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/09 15:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/06 21:12:47 | 000,330,624 | ---- | C] (Objectify Media Inc) -- C:\Windows\SysNative\PCProtect64.dll
[2014/02/06 21:12:45 | 000,293,984 | ---- | C] (Objectify Media Inc) -- C:\Windows\SysWow64\PCProtect.dll
[2014/02/06 18:02:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Trend Micro
[2014/02/06 17:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro Installer
[2014/02/06 17:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/02/05 16:45:08 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\ADS全画像0129
[2014/02/05 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\0x1321-20140117-nopics
[2014/02/05 07:47:10 | 000,861,600 | ---- | C] (AirInstaller ) -- C:\Users\Tom\Documents\setup.exe
[2014/01/31 15:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\jeklehkojebfagmheeiomogmpmmbbdne
[2014/01/29 21:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/29 21:05:54 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/01/29 21:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/29 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/29 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/29 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/29 21:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/29 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/01/29 20:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Systweak Support Dock
[2014/01/28 20:32:11 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/01/28 20:30:12 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/28 20:30:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/28 20:30:10 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/28 20:30:10 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/28 20:30:10 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/28 20:30:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/28 20:30:10 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/28 20:30:10 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/28 20:30:10 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/28 20:30:10 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/28 20:30:10 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/28 20:30:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/28 20:30:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/28 20:30:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/28 20:30:10 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/28 20:30:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/28 20:30:09 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/28 20:30:09 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/28 20:30:09 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/28 20:30:09 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/28 20:30:09 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/28 20:30:09 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/28 20:30:09 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/28 20:30:09 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/28 20:30:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/28 20:30:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/28 20:30:09 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/28 20:30:09 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/28 20:30:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/28 20:30:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/28 20:30:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/28 20:30:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/28 20:30:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/28 20:30:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/28 20:30:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/28 20:30:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/28 20:30:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/28 20:30:09 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/28 20:30:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/28 20:30:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/28 20:30:08 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/28 20:30:08 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/28 20:30:08 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/28 20:30:08 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/28 20:30:08 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/28 20:30:08 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/28 20:30:08 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/28 20:30:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/28 20:30:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/28 20:30:08 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/28 20:30:08 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/28 20:30:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/28 20:30:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/28 20:30:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/28 20:30:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/28 20:30:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/01/25 18:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiDefMedia

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/02/21 22:09:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2014/02/21 22:08:19 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 22:08:19 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 22:04:00 | 000,000,684 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/21 22:02:15 | 000,000,680 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/21 22:01:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/21 22:00:59 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/21 10:50:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/20 21:04:42 | 035,100,320 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Tom\Desktop\SkypeSetupFull.exe
[2014/02/20 20:41:38 | 000,002,681 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/20 20:39:22 | 004,789,787 | ---- | M] (ffdshow ) -- C:\Users\Tom\Desktop\ffdshow_rev3814_20110411_clsid.exe
[2014/02/13 14:10:28 | 001,478,812 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/13 14:10:28 | 000,720,442 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/13 14:10:28 | 000,477,350 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2014/02/13 14:10:28 | 000,147,486 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2014/02/13 14:10:28 | 000,147,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/13 14:10:23 | 001,478,812 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/11 20:02:43 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/02/11 20:02:43 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/02/09 18:12:03 | 000,000,582 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/09 17:50:43 | 000,000,059 | ---- | M] () -- C:\prefs.js
[2014/02/09 15:09:30 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/09 15:09:29 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/09 15:09:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/09 15:09:29 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/09 15:00:51 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/06 21:17:30 | 000,000,082 | ---- | M] () -- C:\Users\Tom\Documents\cc_20140206_211728.reg
[2014/02/06 21:12:56 | 000,003,976 | ---- | M] () -- C:\Windows\SysWow64\PCProtect.ini
[2014/02/06 21:12:56 | 000,002,184 | ---- | M] () -- C:\Windows\SysWow64\PCProtectOff.ini
[2014/02/06 21:12:56 | 000,002,184 | ---- | M] () -- C:\Windows\SysNative\PCProtectOff.ini
[2014/02/06 20:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 20:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 20:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 19:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 19:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 19:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 19:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 19:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 19:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 19:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 19:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 19:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 19:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 18:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 18:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 18:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 18:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 18:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 18:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 18:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 18:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 18:02:23 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/06 17:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 17:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/06 07:50:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/06 07:50:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/06 07:39:48 | 000,000,105 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\WB.CFG
[2014/02/05 16:16:47 | 369,004,435 | ---- | M] () -- C:\Users\Tom\Documents\ADS全画像0129.zip
[2014/02/05 16:09:09 | 008,485,931 | ---- | M] () -- C:\Users\Tom\Documents\0x1321-20140117-nopics.zip
[2014/02/05 07:47:18 | 000,861,600 | ---- | M] (AirInstaller ) -- C:\Users\Tom\Documents\setup.exe
[2014/02/03 11:01:54 | 000,487,501 | ---- | M] () -- C:\monitor.exe
[2014/02/03 11:00:18 | 000,034,244 | ---- | M] () -- C:\monitorsvc.exe
[2014/01/29 21:05:58 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/28 20:30:12 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/28 20:30:12 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/28 20:30:10 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/28 20:30:10 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/28 20:30:10 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/28 20:30:10 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/28 20:30:10 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/28 20:30:10 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/28 20:30:10 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/28 20:30:10 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/28 20:30:10 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/28 20:30:10 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/28 20:30:10 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/28 20:30:10 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/28 20:30:10 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/28 20:30:10 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/28 20:30:10 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/28 20:30:09 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/28 20:30:09 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/28 20:30:09 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/28 20:30:09 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/28 20:30:09 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/28 20:30:09 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/28 20:30:09 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/28 20:30:09 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/28 20:30:09 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/28 20:30:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/28 20:30:09 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/28 20:30:09 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/28 20:30:09 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/28 20:30:09 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/28 20:30:09 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/28 20:30:09 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/28 20:30:09 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/28 20:30:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/28 20:30:09 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/28 20:30:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/28 20:30:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/28 20:30:09 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/28 20:30:09 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/28 20:30:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/28 20:30:08 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/28 20:30:08 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/28 20:30:08 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/28 20:30:08 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/28 20:30:08 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/28 20:30:08 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/28 20:30:08 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/28 20:30:08 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/28 20:30:08 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/28 20:30:08 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/28 20:30:08 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/28 20:30:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/28 20:30:08 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/28 20:30:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/28 20:30:08 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/28 20:30:08 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/28 20:30:08 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/02/20 20:41:38 | 000,002,681 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/20 20:39:57 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/02/09 17:50:43 | 000,000,059 | ---- | C] () -- C:\prefs.js
[2014/02/06 21:17:30 | 000,000,082 | ---- | C] () -- C:\Users\Tom\Documents\cc_20140206_211728.reg
[2014/02/06 21:12:56 | 000,003,976 | ---- | C] () -- C:\Windows\SysWow64\PCProtect.ini
[2014/02/06 21:12:56 | 000,002,184 | ---- | C] () -- C:\Windows\SysWow64\PCProtectOff.ini
[2014/02/06 21:12:56 | 000,002,184 | ---- | C] () -- C:\Windows\SysNative\PCProtectOff.ini
[2014/02/05 16:14:03 | 369,004,435 | ---- | C] () -- C:\Users\Tom\Documents\ADS全画像0129.zip
[2014/02/05 16:08:51 | 008,485,931 | ---- | C] () -- C:\Users\Tom\Documents\0x1321-20140117-nopics.zip
[2014/02/03 11:01:54 | 000,487,501 | ---- | C] () -- C:\monitor.exe
[2014/02/03 11:00:18 | 000,034,244 | ---- | C] () -- C:\monitorsvc.exe
[2014/01/31 15:43:27 | 000,000,582 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/29 21:05:58 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/29 21:05:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/28 20:30:10 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/28 20:30:08 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/19 21:47:02 | 000,000,105 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\WB.CFG
[2012/12/07 17:22:50 | 000,110,936 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/25 03:33:16 | 000,000,787 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\burnaware.ini
[2011/07/11 12:30:21 | 000,007,629 | ---- | C] () -- C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 11:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 10:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2014/02/03 11:01:54 | 000,487,501 | ---- | M] () -- C:\monitor.exe
[2014/02/03 11:00:18 | 000,034,244 | ---- | M] () -- C:\monitorsvc.exe
[2013/03/12 04:19:10 | 000,401,408 | ---- | M] () -- C:\wget.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D346F792
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

  • taka
  • 2014/02/21 (Fri) 22:33:57
返信フォームへ 
ではOTLで処置します
早速の作業、ご苦労様です。
ログを見せてもらって大体わかりました。
では以下の説明を読んでからまた作業にかかってください。

このレスの最後に、OTL用のスクリプトを貼るので、それをコピーしてからWindowsのメモ帳ファイルに貼り付けて保存しておいてください。これを使っての作業します。

準備できたらPCをセーフモードで起動してからOTLを起動して、先の手順でOTLのウインドウにスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。これでOTLでの処置が始まります。

しばらく待ってOTLでの処置が済んだらPCを通常モードで再起動です。
再起動するとまたOTLのログが出るはずなので、それを保存しておいてください。

そのあとまたCCを起動して、先の手順でFFタブのログを取ってください。

このあと2つのログを返信に貼って、それをレスで見せてください。

なお、自分から次のレスできるのは明日夕か夜になるのでご了承ください。
OTLのスクリプトは以下です。破線(-----)を含まない箇所を丸ごとコピーしてから、それをOTLに貼って作業してください
---------------------------------------------
:OTL
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jp.hao123.com/?tn=incore_pay_hp_01_hao123_jp
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{4D705D18-5D3F-43C6-9FF8-A8E87746612B}: "URL" = http://search.jword.jp/cns.dll?type=jwd&fm=10&agent=&bypass=2&partner=AP&lang=utf8&name={searchTerms}
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
CHR - homepage: http://jp.hao123.com/?tn=bbl_pay_hp_02_hao123_jp
CHR - Extension: BlockTheAdAppp = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0\
[2014/02/09 17:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GrreatSavie4U
[2014/02/09 17:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlockTheAdAppp
[2014/02/09 17:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitSaver
[2014/01/29 20:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/01/29 20:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Systweak Support Dock

:Files
C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0\
C:\Program Files (x86)\GrreatSavie4U
C:\Program Files (x86)\BlockTheAdAppp
C:\Program Files (x86)\BitSaver
C:\Program Files (x86)\Amazon
C:\Program Files (x86)\Systweak Support Dock

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[reboot]
  • 悪代官
  • 2014/02/21 (Fri) 22:53:45
返信フォームへ 
Re: 変な広告が出るようになりました
すみません、FFタブとはどれのことでしょうか...?
わからなかったので、とりあえずOLTだけでも貼っておきます

All processes killed
========== OTL ==========
HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3158885393-1646961979-1402308167-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4D705D18-5D3F-43C6-9FF8-A8E87746612B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D705D18-5D3F-43C6-9FF8-A8E87746612B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9\ deleted successfully.
Use Chrome's Settings page to change the HomePage.
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0 folder moved successfully.
C:\Program Files (x86)\GrreatSavie4U folder moved successfully.
C:\Program Files (x86)\BlockTheAdAppp folder moved successfully.
C:\Program Files (x86)\BitSaver folder moved successfully.
C:\Program Files (x86)\Amazon folder moved successfully.
C:\Program Files (x86)\Systweak Support Dock folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll not found.
Folder C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0 not found.
File\Folder C:\Program Files (x86)\GrreatSavie4U not found.
File\Folder C:\Program Files (x86)\BlockTheAdAppp not found.
File\Folder C:\Program Files (x86)\BitSaver not found.
File\Folder C:\Program Files (x86)\Amazon not found.
File\Folder C:\Program Files (x86)\Systweak Support Dock not found.
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tom
->Temp folder emptied: 1094844461 bytes
->Temporary Internet Files folder emptied: 332389944 bytes
->Java cache emptied: 1 bytes
->Google Chrome cache emptied: 412011534 bytes
->Flash cache emptied: 1164884 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 819839054 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304116 bytes
RecycleBin emptied: 1093 bytes

Total Files Cleaned = 2,577.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02222014_170601

Files\Folders moved on Reboot...
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • taka
  • 2014/02/22 (Sat) 17:21:20
返信フォームへ 
FFログの手順と、状態報告の案内です
作業と報告、ご苦労様です。
OTLの結果はいいみたいですね。
ではFFタブのログですが、先にCCで「Windows」タブ以下の各タブのログを取った時の手順です。
この手順でFirefoxタブのログだけ取り直して、それを返信に貼って、OTL作業後の状態報告とともにレスください
  • 悪代官
  • 2014/02/22 (Sat) 17:44:28
返信フォームへ 
Re: 変な広告が出るようになりました
Firefoxタブが見当たらないです...

状態ですが、相変わらず、choromeタブのblocktheadappp が消えず、広告がでる状態です..
  • taka
  • 2014/02/22 (Sat) 18:36:26
返信フォームへ 
指示を間違えました
>Firefoxタブが見当たらないです

ごめんなさい。これは自分が間違えました。
FirefoxタブではなくChromeタブのログを取ってください。
他の方へのレスと混同してたようです。大変失礼しました
  • 悪代官
  • 2014/02/22 (Sat) 18:53:27
返信フォームへ 
Re: 変な広告が出るようになりました
いえいえ!

有効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0
有効 Extension Google ウォレット 0.0.6.1 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0
有効 Extension SiteAdvisor 3.65.135.1 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0

相変わらず、ブラウザを開くとblock~が復活するみたいです
  • taka
  • 2014/02/22 (Sat) 21:33:46
返信フォームへ 
スケジュールの無効化を
>相変わらず、ブラウザを開くとblock~が復活するみたいです

はい、ログでも出てますね。

ではちょっと別の方向から確認します。

またCCを起動して、Chromeタブの下記をエントリの削除してください。
>有効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0

このあと続けて「スケジュールされたタスク」の下記を右クリックから「無効」にしてください。
>有効 Task {26BE9364-006A-4026-9ECD-08C641E40F2E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Tom\Downloads\5400f_64jp\SetupSG.exe -d C:\Users\Tom\Downloads\5400f_64jp

このあと一度PC再起動後、しばらく様子見してから、そのあとまたCCでChromeとスケジュールタブを見て、削除したChrome内のエントリが復活しているかをレスで教えてください。
もしこれで復活しないなら、無効化したスケジュールが鍵ということです
  • 悪代官
  • 2014/02/22 (Sat) 21:59:15
返信フォームへ 
Re: 変な広告が出るようになりました
おはようございます

まだ復活するみたいです..
また原因調査お願いします
  • taka
  • 2014/02/23 (Sun) 08:50:02
返信フォームへ 
では別の無効化を
作業と報告、ご苦労様です。

>まだ復活するみたいです

はい、わかりました。では先に無効化したスケジュールタブの下記は有効に戻していいです。
>有効 Task {26BE9364-006A-4026-9ECD-08C641E40F2E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Tom\Downloads\5400f_64jp\SetupSG.exe -d C:\Users\Tom\Downloads\5400f_64jp

では今度はまたCCから下記を削除した後、
>無効 Extension BlockTheAdAppp 3.2 デフォルトのプロフィール C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0

スケジュールタブの下記を無効化してください。
>有効 Task Core Temp Autostart Tom "C:\Users\Tom\Downloads\CoreTemp64\Core Temp.exe"

これは本来ならCPU温度管理ツールのはずですが、削除した後に復活するならスケジュール的に何かがフックされてる疑いがあり、現在ログで見えている中ではその疑いがあるのはこれくらいです。

