悪代官の伏魔殿掲示板
広告が出てしまいます
こんばんは。
数日前にDLしたファイルのせいか変な広告がでしまいます。
adwcleanerで除去できたので、復元ポイント作成したのですが翌日にPC立ち上げると同じ現象が起きてしまいます。
aduckyの他に、アドレスバーを見ると即時アドレスが変わって広告が表示されています。
検索バーにマウスをもっていったり、リンク先を開くだけでも左側や、違う画面が立ち上がり同じ画面が続々出る状態です。
ログを取得後、セーフモードで立ち上げたのですが、LAN接続の為IEにつながりません。その後通常に戻しています。
他の投稿を見ながらATFのDLまでは完了していますがセーフモードで起動できない為、この後の作業が止まっています。通常モードでも作業出来ますでしょうか?
ご確認、宜しくお願いします。

●HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:00:48, on 2014/08/14
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\user\Downloads\IObitUninstallerPortable\App\uninstaller\IObitUninstaler.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\user\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (file missing)
O2 - BHO: MySearch - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ホームページぷりんと2BHO - {EFC91ACA-519F-428D-8472-81E158609D25} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: ホームページぷりんと2 - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://202.241.175.203/SysCamInst.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Baidu Japanese IME Service_2.8.1.12 (BaiduJP_IME_Service_2.8.1.12) - Unknown owner - C:\Program Files (x86)\Baidu\IME\2.8.1.12\BaiduJPServ.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google アップデート サービス (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - 株式会社モーリン - C:\Program Files (x86)\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: sogr - Unknown owner - C:\windows\Microsoft\sogr\WindowsUpdater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9113 bytes