この作業後にまた様子見後、復活の有無をレスください。

ただこれでもない場合、自分のほうで思い当たる要因がひとつあるので、それは今回の作業の結果を見てまたレスします
  • 悪代官
  • 2014/02/23 (Sun) 12:04:19
返信フォームへ 
Re: 変な広告が出るようになりました
これもダメでした...
もうひとつの要因の方、お願いします

  • taka
  • 2014/02/23 (Sun) 14:45:42
返信フォームへ 
今度は手動目視の作業を
作業と報告、ご苦労様です。

>これもダメでした

はい、どうも手間ばかりとらせてしまってすみません。
ではまた説明を読んでから、続きの作業をお願いします。

最初に説明すると、CCでの各処置は時々操作できないことがあるのです。
特に各ブラウザの設定の細かい箇所はCCのログにも出ないことがあります。
ですがこの場合はCC上からではなくWindows自体の標準機能を操作して作業することで処置可能になることもあります。
CCを使わない場合は少し手間が増えますが、時間はかかってもいいので落ち着いて進めてください。

まずChromeを起動してください。

起動したらアドレスバーに下記を入力して移動してください。
chrome://extensions/

ここで処置が詰まっているBlockTheAdApppが見つかればそれをこの画面から「削除」してください。

次に以下をアドレスバーに入力してまた移動です。
chrome://plugins/
ここでも同じものが見つかればそれを「無効」にしてください。

次に下記を入力してまた移動です。
chrome://newtab/

ここでも見つかれば同様に処置です。
なお、ここでの作業で探しても見つからないものは飛ばして次へ進んでいいです。

今度は以下を入力してください。
chrome://settings/startup

ここでtakaさんが設定してもいないページがホームページに設定されていたら、それを修正してください。

次はアドレスバーに以下を入力してください。
chrome://settings/searchEngines

ここでも検索エンジンの中にBlockTheAdApppか、または不審なエンジンが見つかればそれを削除してください。

ここまでできたら一度Chroemを終了してから、再度起動して、しばらく状態を様子見後、状態報告をレスください
  • 悪代官
  • 2014/02/23 (Sun) 15:21:09
返信フォームへ 
Re: 変な広告が出るようになりました
ひとつめのアドレスのページで、blocktheadapppが見つかったのですが、
ゴミ箱マークが見あたりません...
ほかのものにはゴミ箱マークあるのですが...
「会社のポリシーによってインストール済み。」となっていて、有効欄のチェックを外すことも不可能なようです..
  • taka
  • 2014/02/23 (Sun) 19:51:58
返信フォームへ 
Chrome設定を一度リセットで
作業と報告、ご苦労様です。

>ひとつめのアドレスのページで、blocktheadapppが見つかったのですが、
>ゴミ箱マークが見あたりません...

はい、とするとまだ隠れているところがあるようですね。本体が削除できてないために設定部分も削除できなくされているようです。

では今度は安全な方法で調べてみましょう。
まず以下のページの説明をよく読んでください。
https://support.google.com/chrome/answer/3296214?hl=ja

読み終えたらその説明に沿って、一度Chromeの設定をリセットしてみてください。
これはブラウザの設定を初期状態に戻す操作で、ある程度なのトラブルなら有効な対処法の一つです。
ですがこれでも通用しないトラブルは当然あるので、これが効かなければまた調べ直します。
この操作で失敗しても状況がこじれることはないのでその点は心配しなくていいです5
  • 悪代官
  • 2014/02/23 (Sun) 20:15:35
返信フォームへ 
Re: 変な広告が出るようになりました
やってみましたが、変化なしでした。
調べ直しお願いします
  • taka
  • 2014/02/24 (Mon) 01:24:34
返信フォームへ 
Remoting Viewer←これの確認です
作業と報告、ご苦労様です。

>やってみましたが、変化なしでした。

はい、どうも今回はかなり巧妙に食い込んでますね。ここまで痕跡を見せずに食い込んでいるのは自分が見た中ではおそらく初めてでしょう。
ただ、先のOTLログを見直したところ、少し見えたものがあるのでこれを確認します。

Chromeの拡張ですが、以下はご自身で入れた覚えがありますか?
>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CCのログには出なかったので自分も見落としてました。

もし覚えもないのに入っていたなら、これもChromeの設定から探して、見つかればそれを削除してください。
ご自身で入れたものなら、これを入れた時期と異常が出始めた時期が同じかどうかを次回レスで教えてください。

上記を処置したら続けて以下もまた処置しておいてください。
>CHR - Extension: BlockTheAdAppp = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0\

このあと一度PC再起動してから、そのあとまた様子見後、状態報告をレスください
  • 悪代官
  • 2014/02/24 (Mon) 06:47:11
返信フォームへ 
Re: 変な広告が出るようになりました
choromeの設定というのは先の、拡張機能やプラグインなどのページのことですよね?
プラグインのページでそれらしきものが見つかりました
削除というのはこれを無効にすればいいのでしょうか?
二度手間ですみません
  • taka
  • 2014/02/24 (Mon) 09:09:40
返信フォームへ 
Google Chromeの作業につきまして
こんにちは、IVNOと申します。
それでは改めまして、Google Chromeの設定方法についてご案内いたします。
Google Chromeの設定ボタンから、設定(S)をクリックして、設定画面を開きます。
左側のメニューの中から拡張機能をクリックします。
私の使用しているGoogle Chromeの画面を画像にしましたが、画像の赤枠の部分のチェックを外すことで、
そのプラグインを無効にすることが可能です。
なお画像はコメント欄右側にあります。
  • IVNO
  • MAIL
  • 2014/02/24 (Mon) 13:49:42
返信フォームへ 
Re: 変な広告が出るようになりました
IVNOさん
拡張機能のページには、>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer が見つからなかったのです
chrome://plugins/のプラグインのページにて上記のものが見つかったので、そこで無効にすればいいのでしょうか...?
  • taka
  • 2014/02/24 (Mon) 14:19:54
返信フォームへ 
ではとりあえず無効にしてください
レスが遅くなってすみません。

>chrome://plugins/のプラグインのページにて上記のものが見つかったので、そこで無効にすればいいのでしょうか

はい、ではまずそれを無効にしてから、先に自分が指示したBlockTheAdApppの処置も続けて実行してください。

そのあとまた様子見後、処置した物が復活するかどうかを含めて状態報告をレスください
  • 悪代官
  • 2014/02/24 (Mon) 17:15:20
返信フォームへ 
Re: 変な広告が出るようになりました
>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer を無効にしましたが、
まだ拡張機能のページのBlockTheAdApppを無効あるいは削除することができませんでした
  • taka
  • 2014/02/24 (Mon) 20:33:01
返信フォームへ 
今度は2つのログをとってください
>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer を無効にしましたが、
>まだ拡張機能のページのBlockTheAdApppを無効あるいは削除することができませんでした

はい、ではOTLで再度調べます。
先にやった手順で、またOTLを起動して以下を入力して「Run scan」して、そのログをレスで見せてください。

それと、Remoting Viewerはやはりご自身で入れたものではないわけですね?
覚えもないのに入っていたならこれも処置することになるので

それと、もうひとつログを取ってください。
今度はIUを起動して、右上の「詳細設定」アイコンから「プログラムリストをエクスポート」してください。
これでIUでのログが出力できます。このログを保存しておいてください。

IUのこのログでもインストール情報同様のログが解析可能ですが、IUのログは詳細な代わりにかなりログが大きくなるので、解析にも手間と時間かかることがあるのです。

ですがこのログを調べればこれまで見えなかった部分も見える可能性があるので、OTLのログとともにこのログもレスで見せてください
  • 悪代官
  • 2014/02/24 (Mon) 21:13:44
返信フォームへ 
Re: 変な広告が出るようになりました
remoting viewerは見に覚えがないです


OLT
OTL logfile created on: 2014/02/25 22:18:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.92 Gb Total Physical Memory | 5.07 Gb Available Physical Memory | 64.03% Memory free
15.84 Gb Paging File | 12.67 Gb Available in Paging File | 79.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117.09 Gb Total Space | 67.37 Gb Free Space | 57.54% Space Free | Partition Type: NTFS
Drive D: | 814.32 Gb Total Space | 40.61 Gb Free Space | 4.99% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/02/21 22:09:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2014/02/03 12:03:18 | 000,805,280 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/02/03 11:01:54 | 000,487,501 | ---- | M] () -- C:\monitor.exe
PRC - [2014/01/24 16:26:54 | 000,404,592 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2013/12/03 19:59:21 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/21 08:31:00 | 001,347,096 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
PRC - [2013/11/21 08:30:56 | 054,319,640 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
PRC - [2013/11/21 08:30:54 | 000,754,712 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
PRC - [2013/11/19 10:58:44 | 000,223,896 | ---- | M] (PortableApps.com) -- C:\Users\Tom\Desktop\IObitUninstallerPortable\IObitUninstallerPortable.exe
PRC - [2013/11/17 11:54:46 | 010,330,944 | ---- | M] (IObit) -- C:\Users\Tom\Desktop\IObitUninstallerPortable\App\uninstaller\iobituninstaler.exe
PRC - [2012/07/11 15:17:06 | 001,439,104 | ---- | M] (Fenrir Inc.) -- C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
PRC - [2012/01/26 19:45:30 | 000,124,544 | ---- | M] (Yahoo! Japan Corporation.) -- C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe
PRC - [2011/06/15 15:25:48 | 004,875,632 | ---- | M] (EIZO NANAO CORPORATION) -- C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/02/25 22:16:42 | 000,029,696 | ---- | M] () -- C:\Users\Tom\AppData\Local\Temp\nsbC015.tmp\registry.dll
MOD - [2014/02/25 22:16:41 | 000,013,312 | ---- | M] () -- C:\Users\Tom\AppData\Local\Temp\nsbC015.tmp\UAC.dll
MOD - [2014/02/25 22:16:41 | 000,011,264 | ---- | M] () -- C:\Users\Tom\AppData\Local\Temp\nsbC015.tmp\System.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/04 11:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013/12/04 11:48:03 | 013,586,896 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/04 11:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 11:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 11:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 11:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/17 12:00:14 | 000,517,440 | ---- | M] () -- C:\Users\Tom\Desktop\IObitUninstallerPortable\App\uninstaller\sqlite3.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014/02/06 19:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/01/16 09:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:[b]64bit:[/b] - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2011/06/17 16:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:[b]64bit:[/b] - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/21 23:50:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/03 11:00:18 | 000,034,244 | ---- | M] () [Auto | Stopped] -- C:\monitorsvc.exe -- (ProtectMonitor)
SRV - [2014/01/22 16:46:10 | 000,123,384 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/11/21 08:30:54 | 000,754,712 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe -- (GoogleIMEJaCacheService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/08/17 19:18:00 | 000,080,384 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:[b]64bit:[/b] - [2011/08/17 19:18:00 | 000,057,088 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:[b]64bit:[/b] - [2011/07/11 21:50:28 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011/06/10 12:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011/06/01 12:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011/04/30 20:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - [2011/04/30 20:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2011/04/30 20:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:[b]64bit:[/b] - [2011/04/30 20:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:[b]64bit:[/b] - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010/09/21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/09/21 09:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 0A 6B C7 83 30 CF 01 [binary data]
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{1FC59D8B-5D28-4CCB-AE79-83716FAE5062}: "URL" = http://search.yahoo.co.jp/search?ei=UTF-8&fr=ie8scint&p={searchTerms}
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\SearchScopes\{BE6AE966-95A1-4161-BB02-5A2DD7136B62}: "URL" = http://search.yahoo.co.jp/search?ei=UTF-8&fr=mcafeess1&p={SearchTerms}
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/02/11 10:14:48 | 000,000,000 | ---D | M]

[2013/01/10 00:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tom\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: SiteAdvisor = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: BlockTheAdAppp = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0\
CHR - Extension: Google \u30A6\u30A9\u30EC\u30C3\u30C8 = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/02/09 17:53:04 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\..\Toolbar\WebBrowser: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logicool\SetPointP\SetPoint.exe (Logicool, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Japanese Input Prelauncher] C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe (Google Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [ScreenManager Pro for LCD (DDCCI)] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe (EIZO NANAO CORPORATION)
O4 - HKLM..\Run: [ypcsm] C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe (Yahoo! Japan Corporation.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000..\Run: [ypcsm] C:\Program Files (x86)\Yahoo!J\PC Service Manager\ypcsm.exe (Yahoo! Japan Corporation.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SnapCrab.lnk = C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe (Fenrir Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3158885393-1646961979-1402308167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: Yahoo!ツールバーに追加 - C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O8:[b]64bit:[/b] - Extra context menu item: Yahoo!検索で検索 - C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O8 - Extra context menu item: Yahoo!ツールバーに追加 - C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O8 - Extra context menu item: Yahoo!検索で検索 - C:\Program Files (x86)\Yahoo!J\Toolbar\7_0_0_9\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PCProtect64.dll (Objectify Media Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\PCProtect.dll (Objectify Media Inc)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C70B5B8-BFE7-4055-B0B6-568AA1204F5B}: NameServer = 8.8.8.8,8.8.4.4
O18:[b]64bit:[/b] - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ee7db14b-a9e3-11e0-8a31-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee7db14b-a9e3-11e0-8a31-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/02/25 22:16:42 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\IObit
[2014/02/22 17:06:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/21 22:50:04 | 017,858,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/21 22:08:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2014/02/20 21:04:14 | 035,100,320 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Tom\Desktop\SkypeSetupFull.exe
[2014/02/20 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Skype
[2014/02/20 20:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/02/20 20:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/02/20 20:41:37 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/02/20 20:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2014/02/20 20:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2014/02/20 20:39:17 | 004,789,787 | ---- | C] (ffdshow ) -- C:\Users\Tom\Desktop\ffdshow_rev3814_20110411_clsid.exe
[2014/02/13 14:09:24 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/13 14:08:54 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/13 14:08:54 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/13 14:08:54 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/13 14:08:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/13 14:08:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/13 14:08:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/13 14:08:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/13 14:08:52 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/13 14:08:52 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/13 14:08:52 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/13 14:08:52 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/13 14:08:52 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/13 14:08:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/13 14:08:52 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/13 14:08:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/13 14:08:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/13 14:08:51 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/13 14:08:51 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/13 14:08:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/13 14:08:51 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/13 14:08:49 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/13 14:08:49 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/13 14:08:47 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/13 13:43:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 13:43:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 13:43:19 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 13:43:19 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 13:43:18 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 13:43:18 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 13:43:18 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 13:43:18 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 13:43:18 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 13:43:18 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 13:43:18 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 13:43:18 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 13:43:18 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 13:43:18 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 13:43:17 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 13:43:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 13:43:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 13:43:17 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 13:43:17 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 13:43:12 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/13 13:43:12 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/11 20:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/02/11 20:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/02/10 20:50:16 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Apple Computer
[2014/02/10 18:40:42 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Apple
[2014/02/09 17:45:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\IObitUninstallerPortable
[2014/02/09 15:49:56 | 004,901,896 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Tom\Desktop\Shockwave_Installer_Slim.exe
[2014/02/09 15:24:40 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/09 15:22:02 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2014/02/09 15:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2014/02/09 15:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/09 15:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/09 15:09:33 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/09 15:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/06 21:12:47 | 000,330,624 | ---- | C] (Objectify Media Inc) -- C:\Windows\SysNative\PCProtect64.dll
[2014/02/06 21:12:45 | 000,293,984 | ---- | C] (Objectify Media Inc) -- C:\Windows\SysWow64\PCProtect.dll
[2014/02/06 18:02:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Trend Micro
[2014/02/06 17:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro Installer
[2014/02/06 17:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/02/05 16:45:08 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\ADS全画像0129
[2014/02/05 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\0x1321-20140117-nopics
[2014/02/05 07:47:10 | 000,861,600 | ---- | C] (AirInstaller ) -- C:\Users\Tom\Documents\setup.exe
[2014/01/31 15:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\jeklehkojebfagmheeiomogmpmmbbdne
[2014/01/29 21:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/29 21:05:54 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/01/29 21:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/29 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/29 21:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/29 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/29 21:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/01/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/01/29 21:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/01/28 20:32:11 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/01/28 20:30:12 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/28 20:30:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/28 20:30:10 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/28 20:30:10 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/28 20:30:10 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/28 20:30:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/28 20:30:10 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/28 20:30:10 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/28 20:30:10 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/28 20:30:10 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/28 20:30:10 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/28 20:30:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/28 20:30:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/28 20:30:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/28 20:30:10 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/28 20:30:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/28 20:30:09 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/28 20:30:09 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/28 20:30:09 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/28 20:30:09 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/28 20:30:09 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/28 20:30:09 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/28 20:30:09 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/28 20:30:09 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/28 20:30:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/28 20:30:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/28 20:30:09 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/28 20:30:09 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/28 20:30:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/28 20:30:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/28 20:30:09 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/28 20:30:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/28 20:30:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/28 20:30:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/28 20:30:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/28 20:30:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/28 20:30:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/28 20:30:09 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/28 20:30:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/28 20:30:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/28 20:30:08 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/28 20:30:08 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/28 20:30:08 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/28 20:30:08 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/28 20:30:08 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/28 20:30:08 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/28 20:30:08 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/28 20:30:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/28 20:30:08 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/28 20:30:08 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/28 20:30:08 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/28 20:30:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/28 20:30:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/28 20:30:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/28 20:30:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/28 20:30:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/02/25 22:20:17 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 22:20:17 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 22:16:02 | 008,617,988 | ---- | M] () -- C:\Users\Tom\Desktop\iobituninstaller-3-1-7.zip
[2014/02/25 22:12:54 | 000,000,680 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/25 22:12:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/25 22:12:40 | 2082,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/24 22:50:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/24 22:04:00 | 000,000,684 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/21 23:50:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/21 23:50:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/21 23:50:20 | 017,858,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/21 22:09:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2014/02/20 21:04:42 | 035,100,320 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Tom\Desktop\SkypeSetupFull.exe
[2014/02/20 20:41:38 | 000,002,681 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/20 20:39:22 | 004,789,787 | ---- | M] (ffdshow ) -- C:\Users\Tom\Desktop\ffdshow_rev3814_20110411_clsid.exe
[2014/02/13 14:10:28 | 001,478,812 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/13 14:10:28 | 000,720,442 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/13 14:10:28 | 000,477,350 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2014/02/13 14:10:28 | 000,147,486 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2014/02/13 14:10:28 | 000,147,404 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/13 14:10:23 | 001,478,812 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/11 20:02:43 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/02/11 20:02:43 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/02/09 18:12:03 | 000,000,582 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/09 17:50:43 | 000,000,059 | ---- | M] () -- C:\prefs.js
[2014/02/09 15:09:30 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/09 15:09:29 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/09 15:09:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/09 15:09:29 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/09 15:00:51 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/06 21:17:30 | 000,000,082 | ---- | M] () -- C:\Users\Tom\Documents\cc_20140206_211728.reg
[2014/02/06 21:12:56 | 000,003,976 | ---- | M] () -- C:\Windows\SysWow64\PCProtect.ini
[2014/02/06 21:12:56 | 000,002,184 | ---- | M] () -- C:\Windows\SysWow64\PCProtectOff.ini
[2014/02/06 21:12:56 | 000,002,184 | ---- | M] () -- C:\Windows\SysNative\PCProtectOff.ini
[2014/02/06 20:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 20:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 20:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 19:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 19:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 19:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 19:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 19:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 19:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 19:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 19:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 19:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 19:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 18:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 18:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 18:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 18:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 18:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 18:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 18:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 18:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 18:02:23 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/06 17:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 17:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/06 07:39:48 | 000,000,105 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\WB.CFG
[2014/02/05 16:16:47 | 369,004,435 | ---- | M] () -- C:\Users\Tom\Documents\ADS全画像0129.zip
[2014/02/05 16:09:09 | 008,485,931 | ---- | M] () -- C:\Users\Tom\Documents\0x1321-20140117-nopics.zip
[2014/02/05 07:47:18 | 000,861,600 | ---- | M] (AirInstaller ) -- C:\Users\Tom\Documents\setup.exe
[2014/02/03 11:01:54 | 000,487,501 | ---- | M] () -- C:\monitor.exe
[2014/02/03 11:00:18 | 000,034,244 | ---- | M] () -- C:\monitorsvc.exe
[2014/01/29 21:05:58 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/28 20:30:12 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/01/28 20:30:12 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/01/28 20:30:10 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/01/28 20:30:10 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/01/28 20:30:10 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/01/28 20:30:10 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/01/28 20:30:10 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/01/28 20:30:10 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/01/28 20:30:10 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/01/28 20:30:10 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/01/28 20:30:10 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/01/28 20:30:10 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/28 20:30:10 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/01/28 20:30:10 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/01/28 20:30:10 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/01/28 20:30:10 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/01/28 20:30:10 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/28 20:30:09 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/01/28 20:30:09 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/28 20:30:09 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/01/28 20:30:09 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/01/28 20:30:09 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/01/28 20:30:09 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/01/28 20:30:09 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/01/28 20:30:09 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/01/28 20:30:09 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/01/28 20:30:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/01/28 20:30:09 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/28 20:30:09 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/01/28 20:30:09 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/28 20:30:09 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/28 20:30:09 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/01/28 20:30:09 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/01/28 20:30:09 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/01/28 20:30:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/01/28 20:30:09 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/01/28 20:30:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/01/28 20:30:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/01/28 20:30:09 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/01/28 20:30:09 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/01/28 20:30:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/01/28 20:30:08 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/01/28 20:30:08 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/28 20:30:08 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/01/28 20:30:08 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/01/28 20:30:08 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/01/28 20:30:08 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/01/28 20:30:08 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/01/28 20:30:08 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/01/28 20:30:08 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/01/28 20:30:08 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/01/28 20:30:08 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/01/28 20:30:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/01/28 20:30:08 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/01/28 20:30:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/01/28 20:30:08 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/01/28 20:30:08 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/28 20:30:08 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/02/25 22:16:00 | 008,617,988 | ---- | C] () -- C:\Users\Tom\Desktop\iobituninstaller-3-1-7.zip
[2014/02/20 20:41:38 | 000,002,681 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/20 20:39:57 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/02/09 17:50:43 | 000,000,059 | ---- | C] () -- C:\prefs.js
[2014/02/06 21:17:30 | 000,000,082 | ---- | C] () -- C:\Users\Tom\Documents\cc_20140206_211728.reg
[2014/02/06 21:12:56 | 000,003,976 | ---- | C] () -- C:\Windows\SysWow64\PCProtect.ini
[2014/02/06 21:12:56 | 000,002,184 | ---- | C] () -- C:\Windows\SysWow64\PCProtectOff.ini
[2014/02/06 21:12:56 | 000,002,184 | ---- | C] () -- C:\Windows\SysNative\PCProtectOff.ini
[2014/02/05 16:14:03 | 369,004,435 | ---- | C] () -- C:\Users\Tom\Documents\ADS全画像0129.zip
[2014/02/05 16:08:51 | 008,485,931 | ---- | C] () -- C:\Users\Tom\Documents\0x1321-20140117-nopics.zip
[2014/02/03 11:01:54 | 000,487,501 | ---- | C] () -- C:\monitor.exe
[2014/02/03 11:00:18 | 000,034,244 | ---- | C] () -- C:\monitorsvc.exe
[2014/01/31 15:43:27 | 000,000,582 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/29 21:05:58 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/29 21:05:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/01/28 20:30:10 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/28 20:30:08 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/19 21:47:02 | 000,000,105 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\WB.CFG
[2012/12/07 17:22:50 | 000,110,936 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/25 03:33:16 | 000,000,787 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\burnaware.ini
[2011/07/11 12:30:21 | 000,007,629 | ---- | C] () -- C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 11:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 10:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProc
  • taka
  • 2014/02/25 (Tue) 22:47:02
返信フォームへ 
IUでのログもお願いします
OTLのログを見せていただきました。
ではもうひとつのIUでのログを取ったら、それも追加で見せてください。
これも調べてから次の対処をレスします。

なお、自分から次のレスできるのは明日夕か夜になるので、ご了承ください
  • 悪代官
  • 2014/02/25 (Tue) 23:11:54
返信フォームへ 
Re: 変な広告が出るようになりました
IU
====================================
Software List
Application Version:3.0.4.922
Windows 7
Exported Time:02-25-2014 22:46:03
====================================

Software Name: Adobe Flash Player 12 ActiveX
Version: 12.0.0.70
Publisher: Adobe Systems Incorporated
Install Time: 2011/11/13
Size: 6.00 MB
Help info: http://www.adobe.com/go/flashplayer_support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
Uninstall Command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe -maintain activex
----------------------------------------------

Software Name: Adobe Flash Player 12 Plugin
Version: 12.0.0.70
Publisher: Adobe Systems Incorporated
Install Time: 2011/11/13
Size: 6.00 MB
Help info: http://www.adobe.com/go/flashplayer_support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
Uninstall Command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe -maintain plugin
----------------------------------------------

Software Name: Adobe Shockwave Player 12.0
Version: 12.0.7.148
Publisher: Adobe Systems, Inc.
Install Time: 2014/02/09
Size: 8.63 MB
Help info: http://www.adobe.com/support/shockwave
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
Uninstall Command: "C:\Windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
----------------------------------------------

Software Name: Canon IJ Network Scanner Selector EX
Version: -
Publisher:
Install Time: 2011/11/29
Size: 1.80 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Canon_IJ_Network_Scanner_Selector_EX
Uninstall Command: "C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSU.exe" /UninstallRemove C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\uninst.ini
----------------------------------------------

Software Name: Canon IJ Network Tool
Version: -
Publisher:
Install Time: 2011/11/29
Size: 1.85 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Canon_IJ_Network_UTILITY
Uninstall Command: C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
----------------------------------------------

Software Name: ffdshow v1.1.3814 [2011-04-11]
Version: 1.1.3814.0
Publisher:
Install Time: 2014/02/20
Size: 14.45 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ffdshow_is1
Uninstall Command: "C:\Program Files (x86)\ffdshow\unins000.exe"
----------------------------------------------

Software Name: foobar2000 v1.1.13
Version: 1.1.13
Publisher: Peter Pawlowski
Install Time: 2011/07/11
Size: 7.80 MB
Help info: http://forums.foobar2000.org/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\foobar2000
Uninstall Command: "C:\Program Files (x86)\foobar2000\uninstall.exe" _?=C:\Program Files (x86)\foobar2000
----------------------------------------------

Software Name: ArcSoft TotalMedia Theatre 5
Version: 5.0.1.114
Publisher: ArcSoft
Install Time: 2011/08/27
Size: 133.65 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}\setup.exe" -runfromtemp -l0x0411 -removeonly
----------------------------------------------

Software Name: Etron USB3.0 Host Controller
Version: 0.105
Publisher: Etron Technology
Install Time: 2011/08/31
Size: 5.24 MB
Help info: http://www.etron.com.tw
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}\setup.exe" -runfromtemp -l0x0409 -removeonly
----------------------------------------------

Software Name: IObit Uninstaller
Version: 3.0.4.922
Publisher: IObit
Install Time: 2013/11/16
Size: 12.72 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObitUninstall
Uninstall Command: "C:\\Users\\Tom\\Desktop\\IObitUninstallerPortable\\App\\uninstaller\\UninstallDisplay.exe" uninstall_start
----------------------------------------------

Software Name: Microsoft Visual C# 2010 Express - 日本語
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 220.18 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual C# 2010 Express - JPN
Uninstall Command: c:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - JPN\setup.exe
----------------------------------------------

Software Name: Microsoft Visual Studio 2010 Service Pack 1
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 75.95 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Service Pack 1
Uninstall Command: C:\ProgramData\VS\vs10sp1\SetupCache\Setup.exe
----------------------------------------------

Software Name: Monkey's Audio
Version: -
Publisher:
Install Time: 2012/03/19
Size: 3.11 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Monkey's Audio_is1
Uninstall Command: "C:\Program Files (x86)\Monkey's Audio\unins000.exe"
----------------------------------------------

Software Name: SnapCrab for Windows 1.0.1
Version: -
Publisher: Fenrir Inc.
Install Time: 2012/08/29
Size: 6.82 MB
Help info: http://www.fenrir-inc.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SnapCrab for Windows_is1
Uninstall Command: "C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\unins000.exe"
----------------------------------------------

Software Name: SoundEngine Free
Version: 4.6.0.17
Publisher: Coderium
Install Time: 2012/01/10
Size: 4.36 MB
Help info: http://soundengine.jp/services/forum/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoundEngine Free
Uninstall Command: "C:\Program Files (x86)\SoundEngine Free\SoundEngineUninstaller.exe" /Uninstall
----------------------------------------------

Software Name: Yahoo!ツールバー
Version: 7.3.0.18
Publisher: Yahoo! JAPAN.
Install Time: 2012/11/29
Size: 2.71 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo!Jツールバー
Uninstall Command: C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
----------------------------------------------

Software Name: Yahoo!かんたんパソコン設定
Version: 1.1.0
Publisher: Yahoo! JAPAN.
Install Time: 2012/11/29
Size: 432.39 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo!かんたんパソコン設定
Uninstall Command: C:\PROGRA~2\Yahoo!J\PCSERV~1\YPCUNI~1.EXE
----------------------------------------------

Software Name: Microsoft SQL Server 2008 Browser
Version: 10.1.2531.0
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 7.94 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=90959
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15DF7630-7E1A-4DD1-A964-2B8F253FE05C}
Uninstall Command: MsiExec.exe /X{15DF7630-7E1A-4DD1-A964-2B8F253FE05C}
----------------------------------------------

Software Name: Canon ScanGear Starter
Version: -
Publisher:
Install Time: 2011/07/14
Size: 907.99 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}
Uninstall Command: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x11 anything
----------------------------------------------

Software Name: Java 7 Update 51
Version: 7.0.510
Publisher: Oracle
Install Time: 2014/02/09
Size: 118.64 MB
Help info: http://java.com/help
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FF}
Uninstall Command: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217051FF}
----------------------------------------------

Software Name: McAfee SiteAdvisor
Version: 3.6.135
Publisher: McAfee, Inc.
Install Time: 2012/06/26
Size: 15.84 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}
Uninstall Command: C:\Program Files (x86)\McAfee\SiteAdvisor\Uninstall.exe
----------------------------------------------

Software Name: ON_OFF Charge B11.0110.1
Version: 1.00.0001
Publisher: GIGABYTE
Install Time: 2011/08/03
Size: 79.74 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DECD372-76A1-4483-BF10-B547790A3261}
Uninstall Command: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DECD372-76A1-4483-BF10-B547790A3261}\setup.exe" -l0x9 -removeonly
----------------------------------------------

Software Name: Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 JPN
Version: 4.0.8080.0
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 11.25 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=81488
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{536DD37D-90EE-41DB-AEAA-ED9AA7488714}
Uninstall Command: MsiExec.exe /X{536DD37D-90EE-41DB-AEAA-ED9AA7488714}
----------------------------------------------

Software Name: Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 26.34 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}
Uninstall Command: MsiExec.exe /X{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}
----------------------------------------------

Software Name: Intel(R) Management Engine Components
Version: 7.0.0.1118
Publisher: Intel Corporation
Install Time: 2011/07/09
Size: 20.47 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}
Uninstall Command: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
----------------------------------------------