●CC

Adobe Acrobat XI Pro Adobe Systems 2014/05/14 4.84 GB 11.0.07
Adobe AIR Adobe Systems Incorporated 2013/01/04 3.5.0.880
Adobe Download Assistant Adobe Systems Incorporated 2013/01/04 1.2.3
Adobe Flash Player 14 ActiveX Adobe Systems Incorporated 2014/07/10 6.00 MB 14.0.0.145
Adobe Flash Player 14 Plugin Adobe Systems Incorporated 2014/07/10 6.00 MB 14.0.0.145
Adobe Reader X (10.1.10) - Japanese Adobe Systems Incorporated 2014/05/15 138 MB 10.1.10
AutoCAD 2013 - 日本語 (Japanese) Autodesk 2013/01/12 19.0.55.0
Autodesk Content Service Autodesk 2013/01/12 3.0.84.0
Autodesk Inventor Fusion 2013 Autodesk, Inc. 2013/01/12 585 MB 2.0.0.206
Autodesk Inventor Fusion plug-in for AutoCAD 2013 Autodesk 2013/01/12 0.2.0.230
Autodesk Material Library 2013 Autodesk 2013/01/12 94.9 MB 3.0.13
Autodesk Material Library Base Resolution Image Library 2013 Autodesk 2013/01/12 71.4 MB 3.0.13
Autodesk Sync Autodesk, Inc. 2013/01/12 45.3 MB 3.5.24.0
BookScan&Whiteboard Suite Reallusion 2012/12/08 1.0
Brother ドライバー&ソフトウェア DCP-J925N Brother Industries, Ltd. 2012/12/08 1.0.13.0
BrowseToSave 2012/03/19 1.0
CCleaner Piriform 2014/08/14 4.16
CloneDVD2 Elaborate Bytes 2013/01/01 2.9.3.0
DVDFab 8.0.7.3 (29/01/2011) Fengtao Software Inc. 2012/03/30 37.7 MB
FaceFilter Studio Brother Edition 2012/12/08 1.0
FARO LS 1.1.406.58 FARO Scanner Production 2012/12/10 21.5 MB 4.6.58.2
ffdshow v1.2.4422 [2012-04-09] FreeCodecPack 2014/03/30 13.5 MB 1.2.4422.0
Genesys USB Mass Storage Device Genesys Logic 2012/01/10 4.0.2.1
GetASFStream 2012/05/05
Google Chrome Google Inc. 2012/01/10 34.0.1847.116
Google Toolbar for Internet Explorer Google Inc. 2014/03/29 7.5.5111.1712
Homepage Print 2 CORPUS CORPORATION 2012/12/08 6.08 MB 1.0.0.0
Intel(R) Control Center Intel Corporation 2012/03/26 1.2.1.1007
Intel(R) Management Engine Components Intel Corporation 2012/03/25 7.0.0.1118
Intel(R) Network Connections Drivers Intel 2012/01/11 15.4
Intel(R) Processor Graphics Intel Corporation 2014/03/23 9.17.10.3347
Java 7 Update 65 Oracle 2013/07/18 129 MB 7.0.650
Java(TM) 6 Update 31 (64-bit) Oracle 2012/04/10 91.8 MB 6.0.310
Kingsoft Office 2010 (6.6.0.2724) Kingsoft Corp. 2013/02/03 6.6.0.2724
Lenovo Dynamic Brightness System Lenovo 2012/01/10 4.0.00.22080
Lenovo Eye Distance System Lenovo 2012/01/10 4.0.00.21090
Lenovo Power2Go CyberLink Corp. 2012/01/10 154 MB 6.0.4827a
Lenovo Rescue System CyberLink Corp. 2012/01/11 3.0.1409
Lenovo Tinian Fn PS/2 Keyboard Driver Lenovo 2012/01/10 V1.0.11.0321
LVT Lenovo 2012/01/10 4.1.3.0309
Microsoft .NET Framework 4.5.1 Microsoft Corporation 2014/03/23 38.8 MB 4.5.50938
Microsoft .NET Framework 4.5.1 (日本語) Microsoft Corporation 2014/03/31 2.93 MB 4.5.50938
Microsoft Office File Validation Add-In Microsoft Corporation 2014/05/15 10.9 MB 14.0.5130.5003
Microsoft Office Professional Plus 2007 Microsoft Corporation 2012/04/02 12.0.6612.1000
Microsoft Security Essentials Microsoft Corporation 2014/08/11 4.5.216.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2012/01/10 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2012/12/23 298 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2012/12/08 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 2012/12/10 784 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/12/23 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 2012/01/10 3.51 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/12/10 228 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2012/03/29 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2012/12/23 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2012/12/23 15.0 MB 10.0.40219
NewSoft CD Labeler NewSoft Technology Corporation 2012/12/08 2.00.00
NTT西日本 リモートサポートツール 西日本電信電話株式会社 2013/01/12
OneKey Recovery CyberLink Corp. 2012/03/25 3.0.1409
Presto! ImageFolio 4 NewSoft Technology Corporation 2012/12/08 4.50.02
Presto! PageManager 9.02 SE Newsoft Technology Corporation 2013/01/20 9.02.00
RealPlayer Cloud RealNetworks 2014/06/22 91.7 MB 17.0.10
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2012/01/10 6.0.1.6230
StreamTransport version: 1.0.2.2171 2012/04/26
Windows Live Essentials Microsoft Corporation 2012/07/14 15.4.3555.0308
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 2012/01/10 5.57 MB 15.4.5722.2
WinRAR 4.01 (64ビット) win.rar GmbH 2012/03/29 4.01.0
WinX HD Video Converter Deluxe 4.0.0 Digiarty Software, Inc. 2013/07/13 111 MB
キングソフト辞書 キングソフト株式会社 2012/01/11 2011.05.11.1.1
スタートアップツール 西日本電信電話株式会社 2014/05/03 2.61 MB 7.3
セキュリティ申込・設定ツール 西日本電信電話株式会社 2013/01/12 3.57 MB 5.1.0.11
リモート接続用の Windows Live Mesh ActiveX コントロール (日本語) Microsoft Corporation 2012/01/10 5.57 MB 15.4.5722.2
レノボ ドライバとアプリのインストール Lenovo 2012/01/10 5.10.1809
筆まめ Ver.20 販売元:株式会社クレオ 開発元:株式会社モーリン 2012/11/05 814 MB 20.00.0007
診断復旧ツール 西日本電信電話株式会社 2014/04/19 12.5 MB


●googe

有効 Extension Google ウォレット 0.0.6.1 Default C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0
無効 Extension RealPlayer Downloader 17.0.11 Default C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.11_1


●IE

有効 Extension Research Microsoft Corporation C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Extension 故障かな?と思ったら・・・ 西日本電信電話株式会社 C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
無効 Helper Adobe Acrobat Create PDF from Selection Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
無効 Helper Adobe Acrobat Create PDF from Selection Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
無効 Helper Adobe Acrobat Create PDF Helper Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
無効 Helper Adobe Acrobat Create PDF Helper Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper Sun Microsystems, Inc. C:\Program Files\Java\jre6\bin\jp2ssv.dll
有効 Helper MySearch C:\Program Files (x86)\MySearch\h.dll
有効 Helper MySearch C:\Program Files (x86)\MySearch\h.x64.dll
無効 Helper NaviNow Web Tool 1.0 C:\Users\Public\DOCUME~1\navinow\NAVINO~1.DLL
無効 Helper RealNetworks Download and Record Plugin for Internet Explorer RealDownloader C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
無効 Helper RealNetworks Download and Record Plugin for Internet Explorer RealDownloader C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
無効 Helper TmBpIeBHO Class C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
無効 Helper TmBpIeBHO Class C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
無効 Helper ホームページぷりんと2BHO CORPUS CORPORATION C:\PROGRA~2\HOMEPA~1\IEBand.dll
無効 Toolbar Adobe Acrobat Create PDF Toolbar Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
無効 Toolbar Adobe Acrobat Create PDF Toolbar Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
無効 Toolbar ホームページぷりんと2 CORPUS CORPORATION C:\PROGRA~2\HOMEPA~1\IEBand.dll


●windows

無効 HKCU:Run Akamai NetSession Interface "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
無効 HKCU:Run ApplicationManager C:\Users\user\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
無効 HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
無効 HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
無効 HKLM:Run APSDaemon "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
無効 HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
無効 HKLM:Run QuickTime Task "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
無効 HKLM:Run TkBellExe RealNetworks, Inc. "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot


●タスク

有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task RealDownloaderDownloaderScheduledTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
有効 Task RealDownloaderRealUpgradeLogonTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /logoncheck
有効 Task RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck
有効 Task RealPlayerRealUpgradeLogonTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
有効 Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck





  • baikon
  • 2014/08/14 (Thu) 22:10:53
返信フォームへ 
Re: 広告が出てしまいます
こんばんは、たまに出てくる回答者のイルカです。管理人の悪代官さんではありませんがご勘弁を。

ログを見ますと、原因はMySearchでしょうか。
他にもいくつかアドウェアと思われるエントリがありますので、これらも含めて駆除していきましょう。

ATFは通常モードでの実行も可能ですが、あらかじめできるだけのソフトは終了しておいてください。


■ソフトウェアの更新
以下のソフトはバージョンが古いので、特別な理由のない限りアップデートを推奨します。
古いバージョンのソフトにはセキュリティ上の脆弱性があり、ウイルスに狙われる定番となっていますので。
使っていないのであればアンインストールしてもいいでしょう。

・Adobe AIR
・Adobe Flash Player 14 ActiveX
・Adobe Flash Player 14 Plugin
・Adobe Reader X (10.1.10) - Japanese
公式サイトから最新版をダウンロードし、インストールしてください。
途中でMcAfee Security Scan Plusとか余計なものを入れないように。