Software Name: VoiceOver Kit
Version: 1.42.128.0
Publisher: Apple Inc.
Install Time: 2014/02/22
Size: 41.79 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}
Uninstall Command: MsiExec.exe /X{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}
----------------------------------------------

Software Name: Apple Software Update
Version: 2.1.3.127
Publisher: Apple Inc.
Install Time: 2014/01/29
Size: 2.38 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Uninstall Command: MsiExec.exe /X{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
----------------------------------------------

Software Name: Skype(TM) 6.14
Version: 6.14.104
Publisher: Skype Technologies S.A.
Install Time: 2014/02/20
Size: 25.11 MB
Help info: http://ui.skype.com/ui/0/6.14.60.104/ja/help
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
Uninstall Command: MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
----------------------------------------------

Software Name: Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 36.25 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADAC5B9-BAD3-37AF-A07D-D97847FF5D33}
Uninstall Command: MsiExec.exe /X{7ADAC5B9-BAD3-37AF-A07D-D97847FF5D33}
----------------------------------------------

Software Name: Realtek Ethernet Controller Driver
Version: 7.46.531.2011
Publisher: Realtek
Install Time: 2011/07/09
Size: 2.47 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}
Uninstall Command: C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
----------------------------------------------

Software Name: Microsoft SQL Server Compact 3.5 SP2 JPN
Version: 3.5.8080.0
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 3.67 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=81488
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89E9AB79-7914-4B67-8D4E-A8B1E39C3D89}
Uninstall Command: MsiExec.exe /X{89E9AB79-7914-4B67-8D4E-A8B1E39C3D89}
----------------------------------------------

Software Name: Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Version: 1
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 495.86 MB
Help info: http://support.microsoft.com/kb/2898869
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2898869
Uninstall Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}
----------------------------------------------

Software Name: Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Version: 1
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 495.86 MB
Help info: http://support.microsoft.com/kb/2901126
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2901126
Uninstall Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Version: 9.0.30729.6161
Publisher: Microsoft Corporation
Install Time: 2012/06/26
Size: 594.00 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Uninstall Command: MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
----------------------------------------------

Software Name: Microsoft SQL Server System CLR Types
Version: 10.50.1750.9
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 991.00 KB
Help info: http://go.microsoft.com/fwlink/?LinkId=149837
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A74A0091-5290-4EB8-B708-11AAA1BCEA6B}
Uninstall Command: MsiExec.exe /X{A74A0091-5290-4EB8-B708-11AAA1BCEA6B}
----------------------------------------------

Software Name: Apple Application Support
Version: 3.0
Publisher: Apple Inc.
Install Time: 2014/01/29
Size: 94.42 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}
Uninstall Command: MsiExec.exe /X{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}
----------------------------------------------

Software Name: QuickTime
Version: 7.74.80.86
Publisher: Apple Inc.
Install Time: 2013/05/29
Size: 74.63 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B67BAFBA-4C9F-48FA-9496-933E3B255044}
Uninstall Command: MsiExec.exe /X{B67BAFBA-4C9F-48FA-9496-933E3B255044}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Version: 9.0.30729.4974
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 599.00 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Uninstall Command: MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
----------------------------------------------

Software Name: Microsoft SQL Server 2008 R2 管理オブジェクト
Version: 10.50.1750.9
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 14.46 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=149838
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF01E39C-5B68-4AD8-8DF1-9A37356D43F4}
Uninstall Command: MsiExec.exe /X{BF01E39C-5B68-4AD8-8DF1-9A37356D43F4}
----------------------------------------------

Software Name: CanoScan Toolbox Ver4.9
Version: -
Publisher:
Install Time: 2011/07/14
Size: 907.99 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}
Uninstall Command: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\Setup.exe" -l0x11 anything
----------------------------------------------

Software Name: System Requirements Lab for Intel
Version: 4.4.24.0
Publisher: Husdawg, LLC
Install Time: 2011/07/25
Size: 763.00 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}
Uninstall Command: MsiExec.exe /X{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}
----------------------------------------------

Software Name: Microsoft .NET Framework 4 Multi-Targeting Pack
Version: 4.0.30319
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 83.46 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Uninstall Command: MsiExec.exe /X{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
----------------------------------------------

Software Name: ScreenManager Pro for LCD (DDC/CI)
Version: 2.3.0
Publisher: EIZO NANAO CORPORATION
Install Time: 2012/03/27
Size: 5.06 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}
Uninstall Command: MsiExec.exe /X{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}
----------------------------------------------

Software Name: Microsoft Visual C# 2010 Express - 日本語 (KB2635973) 用の修正プログラム
Version: 1
Publisher: Microsoft Corporation
Install Time:
Size:
Help info: http://support.microsoft.com/kb/2635973
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE91D00D-6F82-3636-B532-50D4F72E018C}.KB2635973
Uninstall Command: c:\Windows\SysWOW64\msiexec.exe /package {EE91D00D-6F82-3636-B532-50D4F72E018C} /uninstall {A003ADF2-C209-378D-959B-4D93E75FD7A5} /qb+ REBOOTPROMPT=&quot;&quot;
----------------------------------------------

Software Name: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 11.15 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=146008
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Uninstall Command: MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
----------------------------------------------

Software Name: Intel(R) Processor Graphics
Version: 8.15.10.2418
Publisher: Intel Corporation
Install Time: 2011/07/09
Size: 74.22 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
Uninstall Command: C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
----------------------------------------------

Software Name: Realtek High Definition Audio Driver
Version: 6.0.1.6482
Publisher: Realtek Semiconductor Corp.
Install Time: 2011/12/03
Size: 18.36 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
Uninstall Command: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
----------------------------------------------

Software Name: Google Chrome
Version: 31.0.1650.63
Publisher: Google Inc.
Install Time: 2011/07/09
Size: 418.54 MB
Help info: -
Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Uninstall Command: "C:\Users\Tom\AppData\Local\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe" --uninstall --multi-install --chrome
----------------------------------------------

Software Name: CCleaner
Version: 4.10
Publisher: Piriform
Install Time: 2011/08/02
Size: 12.42 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
Uninstall Command: "C:\Program Files\CCleaner\uninst.exe"
----------------------------------------------

Software Name: CPUID CPU-Z 1.58
Version: -
Publisher:
Install Time: 2011/07/09
Size: 3.23 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPUID CPU-Z_is1
Uninstall Command: "C:\Program Files\CPUID\CPU-Z\unins000.exe"
----------------------------------------------

Software Name: SQL Server 2008 の Service Pack 1 (KB968369) (64-bit)
Version: 10.1.2531.0
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 137.27 MB
Help info: http://support.microsoft.com/?kbid=968369
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968369
Uninstall Command: "c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
----------------------------------------------

Software Name: McAfee Security Scan Plus
Version: 3.8.141.11
Publisher: McAfee, Inc.
Install Time: 2014/02/11
Size: 10.25 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
Uninstall Command: "C:\Program Files\McAfee Security Scan\uninstall.exe"
----------------------------------------------

Software Name: Microsoft Help Viewer 1.1
Version: 1.1.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 3.97 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Help Viewer 1.1
Uninstall Command: c:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.1\install.exe
----------------------------------------------

Software Name: Microsoft Help Viewer 1.1 Language Pack - JPN
Version: 1.1.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 1.95 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Help Viewer 1.1 Language Pack - JPN
Uninstall Command: c:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.1 Language Pack - JPN\install.exe
----------------------------------------------

Software Name: Microsoft Security Essentials
Version: 4.4.304.0
Publisher: Microsoft Corporation
Install Time: 2013/11/19
Size: 26.54 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client
Uninstall Command: C:\Program Files\Microsoft Security Client\Setup.exe /x
----------------------------------------------

Software Name: Microsoft SQL Server 2008 (64-bit)
Version: -
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 29.68 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=116323
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft SQL Server 10 Release
Uninstall Command: "c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
----------------------------------------------

Software Name: Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Version: 10.0.40303
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 4.16 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Uninstall Command: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
----------------------------------------------

Software Name: Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語
Version: 10.0.40303
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 6.16 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN
Uninstall Command: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN\install.exe
----------------------------------------------

Software Name: ロジクール SetPoint 6.30
Version: 6.30.43
Publisher: ロジクール
Install Time: 2011/07/09
Size: 39.06 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sp6
Uninstall Command: C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe
----------------------------------------------

Software Name: iTunes
Version: 11.1.4.62
Publisher: Apple Inc.
Install Time: 2014/01/29
Size: 216.96 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}
Uninstall Command: MsiExec.exe /X{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}
----------------------------------------------

Software Name: Microsoft SQL Server 2008 セットアップ サポート ファイル
Version: 10.1.2731.0
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 34.94 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=101173
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10BA88C9-1ACD-429F-BB5F-B1A907A3EE1A}
Uninstall Command: MsiExec.exe /X{10BA88C9-1ACD-429F-BB5F-B1A907A3EE1A}
----------------------------------------------

Software Name: Canon MG6200 series MP Drivers
Version: -
Publisher:
Install Time:
Size:
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series
Uninstall Command: "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series /L0x0011
----------------------------------------------

Software Name: Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 33.50 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}
Uninstall Command: MsiExec.exe /X{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}
----------------------------------------------

Software Name: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 13.87 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=146008
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Uninstall Command: MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
----------------------------------------------

Software Name: Paint.NET v3.5.10
Version: 3.60.0
Publisher: dotPDN LLC
Install Time: 2011/11/27
Size: 10.70 MB
Help info: http://www.getpaint.net
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}
Uninstall Command: MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}
----------------------------------------------

Software Name: Microsoft SQL Server Compact 3.5 SP2 x64 JPN
Version: 3.5.8080.0
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 4.79 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=81488
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5DA6F56A-5E2D-4FB4-88CB-E9EE2B790A14}
Uninstall Command: MsiExec.exe /X{5DA6F56A-5E2D-4FB4-88CB-E9EE2B790A14}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Version: 9.0.30729.6161
Publisher: Microsoft Corporation
Install Time: 2011/08/12
Size: 788.00 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Uninstall Command: MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
----------------------------------------------

Software Name: Google 日本語入力
Version: 1.12.1591.0
Publisher: Google Inc.
Install Time: 2013/12/07
Size: 84.33 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DA6FC93-E471-436C-8BC0-1963AF0BAAAC}
Uninstall Command: MsiExec.exe /X{6DA6FC93-E471-436C-8BC0-1963AF0BAAAC}
----------------------------------------------

Software Name: Bonjour
Version: 3.0.0.10
Publisher: Apple Inc.
Install Time: 2014/01/29
Size: 2.00 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Uninstall Command: MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
----------------------------------------------

Software Name: Microsoft SQL Server VSS Writer
Version: 10.1.2531.0
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 3.59 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=90958
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8137177F-FA3A-4A90-B6A5-8CD066008EEF}
Uninstall Command: MsiExec.exe /X{8137177F-FA3A-4A90-B6A5-8CD066008EEF}
----------------------------------------------

Software Name: iCloud
Version: 3.1.0.40
Publisher: Apple Inc.
Install Time: 2013/12/25
Size: 156.87 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81E20D41-C277-4526-934D-F2380AF91B78}
Uninstall Command: MsiExec.exe /X {81E20D41-C277-4526-934D-F2380AF91B78}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Version: 9.0.30729
Publisher: Microsoft Corporation
Install Time: 2011/07/09
Size: 788.00 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}
Uninstall Command: MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
----------------------------------------------

Software Name: Microsoft Silverlight
Version: 5.1.20913.0
Publisher: Microsoft Corporation
Install Time: 2013/10/10
Size: 149.87 MB
Help info: http://go.microsoft.com/fwlink/?LinkID=91955
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Uninstall Command: MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
----------------------------------------------

Software Name: Microsoft .NET Framework 4.5.1
Version: 4.5.50938
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 38.80 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033
Uninstall Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64
----------------------------------------------

Software Name: Microsoft .NET Framework 4.5.1 (日本語)
Version: 4.5.50938
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 2.94 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041
Uninstall Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\JPN\\Setup.exe /repair /x86 /x64 /lcid 1041
----------------------------------------------

Software Name: Microsoft Visual Studio 2010 Express Prerequisites x64 - JPN
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2014/02/09
Size: 21.67 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{980B45F5-2AE9-3662-B288-1E747FF5FFE5}
Uninstall Command: MsiExec.exe /X{980B45F5-2AE9-3662-B288-1E747FF5FFE5}
----------------------------------------------

Software Name: Microsoft SQL Server 2008 Native Client
Version: 10.1.2531.0
Publisher: Microsoft Corporation
Install Time: 2012/06/24
Size: 7.04 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=90957
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0A67674-C94A-49DB-B16E-4D79BEF15AB1}
Uninstall Command: MsiExec.exe /X{D0A67674-C94A-49DB-B16E-4D79BEF15AB1}
----------------------------------------------

Software Name: Apple Mobile Device Support
Version: 7.1.0.32
Publisher: Apple Inc.
Install Time: 2014/01/29
Size: 22.74 MB
Help info: http://www.apple.com/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}
Uninstall Command: MsiExec.exe /X{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}
----------------------------------------------

====================================
Browser Plug-ins List
Application Version:3.0.4.922
Windows 7
Exported Time:02-25-2014 22:46:03
====================================

====================================
Browser: Internet Explorer
====================================

************************************
Toolbar
************************************

Name: McAfee SiteAdvisor Toolbar
Version: 3.6.5.118
Description: SiteAdvisor
Publisher: McAfee, Inc.
Architecture: 32-bit
----------------------------------------------

Name: McAfee SiteAdvisor Toolbar
Version: 3.6.5.118
Description: SiteAdvisor
Publisher: McAfee, Inc.
Architecture: 64-bit
----------------------------------------------

************************************
BHO
************************************

Name: McAfee SiteAdvisor BHO
Version: 3.6.5.118
Description: SiteAdvisor
Publisher: McAfee, Inc.
Architecture: 32-bit
----------------------------------------------

Name: McAfee SiteAdvisor BHO
Version: 3.6.5.118
Description: SiteAdvisor
Publisher: McAfee, Inc.
Architecture: 64-bit
----------------------------------------------

************************************
ActiveX
************************************

Name: Java Plug-in 10.51.2
Version:
Description:
Publisher: Oracle America, Inc.
Architecture: 32-bit
----------------------------------------------

Name: Java Plug-in 1.7.0_51
Version:
Description:
Publisher: Oracle America, Inc.
Architecture: 32-bit
----------------------------------------------

Name: HTML Document
Version: 11.00.9600.16428
Description: Microsoft(R) HTML ビューアー
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: XML DOM Document
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Windows Media Player
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Microsoft Web Browser
Version: 11.00.9600.16428
Description: インターネット ブラウザー
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: Shockwave Flash Object
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Microsoft Silverlight
Version: 5.1.20913.0
Description: 5.1.20913.0
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: XML HTTP Request
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: XML HTTP
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: HTML Document
Version: 11.00.9600.16428
Description: Microsoft(R) HTML ビューアー
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: XML DOM Document
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

Name: Windows Media Player
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

Name: Microsoft Web Browser
Version: 11.00.9600.16428
Description: インターネット ブラウザー
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: Shockwave Flash Object
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

Name: Microsoft Silverlight
Version: 5.1.20913.0
Description: 5.1.20913.0
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: XML HTTP Request
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

Name: XML HTTP
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

====================================
Browser: Google Chrome
====================================

************************************
Extensions
************************************

Name: SiteAdvisor
Version: 3.65.135.1
Description: SiteAdvisor
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Google ウォレット
Version: 0.0.6.1
Description: デジタルコンテンツ向け Google ウォレット
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: BlockTheAdAppp
Version: 3.2
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