■不要と思われるソフトウェアのアンインストール
コントロールパネルからで構いません。無ければ無視で。

・BrowseToSave
アドウェアのようです。アンインストールを推奨します。



■OTLによる解析
OTLと呼ばれる、高機能解析ツールを使って調べます。

1. 以下にある(直リンクです)解析ツール「OTL」(OldTimer Listit)をダウンロードし、デスクトップに置いてください。
ウイルス対策ソフトやブラウザから危険判定されるかもしれませんが、誤検知ですので気にしないで進めてください。
http://oldtimer.geekstogo.com/OTL.exe

2. 実行後、次の設定を変更してください。
・ウィンドウの上の方にある「Scan All Users」にチェックを入れる
・「Scan 64bit Files」があった場合には、それにもチェックを入れる
・「Extra Registry」を「Use SafeList」に設定する
・「File Scans」の「File Age」を「60 Days」に設定する

3. 以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT

3. 左上の「Run Scan」を押してください。数分すると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に出来ます。


これらのファイルの内容を、分割した上で本文に貼り付けてください。特にOTL.txtは結構長いので、途中で分割しないと切れてしまいます。
最大文字数を超えた場合、貼り付けることはできても、投稿すると切れてしまいますので。
途中の「[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]」あたりで分割してみてください。
  • イルカ
  • 2014/08/14 (Thu) 22:37:50
返信フォームへ 
Re: 広告が出てしまいます
いるか様

こんばんは。
迅速な対応ありがとうございます!
以下、OTRのファイルですので確認お願いいたします。


●OTL

OTL logfile created on: 2014/08/14 23:09:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.91 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.71% Memory free
7.83 Gb Paging File | 6.16 Gb Available in Paging File | 78.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 36.75 Gb Free Space | 37.63% Space Free | Partition Type: NTFS
Drive D: | 342.93 Gb Total Space | 110.52 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/08/14 23:07:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2014/07/29 10:16:38 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\PicRec (x86)\PicRec (x86)\WFP\FilterUsageExample.exe
PRC - [2014/07/29 10:16:38 | 000,019,968 | ---- | M] () -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe
PRC - [2014/06/22 13:57:35 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/06/10 22:03:38 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/12/21 15:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/03/16 13:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
PRC - [2010/10/05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/05/22 20:29:46 | 000,263,448 | ---- | M] (株式会社モーリン) -- C:\Program Files (x86)\Common Files\Creoapp\MrnTS_Sync5.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014/07/25 22:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/12/10 23:48:43 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/07/29 10:16:38 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe -- (sogr)
SRV - [2014/06/22 13:57:35 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/06/10 22:03:38 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/21 15:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/03/16 13:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
SRV - [2010/10/05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/05/22 20:29:46 | 000,263,448 | ---- | M] (株式会社モーリン) [Auto | Running] -- C:\Program Files (x86)\Common Files\Creoapp\MrnTS_Sync5.exe -- (MrnTS_Sync5)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2014/07/29 10:16:38 | 000,049,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netmon_wfp.sys -- (netmon_wfp)
DRV:[b]64bit:[/b] - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013/10/02 11:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/04/29 09:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:[b]64bit:[/b] - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 23:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/01/11 05:50:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012/01/11 05:50:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/05/18 14:50:01 | 000,058,368 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor)
DRV:[b]64bit:[/b] - [2010/12/17 07:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010/09/21 15:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:[b]64bit:[/b] - [2010/06/19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:[b]64bit:[/b] - [2009/07/22 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 06:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009/06/11 05:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/04/08 23:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2010/03/23 11:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpro.com/search/toolbar/hao123/{B8A604A6-7A71-57CB-E1D0-D1416BA0AA83}?q={searchTerms}
IE - HKLM\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-19\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-20\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}

IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.jp/
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpro.com/search/toolbar/hao123/{B8A604A6-7A71-57CB-E1D0-D1416BA0AA83}?q={searchTerms}
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npNxGameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.11.0: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.11.0: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\NTTW\Security\SEC\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HomePagePrint2@corpus.co.jp: C:\Program Files (x86)\Homepage Print 2\Firefox [2012/12/08 21:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/05/14 18:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DD9AC48-0855-4AE7-9934-159B4377FFA2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/06/22 13:58:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtest4354@BestOffers: C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014/03/30 01:59:32 | 000,000,000 | ---D | M]