************************************
Plug-ins
************************************

Name: Widevine Content Decryption Module
Version: 1.4.1.376
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Shockwave Flash
Version: 11.9.900.170
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Native Client
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Chrome PDF Viewer
Version: 1. 0. 0. 1
Description: Chrome PDF Viewer
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: QuickTime Plug-in 7.7.4
Version: 7.7.4 (1680.86)
Description: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site.
Publisher: Apple Inc.
Architecture: 32-bit
----------------------------------------------

Name: Java Deployment Toolkit 7.0.510.13
Version: 10.51.2.13
Description: NPRuntime Script Plug-in Library for Java(TM) Deploy
Publisher: Oracle Corporation
Architecture: 32-bit
----------------------------------------------

Name: Java(TM) Platform SE 7 U51
Version: 10.51.2.13
Description: Next Generation Java Plug-in 10.51.2 for Mozilla browsers
Publisher: Oracle Corporation
Architecture: 32-bit
----------------------------------------------

Name: iTunes Application Detector
Version: 1.0.1.1
Description:
Publisher: Apple Inc.
Architecture: 32-bit
----------------------------------------------

Name: McAfee Security Scanner +
Version: 3.8.141.0
Description: McAfee MSS+ NPAPI Plugin
Publisher: McAfee, Inc.
Architecture: 32-bit
----------------------------------------------

Name: Google Update
Version: 1.3.22.3
Description: Google Update
Publisher: Google Inc.
Architecture: 32-bit
----------------------------------------------

Name: Shockwave for Director
Version: 12.0.7r148
Description: Adobe Shockwave for Director Netscape plug-in, version 12.0.7.148
Publisher: Adobe Systems, Inc.
Architecture: 32-bit
----------------------------------------------

Name: Shockwave Flash
Version: 12.0.0.70
Description: Adobe® Flash® Player 12.0.0.70 Plugin
Publisher: Adobe Systems Incorporated
Architecture: 32-bit
----------------------------------------------

Name: Silverlight Plug-In
Version: 5.1.20913.0
Description: 5.1.20913.0
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

====================================
Browser: Mozilla FireFox
====================================

====================================
Browser: Opera
====================================

貼り忘れてました(汗)
お願いします
  • taka
  • 2014/02/26 (Wed) 00:00:11
返信フォームへ 
ではIUから処置できるか確認です
おはようございます。
IUのログも見せてもらいました。
ではまず以下の作業をしてみてください。

IU起動して画面上部の「ブラウザプラグイン」を開くと、各ブラウザの拡張が表示されます。

そこで以下を選択(チェック)して「削除」してください。
>Name: BlockTheAdAppp

既に処置で詰まっているChromeの拡張ですが、IUからの強制削除できるかをここで試します。

これができたらまたPC再起動後に様子見して、これがまた復活するかをレスで教えてください。
  • 悪代官
  • 2014/02/26 (Wed) 06:48:56
返信フォームへ 
Re: 変な広告が出るようになりました
おはようございます
IUで削除したところ、IUには復活はみられませんでした
ブラウザの拡張機能のページへ行ってみると、相変わらず削除はできない状態でしたが、無効になっていました。
ここからどうすればいいのでしょうか?
  • taka
  • 2014/02/26 (Wed) 12:10:48
返信フォームへ 
OTLで再度fix作業を
レスが遅くなってすみません。

>IUで削除したところ、IUには復活はみられませんでした
>ブラウザの拡張機能のページへ行ってみると、相変わらず削除はできない状態でしたが、無効になっていました。

はい、いよいよおかしな状態で食い込んでいるみたいですね。
とりあえず無効化できたならこれはいいでしょう。

では今度はOTLで処置してみます。
またOTLのスクリプトを用意したので、先の手順でまたセーフモード状態でスクリプトをOTLに貼り付けて「Run fix」作業してください。

作業後にOTLのログを保存してから、またしばらく様子見後、OTLのログとともに状態報告をお願いします。
今度のスクリプトは以下です
------------------------------------
:OTL
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - Extension: BlockTheAdAppp = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0\
[2014/01/29 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

:Files
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0\
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
  • 悪代官
  • 2014/02/26 (Wed) 17:17:03
返信フォームへ 
Re: 変な広告が出るようになりました
OLT
All processes killed
Error: Unable to interpret <CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer> in the current context!
Error: Unable to interpret <CHR - Extension: BlockTheAdAppp = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0\> in the current context!
Error: Unable to interpret <[2014/01/29 21:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69> in the current context!
========== FILES ==========
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeklehkojebfagmheeiomogmpmmbbdne\3.2_0 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64 folder moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tom
->Temp folder emptied: 4170 bytes
->Temporary Internet Files folder emptied: 3381451 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 353352651 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 941832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 341.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 02262014_221631

Files\Folders moved on Reboot...
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

まだ復活するみたいでsy
引き続きお願いします
  • taka
  • 2014/02/27 (Thu) 00:08:57
返信フォームへ 
Chromeを一度削除しましょう
おはようございます。
OTLでの処置はできていますが、

>まだ復活するみたいです

はい、かなりおかしな状態ですね。
では今度は力技で行きます。

まずChromeのブックマークで必要なものがあれば、ブクマをバックアップ(エクスポート)して保存しておいてください。
一度Chromeをアンインストールするのでその準備です。

準備できたらPCをセーフモードでIUを使って下記のGoogleアプリをアンインストールしてください。
>Google Chrome Google Inc. 2011/07/09 31.0.1650.63
>Google 日本語入力 Google Inc. 2013/12/07 84.3 MB 1.12.1591.0

次にATFでゴミ掃除してから、PCを通常モードで再起動です。

再起動後にマイコンピュータのCドライブを開いて、下記のフォルダを探して、見つかればごみ箱に削除です。
>C:\Program Files (x86)\Google
>C:\Users\【ユーザー名】\AppData\Local\Google
>C:\Users\【ユーザー名】\AppData\LocalLow\Google
探しても見つからないものはスルーでいいです。

ここまでできたらGoogle公式サイトに行ってChrome最新版をダウンロードと再インストー^ルして、そのあとしばらく様子見後、状態報告をレスください
  • 悪代官
  • 2014/02/27 (Thu) 07:41:07
返信フォームへ 
悪代官さんの作業の前に
Chromeで復活する事態があまりに多発しておりますので、
ちょっと原因を解析させていただけないでしょうか。
しかしそれだけにお手間を取らせるわけにもゆきませんので、
せっかくならついでにシステムの安定化と高速化作業も行いましょう。

まずはソフトの準備をしましょう。

Glary Utilities(通称:GU)
http://download.glarysoft.com/gu4setup.exe
ダウンロード直リンクです。
保存せずに実行しましょう。
こちらのソフトは初期状態ではなぜかフランス語になっておりますので、
以下URLを参考に日本語に切り替えましょう。
http://mori1986.blog27.fc2.com/blog-entry-63.html

では準備が完了したらセーフモードで起動させてください。
GUを起動させます。
1 - クリックメンテナンスを実行してください。
その後、高度なツールから、Windowsレジストリの中にある、
デフラグをクリックし、レジストリのデフラグを行いましょう。
指示に従って引き続きセーフモードで再起動します。
再起動が完了したら、Glary Utilitiesを起動させ、高度なツールの
ハードディスクの項目からデフラグをクリックします。
解析ボタンの右にあるデフラグという文字の横の▼をクリックし、
デフラグと最適化をクリックしてHDD内部をデフラグしましょう。
デフラグが完了したら、PCを通常モードで再起動します。

通常モードで再起動が完了したら、再びGUを起動させ、高度なツールのシステムの状況から、
システム情報をクリックして起動させてください。
システム情報のウィンドウが開いたら、ファイル→レポートの作成(すべて)をクリックし、分かりやすい場所に保存してください。
保存されたログは一般公開するとまずいことになるかもしれませんので、以下URLに貼り付けご連絡ください。
http://otherplace.html.xdomain.jp/appeal.html
  • IVNO
  • MAIL
  • 2014/02/27 (Thu) 08:58:46
返信フォームへ 
Re: 変な広告が出るようになりました
IVNOさん
SCとはなんでしょうか...?
  • taka
  • 2014/02/27 (Thu) 09:49:44
返信フォームへ 
すみません・・・
テンプレそのままコピペだったので、余分なものが入っちゃいました。
でもついでですので、ショートカット関連の可能性もありますし、
上記の作業が終了したらSCも使ってみましょうか。
一応上記のレスは正しい手順に修正しました。

Shortcut Cleaner(通称:SC)
説明ページ↓
http://milksizegene.blog.fc2.com/blog-entry-314.html
ダウンロード(ファイル直リンです。保存しておいてください)
http://download.bleepingcomputer.com/grinler/sc-cleaner.exe

可能な限りソフトを終了させ、1分程度待ちます。
ソフト終了後から1分程度経過しましたら、SCを起動させ、作業完了まで待ちます。
作業完了時にログが出ますので、そちらも一緒に送ってください。
  • IVNO
  • MAIL
  • 2014/02/27 (Thu) 10:24:55
返信フォームへ 
Re: 変な広告が出るようになりました
google choromeをIUでアンインストールするとき、パワースキャンがでますが、すべてチェックして削除するのでしょうか?
返信遅れて申し訳ありません
  • taka
  • 2014/02/28 (Fri) 00:07:05
返信フォームへ 
パワースキャンも実行です
作業と報告、ご苦労様です。

>IUでアンインストールするとき、パワースキャンがでますが、すべてチェックして削除するのでしょうか?

はい、その手順で進めてください
  • 悪代官
  • 2014/02/28 (Fri) 06:50:43
返信フォームへ 
戦果があったのかなかったのか
ログ解析が終了いたしました。
結果は、トロイの木馬型ウイルスを1匹発見いたしました。
が、肝心のGoogle Chrome関連は見つけることができませんでした。
ここから導き出せることは、少なくともプロセスにかんでいるわけではないと言うことです。

ではトロイの木馬型ウイルスの手動駆除を行いましょう。
PCをセーフモードで起動させてください。
ローカルディスク(C:)を開きます。
するとそこに隠しファイルとして、monitor.exeと言うのがあると思います。
そちらを右クリックし、名前の変更をクリックします。
ファイル名を以下のように書き換えます。

old_monitor.exe

こちらの変更が完了したら、PCを通常起動させるために再起動させてください。
もしこれでPCに問題がなければ、先に変更したファイルはウイルス確定です。
異常がありましたら、再度セーフモードで起動させ、変更した名前を元に戻してください。
  • IVNO
  • MAIL
  • 2014/02/28 (Fri) 11:24:29
返信フォームへ 
Re: 変な広告が出るようになりました
遅れてしまい申し訳ありません

悪代官さん
ローカルディスクCにて、program files(x86) が見つかりましたが、
削除しようとすると「別のプログラムがこのフォルダーまたはファイルを開いているので削除できません」とでました。
どうすればよいのでしょうか?

INVOさん
悪代官さんの処置をしてから行おうと思いますので、もう少しお待ちください
  • taka
  • 2014/03/01 (Sat) 10:24:52
返信フォームへ 
削除できなければチェックを外してください
Program Files(x86)は、システムフォルダの中でもかなり重要な場所で、
ご利用中のIUやGUなどをはじめ、Windowsの中にこれまでインストールされたソフトのほぼ大半が、
アンインストールされるまでそのフォルダの中に格納されます。
そんなフォルダですので、消せなくて当然と言えば当然です。
ですので、Windowsのシステムに関わるフォルダは削除から除外してください。
  • IVNO
  • MAIL
  • 2014/03/01 (Sat) 12:08:09
返信フォームへ 
Re: 変な広告が出るようになりました
遅くなり申し訳ありません
choromeを新しくダウンロードしたところ、CCと拡張機能からBlocktheadappはみられませんでした
ただ、CCに今まで無かったものが見られましたので、そのログを貼っておきます
なんか文字化け?してて怖いので・・・

有効 App Gmail 7 譛€蛻昴・繝ヲ繝シ繧カ繝シ C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
有効 App Google 繝峨Λ繧、繝・ 6.3 譛€蛻昴・繝ヲ繝シ繧カ繝シ C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
有効 App Google 讀懃エ「 0.0.0.20 譛€蛻昴・繝ヲ繝シ繧カ繝シ C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
有効 App YouTube 4.2.6 譛€蛻昴・繝ヲ繝シ繧カ繝シ C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
有効 Extension Google 繝峨く繝・繝。繝ウ繝・ 0.5 譛€蛻昴・繝ヲ繝シ繧カ繝シ C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
有効 Extension Google 繧ヲ繧ゥ繝ャ繝・ヨ 0.0.6.1 譛€蛻昴・繝ヲ繝シ繧カ繝シ C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0
無効 Extension McAfee Security Scan+ 3.8.141.12 譛€蛻昴・繝ヲ繝シ繧カ繝シ C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0
無効 Extension SiteAdvisor 3.65.135.1 譛€蛻昴・繝ヲ繝シ繧カ繝シ C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0


今夜INVOさんの処置をやりますね
  • taka
  • 2014/03/01 (Sat) 16:11:48
返信フォームへ 
Re: 変な広告が出るようになりました
INVOさんの処置をやろうと思いましたが、
現状BlockTheAdappが見当たらなく、異常もみられないので、
処置を行ったあとそれが正しかったのかどうかがわからないことに気づきました...
BlockTheAdappがなくなったということは解決ということになるのでしょうか?
  • taka
  • 2014/03/02 (Sun) 14:06:48
返信フォームへ 
SCとGUの結果は出ましたか?
レスが遅くなってすみません。

>INVOさんの処置をやろうと思いましたが、
>現状BlockTheAdappが見当たらなく、異常もみられないので、
>処置を行ったあとそれが正しかったのかどうかがわからないことに気づきました

はい、対象が見つからないならいったん状態を再確認しましょうか。
まずIVNOさんが先に指示されたShortcut Cleaner(通称:SC)の結果ログも出ていれば、それをレスで見せてください。

次にこれもIVNOさんが指示したように、Glary Utilities(通称:GU)のログも「お問い合わせ」から送信してください。

それを解析できたら次の指示が出ると思います
  • 悪代官
  • 2014/03/02 (Sun) 15:00:21
返信フォームへ 
Re: 変な広告が出るようになりました
悪代官さん

SCとGUのログをINVOさんに送信して、
上の

>ではトロイの木馬型ウイルスの手動駆除を行いましょう。
>PCをセーフモードで起動させてください。
>ローカルディスク(C:)を開きます。
>するとそこに隠しファイルとして、monitor.exeと言うのがあると思います。
>そちらを右クリックし、名前の変更をクリックします。
>ファイル名を以下のように書き換えます。
>
>old_monitor.exe
>
>こちらの変更が完了したら、PCを通常起動させるために再起動させてください。
>もしこれでPCに問題がなければ、先に変更したファイルはウイルス確定です。
>異常がありましたら、再度セーフモードで起動させ、変更した名前を元に戻してください。

と指示を出してもらったのですが
今のところchoromeを再インストした時点で既に異常がみられないので、
名前を書き換えても、そのファイルがウイルス確定かどうかわからないのでは...?と・・・

  • taka
  • 2014/03/02 (Sun) 15:28:05
返信フォームへ 
TDSSLillerでスキャンを
報告を見せていただきました。
では処置はできていると思われますが、トロイのこともあるので、よければ以下の説明を読んでから作業してみてください。

以下のツールを準備してください。
TDSSKiller(zipファイル直リン。保存後解凍してください)
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
これはトロイを含めて、一般のアンチウイルスソフトでは検出処置が難しい「ルーロキット」と称される種の潜伏型マルウェア検出に特化したツールです。これを使って調べてみます。
使い方は下記サイト様にわかりやすい説明があるので、そちらを見てください↓
http://secur1ty.blog116.fc2.com/blog-entry-54.html

準備できたらPCをセーフモードで起動してください。

起動したらTDSSKillerを起動し、全ての領域にチェックが入っていることを確かめてから、Start scanをクリックです。

TDSSKillerで検知されたときは「Cure」または「Delete」となっていることを確認して「Continue」です。

ですが判断ができなければここでは何も処置せず、そのままTDSSKillerを終了してください。

作業後TDSSlillerのログを返信に貼って見せてください。

これのログはマイコンピュータのCドライブ直下に、下記のようなファイル名で作成されているはずです。
>TDSSKiller.(ランダムな数字)_log.txt
  • 悪代官
  • 2014/03/02 (Sun) 16:55:29
返信フォームへ 
Re: 変な広告が出るようになりました
再起動したときにできたログだけでいいですか?

17:24:00.0206 3832 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:24:00.0965 3832 ============================================================
17:24:00.0966 3832 Current date / time: 2014/03/02 17:24:00.0965
17:24:00.0966 3832 SystemInfo:
17:24:00.0966 3832
17:24:00.0966 3832 OS Version: 6.1.7601 ServicePack: 1.0
17:24:00.0966 3832 Product type: Workstation
17:24:00.0966 3832 ComputerName: TOM-PC
17:24:00.0966 3832 UserName: Tom
17:24:00.0966 3832 Windows directory: C:\Windows
17:24:00.0966 3832 System windows directory: C:\Windows
17:24:00.0966 3832 Running under WOW64
17:24:00.0966 3832 Processor architecture: Intel x64
17:24:00.0966 3832 Number of processors: 4
17:24:00.0966 3832 Page size: 0x1000
17:24:00.0966 3832 Boot type: Normal boot
17:24:00.0966 3832 ============================================================
17:24:01.0807 3832 BG loaded
17:24:02.0037 3832 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
17:24:02.0102 3832 ============================================================
17:24:02.0102 3832 \Device\Harddisk0\DR0:
17:24:02.0102 3832 MBR partitions:
17:24:02.0102 3832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:24:02.0102 3832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEA2E000
17:24:02.0102 3832 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEA60800, BlocksNum 0x65CA5800
17:24:02.0102 3832 ============================================================
17:24:02.0121 3832 C: <-> \Device\Harddisk0\DR0\Partition2
17:24:02.0139 3832 D: <-> \Device\Harddisk0\DR0\Partition3
17:24:02.0139 3832 ============================================================
17:24:02.0139 3832 Initialize success
17:24:02.0139 3832 ============================================================
17:24:11.0930 3788 Deinitialize success


  • taka
  • 2014/03/02 (Sun) 17:29:06
返信フォームへ 
一応ログの再確認を
早速の作業と報告、ご苦労様です。
ただ、ログの内容が全部は表示されてないみたいですね。

お手数ですがマイコンピュータのCドライブを開いて、その直下に作成されているはずの下記の名前のファイルを探してください。
>TDSSKiller.(ランダムな数字)_log.txt
この名前のファイルが複数ある時は、作成日時がスキャンと処置した日時のものを選んでください。

このファイルをダブルクリックで開くと、ログの内容が表示されるので、その内容を再度レスで見せてください。
これで再確認したログでも先と同じ内容なら、特に検出処置するものはないということになるでしょう
  • 悪代官
  • 2014/03/02 (Sun) 17:50:14
返信フォームへ 
Re: 変な広告が出るようになりました
こちらの方ですかね?

17:16:04.0228 1460 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:16:05.0460 1460 ============================================================
17:16:05.0460 1460 Current date / time: 2014/03/02 17:16:05.0460
17:16:05.0460 1460 SystemInfo:
17:16:05.0460 1460
17:16:05.0460 1460 OS Version: 6.1.7601 ServicePack: 1.0
17:16:05.0460 1460 Product type: Workstation
17:16:05.0460 1460 ComputerName: TOM-PC
17:16:05.0460 1460 UserName: Tom
17:16:05.0460 1460 Windows directory: C:\Windows
17:16:05.0460 1460 System windows directory: C:\Windows
17:16:05.0460 1460 Running under WOW64
17:16:05.0460 1460 Processor architecture: Intel x64
17:16:05.0460 1460 Number of processors: 4
17:16:05.0460 1460 Page size: 0x1000
17:16:05.0460 1460 Boot type: Safe boot with network
17:16:05.0460 1460 ============================================================
17:16:06.0302 1460 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
17:16:06.0334 1460 ============================================================
17:16:06.0334 1460 \Device\Harddisk0\DR0:
17:16:06.0334 1460 MBR partitions:
17:16:06.0334 1460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:16:06.0334 1460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEA2E000
17:16:06.0334 1460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEA60800, BlocksNum 0x65CA5800
17:16:06.0334 1460 ============================================================
17:16:06.0349 1460 C: <-> \Device\Harddisk0\DR0\Partition2
17:16:06.0365 1460 D: <-> \Device\Harddisk0\DR0\Partition3
17:16:06.0365 1460 ============================================================
17:16:06.0365 1460 Initialize success
17:16:06.0365 1460 ============================================================
17:18:47.0164 0988 ============================================================
17:18:47.0164 0988 Scan started
17:18:47.0164 0988 Mode: Manual; SigCheck; TDLFS;
17:18:47.0164 0988 ============================================================
17:18:47.0768 0988 ================ Scan system memory ========================
17:18:47.0768 0988 System memory - ok
17:18:47.0768 0988 ================ Scan services =============================
17:18:47.0885 0988 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:18:47.0981 0988 1394ohci - ok
17:18:48.0002 0988 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:18:48.0022 0988 ACPI - ok
17:18:48.0050 0988 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:18:48.0099 0988 AcpiPmi - ok
17:18:48.0237 0988 [ F7AB315A4D400CA876381D1E188A2E20 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:18:48.0247 0988 AdobeFlashPlayerUpdateSvc - ok
17:18:48.0284 0988 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:18:48.0296 0988 adp94xx - ok
17:18:48.0332 0988 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:18:48.0342 0988 adpahci - ok
17:18:48.0358 0988 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:18:48.0366 0988 adpu320 - ok
17:18:48.0387 0988 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:18:48.0480 0988 AeLookupSvc - ok
17:18:48.0517 0988 [ 79059559E89D06E8B80CE2944BE20228 ] AFD C:\Windows\system32\drivers\afd.sys
17:18:48.0549 0988 AFD - ok
17:18:48.0574 0988 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:18:48.0580 0988 agp440 - ok
17:18:48.0604 0988 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:18:48.0634 0988 ALG - ok
17:18:48.0666 0988 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:18:48.0672 0988 aliide - ok
17:18:48.0678 0988 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:18:48.0683 0988 amdide - ok
17:18:48.0713 0988 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:18:48.0744 0988 AmdK8 - ok
17:18:48.0756 0988 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:18:48.0779 0988 AmdPPM - ok
17:18:48.0807 0988 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:18:48.0814 0988 amdsata - ok
17:18:48.0825 0988 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:18:48.0847 0988 amdsbs - ok
17:18:48.0854 0988 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:18:48.0860 0988 amdxata - ok
17:18:48.0889 0988 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:18:48.0974 0988 AppID - ok
17:18:48.0998 0988 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:18:49.0039 0988 AppIDSvc - ok
17:18:49.0058 0988 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
17:18:49.0078 0988 Appinfo - ok
17:18:49.0175 0988 [ 221564CC7BE37611FE15EACF443E1BF6 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:18:49.0187 0988 Apple Mobile Device - ok
17:18:49.0216 0988 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
17:18:49.0245 0988 AppleCharger - ok
17:18:49.0264 0988 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
17:18:49.0269 0988 AppleChargerSrv - ok
17:18:49.0319 0988 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:18:49.0352 0988 AppMgmt - ok
17:18:49.0379 0988 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:18:49.0386 0988 arc - ok
17:18:49.0398 0988 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:18:49.0404 0988 arcsas - ok
17:18:49.0443 0988 [ A7409B5C0E35DDEE64F16F3054E5530B ] ArcSec C:\Windows\system32\drivers\ArcSec.sys
17:18:49.0467 0988 ArcSec - ok
17:18:49.0548 0988 [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:18:49.0586 0988 aspnet_state - ok
17:18:49.0610 0988 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:18:49.0636 0988 AsyncMac - ok
17:18:49.0659 0988 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:18:49.0664 0988 atapi - ok
17:18:49.0693 0988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:18:49.0737 0988 AudioEndpointBuilder - ok
17:18:49.0744 0988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:18:49.0766 0988 AudioSrv - ok
17:18:49.0781 0988 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:18:49.0826 0988 AxInstSV - ok
17:18:49.0843 0988 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:18:49.0888 0988 b06bdrv - ok
17:18:49.0910 0988 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:18:49.0936 0988 b57nd60a - ok
17:18:49.0967 0988 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:18:49.0995 0988 BDESVC - ok
17:18:50.0008 0988 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:18:50.0038 0988 Beep - ok
17:18:50.0071 0988 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:18:50.0106 0988 BFE - ok
17:18:50.0139 0988 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:18:50.0256 0988 BITS - ok
17:18:50.0280 0988 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:18:50.0292 0988 blbdrive - ok
17:18:50.0351 0988 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:18:50.0361 0988 Bonjour Service - ok
17:18:50.0372 0988 BootDefragDriver - ok
17:18:50.0394 0988 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:18:50.0418 0988 bowser - ok
17:18:50.0427 0988 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:18:50.0441 0988 BrFiltLo - ok
17:18:50.0470 0988 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:18:50.0477 0988 BrFiltUp - ok
17:18:50.0499 0988 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:18:50.0528 0988 Browser - ok
17:18:50.0542 0988 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:18:50.0570 0988 Brserid - ok
17:18:50.0583 0988 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:18:50.0603 0988 BrSerWdm - ok
17:18:50.0611 0988 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:18:50.0624 0988 BrUsbMdm - ok
17:18:50.0634 0988 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:18:50.0647 0988 BrUsbSer - ok
17:18:50.0650 0988 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:18:50.0658 0988 BTHMODEM - ok
17:18:50.0672 0988 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:18:50.0700 0988 bthserv - ok
17:18:50.0730 0988 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:18:50.0751 0988 cdfs - ok
17:18:50.0778 0988 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:18:50.0785 0988 cdrom - ok
17:18:50.0812 0988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:18:50.0843 0988 CertPropSvc - ok
17:18:50.0856 0988 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:18:50.0864 0988 circlass - ok
17:18:50.0882 0988 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:18:50.0892 0988 CLFS - ok
17:18:50.0946 0988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:50.0953 0988 clr_optimization_v2.0.50727_32 - ok
17:18:50.0986 0988 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:18:50.0993 0988 clr_optimization_v2.0.50727_64 - ok
17:18:51.0046 0988 [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:18:51.0111 0988 clr_optimization_v4.0.30319_32 - ok
17:18:51.0125 0988 [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:18:51.0142 0988 clr_optimization_v4.0.30319_64 - ok
17:18:51.0170 0988 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:18:51.0182 0988 CmBatt - ok
17:18:51.0204 0988 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:18:51.0209 0988 cmdide - ok
17:18:51.0228 0988 [ EBF28856F69CF094A902F884CF989706 ] CNG C:\Windows\system32\Drivers\cng.sys
17:18:51.0256 0988 CNG - ok
17:18:51.0268 0988 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:18:51.0274 0988 Compbatt - ok
17:18:51.0292 0988 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:18:51.0318 0988 CompositeBus - ok
17:18:51.0328 0988 COMSysApp - ok
17:18:51.0373 0988 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
17:18:51.0379 0988 cpudrv64 - ok
17:18:51.0420 0988 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
17:18:51.0424 0988 cpuz135 - ok
17:18:51.0435 0988 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:18:51.0441 0988 crcdisk - ok
17:18:51.0476 0988 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:18:51.0497 0988 CryptSvc - ok
17:18:51.0527 0988 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:18:51.0557 0988 CSC - ok
17:18:51.0591 0988 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:18:51.0611 0988 CscService - ok
17:18:51.0636 0988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:18:51.0674 0988 DcomLaunch - ok
17:18:51.0695 0988 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:18:51.0718 0988 defragsvc - ok
17:18:51.0754 0988 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:18:51.0818 0988 DfsC - ok
17:18:51.0837 0988 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:18:51.0907 0988 Dhcp - ok
17:18:51.0921 0988 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:18:51.0960 0988 discache - ok
17:18:52.0021 0988 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:18:52.0032 0988 Disk - ok
17:18:52.0061 0988 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:18:52.0112 0988 dmvsc - ok
17:18:52.0135 0988 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:18:52.0197 0988 Dnscache - ok
17:18:52.0231 0988 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:18:52.0264 0988 dot3svc - ok
17:18:52.0273 0988 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:18:52.0301 0988 DPS - ok
17:18:52.0340 0988 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:18:52.0355 0988 drmkaud - ok
17:18:52.0390 0988 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:18:52.0408 0988 DXGKrnl - ok
17:18:52.0420 0988 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:18:52.0466 0988 EapHost - ok
17:18:52.0524 0988 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:18:52.0576 0988 ebdrv - ok
17:18:52.0597 0988 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS C:\Windows\System32\lsass.exe
17:18:52.0625 0988 EFS - ok
17:18:52.0669 0988 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:18:52.0708 0988 ehRecvr - ok
17:18:52.0720 0988 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:18:52.0727 0988 ehSched - ok
17:18:52.0763 0988 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:18:52.0776 0988 elxstor - ok
17:18:52.0782 0988 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:18:52.0799 0988 ErrDev - ok
17:18:52.0841 0988 [ D182C5A0D436C8FD8C08A5424A3448FA ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
17:18:52.0871 0988 EtronHub3 - ok
17:18:52.0897 0988 [ CAD747ACEB8E693B3D92613655602219 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
17:18:52.0913 0988 EtronXHCI - ok
17:18:52.0957 0988 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:18:52.0991 0988 EventSystem - ok
17:18:53.0004 0988 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:18:53.0026 0988 exfat - ok
17:18:53.0055 0988 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:18:53.0087 0988 fastfat - ok
17:18:53.0120 0988 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:18:53.0155 0988 Fax - ok
17:18:53.0162 0988 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:18:53.0181 0988 fdc - ok
17:18:53.0201 0988 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:18:53.0227 0988 fdPHost - ok
17:18:53.0238 0988 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:18:53.0257 0988 FDResPub - ok
17:18:53.0271 0988 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:18:53.0277 0988 FileInfo - ok
17:18:53.0292 0988 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:18:53.0319 0988 Filetrace - ok
17:18:53.0333 0988 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:18:53.0345 0988 flpydisk - ok
17:18:53.0367 0988 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:18:53.0376 0988 FltMgr - ok
17:18:53.0412 0988 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
17:18:53.0439 0988 FontCache - ok
17:18:53.0467 0988 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:18:53.0472 0988 FontCache3.0.0.0 - ok
17:18:53.0484 0988 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:18:53.0490 0988 FsDepends - ok
17:18:53.0514 0988 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:18:53.0519 0988 Fs_Rec - ok
17:18:53.0552 0988 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:18:53.0562 0988 fvevol - ok
17:18:53.0584 0988 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:18:53.0604 0988 gagp30kx - ok
17:18:53.0639 0988 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:18:53.0643 0988 GEARAspiWDM - ok
17:18:53.0723 0988 [ 6577313E06A64CFB4B968EE50318A490 ] GoogleIMEJaCacheService C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
17:18:53.0737 0988 GoogleIMEJaCacheService - ok
17:18:53.0760 0988 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:18:53.0787 0988 gpsvc - ok
17:18:53.0803 0988 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:18:53.0809 0988 gupdate - ok
17:18:53.0819 0988 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:18:53.0823 0988 gupdatem - ok
17:18:53.0851 0988 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:18:53.0855 0988 hamachi - ok
17:18:53.0876 0988 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:18:53.0900 0988 hcw85cir - ok
17:18:53.0940 0988 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:18:53.0962 0988 HdAudAddService - ok
17:18:53.0982 0988 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:18:53.0998 0988 HDAudBus - ok
17:18:54.0001 0988 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:18:54.0015 0988 HidBatt - ok
17:18:54.0031 0988 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:18:54.0040 0988 HidBth - ok
17:18:54.0063 0988 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:18:54.0071 0988 HidIr - ok
17:18:54.0095 0988 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:18:54.0115 0988 hidserv - ok
17:18:54.0150 0988 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:18:54.0164 0988 HidUsb - ok
17:18:54.0189 0988 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:18:54.0224 0988 hkmsvc - ok
17:18:54.0240 0988 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:18:54.0269 0988 HomeGroupListener - ok
17:18:54.0288 0988 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:18:54.0309 0988 HomeGroupProvider - ok
17:18:54.0345 0988 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:18:54.0351 0988 HpSAMD - ok
17:18:54.0373 0988 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:18:54.0407 0988 HTTP - ok
17:18:54.0423 0988 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:18:54.0428 0988 hwpolicy - ok
17:18:54.0449 0988 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:18:54.0455 0988 i8042prt - ok
17:18:54.0541 0988 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:18:54.0553 0988 iaStor - ok
17:18:54.0571 0988 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:18:54.0582 0988 iaStorV - ok
17:18:54.0619 0988 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:18:54.0636 0988 idsvc - ok
17:18:54.0638 0988 IEEtwCollectorService - ok
17:18:54.0797 0988 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:18:54.0961 0988 igfx - ok
17:18:54.0992 0988 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:18:54.0998 0988 iirsp - ok
17:18:55.0030 0988 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT C:\Windows\System32\ikeext.dll
17:18:55.0055 0988 IKEEXT - ok
17:18:55.0114 0988 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:18:55.0157 0988 IntcAzAudAddService - ok
17:18:55.0192 0988 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:18:55.0213 0988 IntcDAud - ok
17:18:55.0232 0988 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:18:55.0238 0988 intelide - ok
17:18:55.0260 0988 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:18:55.0280 0988 intelppm - ok
17:18:55.0308 0988 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:18:55.0335 0988 IPBusEnum - ok
17:18:55.0346 0988 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:18:55.0365 0988 IpFilterDriver - ok
17:18:55.0390 0988 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:18:55.0425 0988 iphlpsvc - ok
17:18:55.0428 0988 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:18:55.0435 0988 IPMIDRV - ok
17:18:55.0438 0988 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:18:55.0472 0988 IPNAT - ok
17:18:55.0511 0988 [ 842D1EDD0F2A6E0E6631BB96BAAA01DE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:18:55.0524 0988 iPod Service - ok
17:18:55.0548 0988 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:18:55.0570 0988 IRENUM - ok
17:18:55.0578 0988 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:18:55.0584 0988 isapnp - ok
17:18:55.0596 0988 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:18:55.0605 0988 iScsiPrt - ok
17:18:55.0619 0988 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:18:55.0624 0988 kbdclass - ok
17:18:55.0632 0988 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:18:55.0646 0988 kbdhid - ok
17:18:55.0655 0988 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso C:\Windows\system32\lsass.exe
17:18:55.0660 0988 KeyIso - ok
17:18:55.0681 0988 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:18:55.0687 0988 KSecDD - ok
17:18:55.0691 0988 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:18:55.0698 0988 KSecPkg - ok
17:18:55.0705 0988 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:18:55.0735 0988 ksthunk - ok
17:18:55.0760 0988 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:18:55.0790 0988 KtmRm - ok
17:18:55.0818 0988 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:18:55.0847 0988 LanmanServer - ok
17:18:55.0864 0988 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:18:55.0905 0988 LanmanWorkstation - ok
17:18:55.0975 0988 [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:18:55.0984 0988 LBTServ - ok
17:18:56.0001 0988 [ ABFD2B5726F4CCE49297AE48806CC594 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
17:18:56.0006 0988 LEqdUsb - ok
17:18:56.0020 0988 [ 933F69CF9ACD2498693BFCD7ED68E8D4 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
17:18:56.0024 0988 LHidEqd - ok
17:18:56.0029 0988 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:18:56.0034 0988 LHidFilt - ok
17:18:56.0064 0988 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:18:56.0083 0988 lltdio - ok
17:18:56.0105 0988 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:18:56.0129 0988 lltdsvc - ok
17:18:56.0131 0988 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:18:56.0151 0988 lmhosts - ok
17:18:56.0163 0988 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:18:56.0167 0988 LMouFilt - ok
17:18:56.0198 0988 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:18:56.0207 0988 LMS - ok
17:18:56.0237 0988 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:18:56.0244 0988 LSI_FC - ok
17:18:56.0249 0988 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:18:56.0255 0988 LSI_SAS - ok
17:18:56.0272 0988 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:18:56.0279 0988 LSI_SAS2 - ok
17:18:56.0289 0988 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:18:56.0295 0988 LSI_SCSI - ok
17:18:56.0313 0988 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:18:56.0347 0988 luafv - ok
17:18:56.0422 0988 [ 1B2236E2CF3742CAAD7197BA99F27F24 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
17:18:56.0448 0988 McAfee SiteAdvisor Service - ok
17:18:56.0488 0988 [ 49F5B235EDC9C6AC0ABA44737B190317 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
17:18:56.0496 0988 McComponentHostService - ok
17:18:56.0521 0988 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:18:56.0535 0988 Mcx2Svc - ok
17:18:56.0547 0988 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:18:56.0553 0988 megasas - ok
17:18:56.0580 0988 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:18:56.0589 0988 MegaSR - ok
17:18:56.0616 0988 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:18:56.0620 0988 MEIx64 - ok
17:18:56.0645 0988 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:18:56.0674 0988 MMCSS - ok
17:18:56.0684 0988 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:18:56.0715 0988 Modem - ok
17:18:56.0732 0988 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:18:56.0748 0988 monitor - ok
17:18:56.0765 0988 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:18:56.0771 0988 mouclass - ok
17:18:56.0782 0988 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:18:56.0795 0988 mouhid - ok
17:18:56.0806 0988 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:18:56.0812 0988 mountmgr - ok
17:18:56.0856 0988 [ C6B88D62F20AC646C6BD5C032EC2FAF9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:18:56.0866 0988 MpFilter - ok
17:18:56.0883 0988 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:18:56.0890 0988 mpio - ok
17:18:56.0893 0988 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:18:56.0913 0988 mpsdrv - ok
17:18:56.0943 0988 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:18:56.0971 0988 MpsSvc - ok
17:18:56.0984 0988 [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:18:56.0999 0988 MRxDAV - ok
17:18:57.0021 0988 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:18:57.0052 0988 mrxsmb - ok
17:18:57.0076 0988 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:18:57.0091 0988 mrxsmb10 - ok
17:18:57.0094 0988 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:18:57.0100 0988 mrxsmb20 - ok
17:18:57.0123 0988 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:18:57.0128 0988 msahci - ok
17:18:57.0142 0988 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:18:57.0149 0988 msdsm - ok
17:18:57.0160 0988 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:18:57.0173 0988 MSDTC - ok
17:18:57.0186 0988 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:18:57.0206 0988 Msfs - ok
17:18:57.0230 0988 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:18:57.0261 0988 mshidkmdf - ok
17:18:57.0276 0988 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:18:57.0281 0988 msisadrv - ok
17:18:57.0308 0988 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:18:57.0338 0988 MSiSCSI - ok
17:18:57.0340 0988 msiserver - ok
17:18:57.0365 0988 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:18:57.0384 0988 MSKSSRV - ok
17:18:57.0419 0988 [ 7675E15D1B2180745E4DA4D26AAD7385 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:18:57.0425 0988 MsMpSvc - ok
17:18:57.0428 0988 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:18:57.0456 0988 MSPCLOCK - ok
17:18:57.0468 0988 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:18:57.0496 0988 MSPQM - ok
17:18:57.0516 0988 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:18:57.0526 0988 MsRPC - ok
17:18:57.0537 0988 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:18:57.0543 0988 mssmbios - ok
17:18:57.0575 0988 MSSQL$SQLEXPRESS - ok
17:18:57.0615 0988 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:18:57.0635 0988 MSSQLServerADHelper100 - ok
17:18:57.0649 0988 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:18:57.0677 0988 MSTEE - ok
17:18:57.0690 0988 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:18:57.0704 0988 MTConfig - ok
17:18:57.0718 0988 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:18:57.0723 0988 Mup - ok
17:18:57.0738 0988 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:18:57.0768 0988 napagent - ok
17:18:57.0796 0988 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:18:57.0819 0988 NativeWifiP - ok
17:18:57.0855 0988 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:18:57.0872 0988 NDIS - ok
17:18:57.0888 0988 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:18:57.0908 0988 NdisCap - ok
17:18:57.0931 0988 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:18:57.0951 0988 NdisTapi - ok
17:18:57.0965 0988 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:18:57.0993 0988 Ndisuio - ok
17:18:58.0008 0988 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:18:58.0036 0988 NdisWan - ok
17:18:58.0048 0988 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:18:58.0077 0988 NDProxy - ok
17:18:58.0097 0988 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:18:58.0116 0988 NetBIOS - ok
17:18:58.0125 0988 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:18:58.0146 0988 NetBT - ok
17:18:58.0156 0988 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon C:\Windows\system32\lsass.exe
17:18:58.0161 0988 Netlogon - ok
17:18:58.0191 0988 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:18:58.0226 0988 Netman - ok
17:18:58.0253 0988 [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:58.0302 0988 NetMsmqActivator - ok
17:18:58.0304 0988 [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:58.0311 0988 NetPipeActivator - ok
17:18:58.0327 0988 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:18:58.0361 0988 netprofm - ok
17:18:58.0364 0988 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:58.0371 0988 NetTcpActivator - ok
17:18:58.0374 0988 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:58.0381 0988 NetTcpPortSharing - ok
17:18:58.0410 0988 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:18:58.0416 0988 nfrd960 - ok
17:18:58.0438 0988 [ ACE8C64C57E4A711473C8BC10ADF692B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:18:58.0446 0988 NisDrv - ok
17:18:58.0469 0988 [ 6247E8B31ED0A9D6BC5A26276E49BEB3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:18:58.0480 0988 NisSrv - ok
17:18:58.0502 0988 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:18:58.0517 0988 NlaSvc - ok
17:18:58.0532 0988 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:18:58.0552 0988 Npfs - ok
17:18:58.0572 0988 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:18:58.0600 0988 nsi - ok
17:18:58.0614 0988 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:18:58.0641 0988 nsiproxy - ok
17:18:58.0676 0988 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:18:58.0703 0988 Ntfs - ok
17:18:58.0714 0988 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:18:58.0743 0988 Null - ok
17:18:58.0778 0988 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:18:58.0785 0988 nvraid - ok
17:18:58.0796 0988 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:18:58.0804 0988 nvstor - ok
17:18:58.0811 0988 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:18:58.0818 0988 nv_agp - ok
17:18:58.0832 0988 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:18:58.0844 0988 ohci1394 - ok
17:18:58.0869 0988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:18:58.0895 0988 p2pimsvc - ok
17:18:58.0920 0988 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:18:58.0931 0988 p2psvc - ok
17:18:58.0950 0988 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:18:58.0956 0988 Parport - ok
17:18:58.0980 0988 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:18:58.0986 0988 partmgr - ok
17:18:58.0999 0988 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:18:59.0022 0988 PcaSvc - ok
17:18:59.0035 0988 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:18:59.0042 0988 pci - ok
17:18:59.0061 0988 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:18:59.0067 0988 pciide - ok
17:18:59.0076 0988 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:18:59.0084 0988 pcmcia - ok
17:18:59.0095 0988 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:18:59.0101 0988 pcw - ok
17:18:59.0108 0988 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:18:59.0142 0988 PEAUTH - ok
17:18:59.0174 0988 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:18:59.0217 0988 PeerDistSvc - ok
17:18:59.0283 0988 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:18:59.0348 0988 PerfHost - ok
17:18:59.0391 0988 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:18:59.0425 0988 pla - ok
17:18:59.0457 0988 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:18:59.0491 0988 PlugPlay - ok
17:18:59.0496 0988 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:18:59.0513 0988 PNRPAutoReg - ok
17:18:59.0527 0988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:18:59.0535 0988 PNRPsvc - ok
17:18:59.0565 0988 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:18:59.0597 0988 PolicyAgent - ok
17:18:59.0621 0988 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:18:59.0656 0988 Power - ok
17:18:59.0692 0988 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:18:59.0725 0988 PptpMiniport - ok
17:18:59.0733 0988 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:18:59.0750 0988 Processor - ok
17:18:59.0786 0988 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:18:59.0806 0988 ProfSvc - ok
17:18:59.0822 0988 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
17:18:59.0828 0988 ProtectedStorage - ok
17:18:59.0845 0988 [ 8717FA628A749175A7EF127DF2C012FC ] ProtectMonitor C:\monitorsvc.exe
17:18:59.0853 0988 ProtectMonitor ( UnsignedFile.Multi.Generic ) - warning
17:18:59.0853 0988 ProtectMonitor - detected UnsignedFile.Multi.Generic (1)
17:18:59.0875 0988 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:18:59.0902 0988 Psched - ok
17:18:59.0952 0988 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:18:59.0977 0988 ql2300 - ok
17:18:59.0990 0988 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:18:59.0996 0988 ql40xx - ok
17:19:00.0022 0988 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:19:00.0033 0988 QWAVE - ok
17:19:00.0044 0988 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:19:00.0059 0988 QWAVEdrv - ok
17:19:00.0068 0988 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:19:00.0088 0988 RasAcd - ok
17:19:00.0103 0988 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:19:00.0123 0988 RasAgileVpn - ok
17:19:00.0134 0988 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:19:00.0162 0988 RasAuto - ok
17:19:00.0174 0988 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:19:00.0194 0988 Rasl2tp - ok
17:19:00.0219 0988 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:19:00.0242 0988 RasMan - ok
17:19:00.0244 0988 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:19:00.0272 0988 RasPppoe - ok
17:19:00.0292 0988 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:19:00.0321 0988 RasSstp - ok
17:19:00.0326 0988 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:19:00.0348 0988 rdbss - ok
17:19:00.0356 0988 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:19:00.0363 0988 rdpbus - ok
17:19:00.0374 0988 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:19:00.0394 0988 RDPCDD - ok
17:19:00.0416 0988 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:19:00.0427 0988 RDPDR - ok
17:19:00.0440 0988 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:19:00.0467 0988 RDPENCDD - ok
17:19:00.0470 0988 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:19:00.0496 0988 RDPREFMP - ok
17:19:00.0515 0988 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:19:00.0533 0988 RDPWD - ok
17:19:00.0571 0988 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:19:00.0579 0988 rdyboost - ok
17:19:00.0602 0988 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:19:00.0633 0988 RemoteAccess - ok
17:19:00.0655 0988 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:19:00.0688 0988 RemoteRegistry - ok
17:19:00.0706 0988 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:19:00.0738 0988 RpcEptMapper - ok
17:19:00.0755 0988 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:19:00.0767 0988 RpcLocator - ok
17:19:00.0786 0988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:19:00.0808 0988 RpcSs - ok
17:19:00.0834 0988 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
17:19:00.0842 0988 RsFx0103 - ok
17:19:00.0875 0988 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:19:00.0895 0988 rspndr - ok
17:19:00.0917 0988 [ 0039DE6A0A1293889A3F21ECC473263D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:19:00.0925 0988 RTL8167 - ok
17:19:00.0951 0988 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:19:00.0980 0988 s3cap - ok
17:19:00.0997 0988 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs C:\Windows\system32\lsass.exe
17:19:01.0002 0988 SamSs - ok
17:19:01.0014 0988 savesenselive - ok
17:19:01.0016 0988 savesenselivem - ok
17:19:01.0034 0988 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:19:01.0041 0988 sbp2port - ok
17:19:01.0067 0988 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:19:01.0088 0988 SCardSvr - ok
17:19:01.0097 0988 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:19:01.0123 0988 scfilter - ok
17:19:01.0157 0988 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:19:01.0194 0988 Schedule - ok
17:19:01.0221 0988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:19:01.0240 0988 SCPolicySvc - ok
17:19:01.0249 0988 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:19:01.0280 0988 SDRSVC - ok
17:19:01.0307 0988 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:19:01.0333 0988 secdrv - ok
17:19:01.0357 0988 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:19:01.0386 0988 seclogon - ok
17:19:01.0396 0988 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:19:01.0426 0988 SENS - ok
17:19:01.0428 0988 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:19:01.0448 0988 SensrSvc - ok
17:19:01.0470 0988 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:19:01.0489 0988 Serenum - ok
17:19:01.0506 0988 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:19:01.0513 0988 Serial - ok
17:19:01.0522 0988 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:19:01.0539 0988 sermouse - ok
17:19:01.0559 0988 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:19:01.0590 0988 SessionEnv - ok
17:19:01.0607 0988 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:19:01.0623 0988 sffdisk - ok
17:19:01.0625 0988 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:19:01.0633 0988 sffp_mmc - ok
17:19:01.0635 0988 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:19:01.0649 0988 sffp_sd - ok
17:19:01.0656 0988 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:19:01.0663 0988 sfloppy - ok
17:19:01.0688 0988 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:19:01.0711 0988 SharedAccess - ok
17:19:01.0744 0988 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:19:01.0767 0988 ShellHWDetection - ok
17:19:01.0785 0988 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:19:01.0790 0988 SiSRaid2 - ok
17:19:01.0815 0988 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:19:01.0821 0988 SiSRaid4 - ok
17:19:01.0847 0988 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:19:01.0855 0988 SkypeUpdate - ok
17:19:01.0877 0988 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:19:01.0910 0988 Smb - ok
17:19:01.0940 0988 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:19:01.0959 0988 SNMPTRAP - ok
17:19:01.0973 0988 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:19:01.0979 0988 spldr - ok
17:19:02.0005 0988 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:19:02.0036 0988 Spooler - ok
17:19:02.0085 0988 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:19:02.0143 0988 sppsvc - ok
17:19:02.0160 0988 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:19:02.0181 0988 sppuinotify - ok
17:19:02.0215 0988 [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd C:\Windows\System32\Drivers\sptd.sys
17:19:02.0226 0988 sptd - ok
17:19:02.0263 0988 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
17:19:02.0292 0988 SQLAgent$SQLEXPRESS - ok
17:19:02.0330 0988 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:19:02.0338 0988 SQLBrowser - ok
17:19:02.0369 0988 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:19:02.0377 0988 SQLWriter - ok
17:19:02.0390 0988 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:19:02.0426 0988 srv - ok
17:19:02.0444 0988 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:19:02.0464 0988 srv2 - ok
17:19:02.0469 0988 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:19:02.0476 0988 srvnet - ok
17:19:02.0497 0988 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:19:02.0519 0988 SSDPSRV - ok
17:19:02.0528 0988 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:19:02.0548 0988 SstpSvc - ok
17:19:02.0571 0988 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:19:02.0576 0988 stexstor - ok
17:19:02.0615 0988 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:19:02.0644 0988 stisvc - ok
17:19:02.0665 0988 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:19:02.0671 0988 storflt - ok
17:19:02.0689 0988 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:19:02.0710 0988 StorSvc - ok
17:19:02.0731 0988 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:19:02.0737 0988 storvsc - ok
17:19:02.0744 0988 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:19:02.0749 0988 swenum - ok
17:19:02.0773 0988 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:19:02.0810 0988 swprv - ok
17:19:02.0838 0988 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:19:02.0877 0988 SysMain - ok
17:19:02.0885 0988 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:19:02.0895 0988 TabletInputService - ok
17:19:02.0906 0988 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:19:02.0937 0988 TapiSrv - ok
17:19:02.0951 0988 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:19:02.0986 0988 TBS - ok
17:19:03.0029 0988 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:19:03.0060 0988 Tcpip - ok
17:19:03.0082 0988 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:19:03.0104 0988 TCPIP6 - ok
17:19:03.0124 0988 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:19:03.0130 0988 tcpipreg - ok
17:19:03.0153 0988 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:19:03.0179 0988 TDPIPE - ok
17:19:03.0197 0988 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:19:03.0210 0988 TDTCP - ok
17:19:03.0240 0988 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:19:03.0274 0988 tdx - ok
17:19:03.0290 0988 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:19:03.0295 0988 TermDD - ok
17:19:03.0326 0988 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:19:03.0352 0988 TermService - ok
17:19:03.0360 0988 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:19:03.0370 0988 Themes - ok
17:19:03.0386 0988 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:19:03.0406 0988 THREADORDER - ok
17:19:03.0428 0988 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:19:03.0456 0988 TrkWks - ok
17:19:03.0489 0988 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:19:03.0520 0988 TrustedInstaller - ok
17:19:03.0543 0988 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:19:03.0565 0988 tssecsrv - ok
17:19:03.0591 0988 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:19:03.0607 0988 TsUsbFlt - ok
17:19:03.0618 0988 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:19:03.0636 0988 TsUsbGD - ok
17:19:03.0649 0988 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:19:03.0676 0988 tunnel - ok
17:19:03.0685 0988 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:19:03.0691 0988 uagp35 - ok
17:19:03.0702 0988 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:19:03.0735 0988 udfs - ok
17:19:03.0759 0988 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:19:03.0766 0988 UI0Detect - ok
17:19:03.0774 0988 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:19:03.0780 0988 uliagpkx - ok
17:19:03.0806 0988 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:19:03.0823 0988 umbus - ok
17:19:03.0838 0988 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:19:03.0856 0988 UmPass - ok
17:19:03.0879 0988 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:19:03.0888 0988 UmRdpService - ok
17:19:03.0962 0988 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:19:04.0002 0988 UNS - ok
17:19:04.0011 0988 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:19:04.0035 0988 upnphost - ok
17:19:04.0066 0988 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:19:04.0082 0988 USBAAPL64 - ok
17:19:04.0107 0988 [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:19:04.0120 0988 usbccgp - ok
17:19:04.0152 0988 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:19:04.0172 0988 usbcir - ok
17:19:04.0196 0988 [ 18A85013A3E0F7E1755365D287443965 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:19:04.0215 0988 usbehci - ok
17:19:04.0251 0988 [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:19:04.0269 0988 usbhub - ok
17:19:04.0298 0988 [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:19:04.0303 0988 usbohci - ok
17:19:04.0335 0988 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:19:04.0351 0988 usbprint - ok
17:19:04.0389 0988 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan C:\Windows\system32\drivers\usbscan.sys
17:19:04.0415 0988 usbscan - ok
17:19:04.0438 0988 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:19:04.0465 0988 USBSTOR - ok
17:19:04.0485 0988 [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:19:04.0490 0988 usbuhci - ok
17:19:04.0507 0988 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:19:04.0537 0988 UxSms - ok
17:19:04.0547 0988 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc C:\Windows\system32\lsass.exe
17:19:04.0552 0988 VaultSvc - ok
17:19:04.0581 0988 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:19:04.0586 0988 vdrvroot - ok
17:19:04.0609 0988 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:19:04.0634 0988 vds - ok
17:19:04.0659 0988 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:19:04.0666 0988 vga - ok
17:19:04.0682 0988 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:19:04.0713 0988 VgaSave - ok
17:19:04.0725 0988 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:19:04.0733 0988 vhdmp - ok
17:19:04.0750 0988 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:19:04.0755 0988 viaide - ok
17:19:04.0787 0988 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:19:04.0795 0988 vmbus - ok
17:19:04.0802 0988 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:19:04.0820 0988 VMBusHID - ok
17:19:04.0842 0988 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:19:04.0848 0988 volmgr - ok
17:19:04.0853 0988 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:19:04.0863 0988 volmgrx - ok
17:19:04.0867 0988 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:19:04.0876 0988 volsnap - ok
17:19:04.0893 0988 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:19:04.0900 0988 vsmraid - ok
17:19:04.0941 0988 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:19:04.0991 0988 VSS - ok
17:19:05.0004 0988 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:19:05.0018 0988 vwifibus - ok
17:19:05.0033 0988 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:19:05.0058 0988 W32Time - ok
17:19:05.0075 0988 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:19:05.0087 0988 WacomPen - ok
17:19:05.0106 0988 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:19:05.0126 0988 WANARP - ok
17:19:05.0128 0988 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:19:05.0147 0988 Wanarpv6 - ok
17:19:05.0183 0988 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:19:05.0223 0988 wbengine - ok
17:19:05.0235 0988 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:19:05.0251 0988 WbioSrvc - ok
17:19:05.0264 0988 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:19:05.0277 0988 wcncsvc - ok
17:19:05.0293 0988 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:19:05.0317 0988 WcsPlugInService - ok
17:19:05.0347 0988 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:19:05.0352 0988 Wd - ok
17:19:05.0382 0988 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:19:05.0398 0988 Wdf01000 - ok
17:19:05.0414 0988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:19:05.0465 0988 WdiServiceHost - ok
17:19:05.0467 0988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:19:05.0476 0988 WdiSystemHost - ok
17:19:05.0498 0988 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient C:\Windows\System32\webclnt.dll
17:19:05.0518 0988 WebClient - ok
17:19:05.0532 0988 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:19:05.0561 0988 Wecsvc - ok
17:19:05.0573 0988 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:19:05.0594 0988 wercplsupport - ok
17:19:05.0612 0988 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:19:05.0647 0988 WerSvc - ok
17:19:05.0686 0988 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:19:05.0706 0988 WfpLwf - ok
17:19:05.0726 0988 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:19:05.0732 0988 WIMMount - ok
17:19:05.0747 0988 WinDefend - ok
17:19:05.0755 0988 WinHttpAutoProxySvc - ok
17:19:05.0795 0988 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:19:05.0817 0988 Winmgmt - ok
17:19:05.0861 0988 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:19:05.0902 0988 WinRM - ok
17:19:05.0949 0988 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:19:05.0968 0988 WinUsb - ok
17:19:05.0992 0988 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:19:06.0021 0988 Wlansvc - ok
17:19:06.0045 0988 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:19:06.0051 0988 WmiAcpi - ok
17:19:06.0069 0988 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:19:06.0084 0988 wmiApSrv - ok
17:19:06.0105 0988 WMPNetworkSvc - ok
17:19:06.0122 0988 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:19:06.0133 0988 WPCSvc - ok
17:19:06.0152 0988 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:19:06.0174 0988 WPDBusEnum - ok
17:19:06.0187 0988 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:19:06.0216 0988 ws2ifsl - ok
17:19:06.0230 0988 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:19:06.0240 0988 wscsvc - ok
17:19:06.0242 0988 WSearch - ok
17:19:06.0288 0988 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:19:06.0327 0988 wuauserv - ok
17:19:06.0347 0988 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Window
  • taka
  • 2014/03/02 (Sun) 20:59:47
返信フォームへ 
結果はよさそうですね
再度ログを見せてもらいました。結果は大丈夫みたいです。
一つだけ以下が検出されてましたが、
>17:18:59.0853 0988 ProtectMonitor ( UnsignedFile.Multi.Generic ) - warning
>17:18:59.0853 0988 ProtectMonitor - detected UnsignedFile.Multi.Generic (1)

これはTDSSKillerの過剰反応による誤検出なのでいいです。
ではこのツールはフォルダごと削除で片付けていいです。

わずかですがトロイの可能性が出たことも考えて、そのPCで入力したことのある各種パスワード等は可能な限り変更しておくといいでしょう。
時にネットバンキグやショッピングしたことがあればその情報は最優先で変更を。

自分からレスできそうなのはこんなところでしょうか。
あとはIVNOさんのレスがなければ数日ほど様子見して、それで再発なければその時点で「解決」にできるかと思います
  • 悪代官
  • 2014/03/02 (Sun) 21:16:54
返信フォームへ 
Re: 変な広告が出るようになりました
様子見しましたが、再発はありませんでした。
長い間対応していただき、ほんとうにありがとうございました。
  • taka
  • 2014/03/06 (Thu) 22:38:30
返信フォームへ 
長い間放置しておりました
>>old_monitor.exe
>>
>>こちらの変更が完了したら、PCを通常起動させるために再起動させてください。
>>もしこれでPCに問題がなければ、先に変更したファイルはウイルス確定です。
>>異常がありましたら、再度セーフモードで起動させ、変更した名前を元に戻してください。

>と指示を出してもらったのですが
>今のところchoromeを再インストした時点で既に異常がみられないので、
>名前を書き換えても、そのファイルがウイルス確定かどうかわからないのでは...?と・・・

こちらですが、名前を書き換えてPCが不具合を起こす場合、PCの動作に必要なものであり、
名前を書き換えてもPCが不具合を起こさなければ、PCの動作に必要なものではないと言うことです。
こちらのソフトウェアは一部でトロイの木馬判定が出ておりますので、
その問題の切り分けのためにご案内いたしました。
セーフモードで上記のファイルの名称が変更できなかった場合や、
変更した後にPCの動作がおかしくなった場合は、こちらは必要なファイルだったということで、
名称を戻すことにより復帰させることが可能です。
  • IVNO
  • MAIL
  • 2014/03/07 (Fri) 03:34:50
返信フォームへ 
Re: 変な広告が出るようになりました
INVOさん
わかりました、今一度、処理を行ってみます
  • taka
  • 2014/03/07 (Fri) 09:47:23
返信フォームへ 
Re: 変な広告が出るようになりました
遅くなりました、名前を変更しても異常は見られませんでした
  • taka
  • 2014/03/13 (Thu) 23:05:30
返信フォームへ 
それでは念のため隔離して保存しつつ削除しましょう
名称を変更してもPCの動作には変化がなかったとのことですので、
該当ファイルを念のために右クリックして送る→圧縮(ZIP形式)フォルダーを選択し、
動作を封じ、元データは右クリックし、Shiftを押しながら削除をクリックし、
PCから完全に削除してください。
1週間程度ご利用いただいて、異常が見受けられなかった場合、
バックアップとして取っておいたZIP形式フォルダーも削除してください。
  • IVNO
  • 2014/03/14 (Fri) 18:01:02
返信フォームへ 
Re: 変な広告が出るようになりました
異常が見られなかったのですべて削除いたしました
ありがとうございました。本当に助かりました。
  • taka
  • 2014/03/22 (Sat) 19:32:10
返信フォームへ 
それでは自衛して解決で
目立った問題もないみたいですので、このまま自衛して解決としましょう。
再度感染しないように、Windows Updateを怠らない、怪しいサイトには行かない、フリーウェアは極力使わない、
P2Pファイル共有ソフトには一切手を出さないなどの「自衛」はしっかりと行ってください。
また、ほかの方の質問を見て、色々なものへの対応策を身につけるのも一つの自衛です。
近年情報流出が激化しておりますが、セキュリティソフトだけではこのようなマルウェアは防げませんので、
今回のような他人に頼らざるを得ない状況となった伏魔殿での苦い経験を今後の糧に、ご自身のPCと真剣に向き合い、
有益で安全なPCライフを実現してゆきましょう。
今回使用したツールはすべて片付けておいてください。
それではご安全に。
  • IVNO
  • 2014/03/23 (Sun) 15:08:07
返信フォームへ 

返信フォーム
プレビュー (投稿前に内容を確認)
  
Template by  マシマロック