[2014/03/30 01:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2014/03/30 01:59:26 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
[2014/03/30 01:59:32 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
[2014/06/21 16:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2014/06/21 16:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins
[2012/11/29 23:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader@ftdownloader.com.xpi
[2012/11/10 22:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/28 19:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/28 19:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/28 19:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://jp.hao123.com/?tn=smt_hp_hao123_jp
CHR - plugin: Error reading preferences file
CHR - Extension: RealPlayer Downloader = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.11_1\
CHR - Extension: Google 繧ヲ繧ゥ繝ャ繝・ヨ = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2013/01/17 22:36:26 | 000,001,028 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O2:[b]64bit:[/b] - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:[b]64bit:[/b] - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O2:[b]64bit:[/b] - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.x64.dll File not found
O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:[b]64bit:[/b] - BHO: (NaviNow Web Tool 1.0) - {F6AC6E26-60C4-4132-95EA-F9B2D23C2990} - C:\Users\Public\DOCUME~1\navinow\NAVINO~1.DLL File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O2 - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ホームページぷりんと2BHO) - {EFC91ACA-519F-428D-8472-81E158609D25} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll (CORPUS CORPORATION)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ホームページぷりんと2) - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll (CORPUS CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-4033256246-680146763-291166523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\S-1-5-21-4033256246-680146763-291166523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-4033256246-680146763-291166523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe (西日本電信電話株式会社)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://202.241.175.203/SysCamInst.cab (Panasonic Network Camera)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA1A0795-C4FA-4704-B1E8-46FDEE511F1F}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/11 21:00:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2014/08/14 23:07:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/08/14 23:05:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/14 21:23:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/08/14 21:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/14 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/14 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/08/14 18:51:52 | 000,000,000 | ---D | C] -- C:\windows\jumpshot.com
[2014/08/14 02:03:13 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/14 02:03:13 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/14 02:03:13 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/14 02:03:13 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/14 02:03:11 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/14 02:03:11 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/14 02:02:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/14 02:02:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDYAK.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDYAK.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDTAT.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDTAT.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU1.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDBASH.DLL
[2014/08/14 00:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU1.DLL
[2014/08/14 00:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU.DLL
[2014/08/14 00:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU.DLL
[2014/08/14 00:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDBASH.DLL
[2014/08/14 00:57:45 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/14 00:57:44 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/14 00:57:43 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/14 00:57:43 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/14 00:57:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/14 00:57:43 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/14 00:57:40 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/08/14 00:57:36 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/08/14 00:57:35 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/08/14 00:57:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/14 00:57:35 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/08/14 00:57:35 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/14 00:57:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/08/14 00:57:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/08/14 00:57:34 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/08/14 00:57:34 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/08/14 00:57:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/08/14 00:57:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/08/14 00:57:33 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/08/14 00:57:33 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/08/14 00:57:33 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/08/14 00:57:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/08/14 00:57:32 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/08/14 00:57:31 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/08/14 00:57:29 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/08/14 00:57:29 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/08/14 00:57:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/08/14 00:57:27 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/08/14 00:57:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/08/14 00:57:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/08/14 00:57:26 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/08/14 00:57:26 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/08/14 00:57:25 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/08/14 00:57:25 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/08/14 00:57:25 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/08/14 00:57:25 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/08/14 00:57:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/08/14 00:57:24 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/08/14 00:57:24 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/08/14 00:57:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/08/14 00:57:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/08/14 00:57:23 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/14 00:54:41 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/13 19:42:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\computer software market
[2014/08/11 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\eCyber
[2014/08/11 20:18:07 | 000,045,248 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/08/11 20:18:05 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log
[2014/08/11 20:17:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\iSafe
[2014/08/11 19:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/08/11 19:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/08/11 19:25:07 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\windows\SysNative\drivers\PSKMAD.sys
[2014/08/11 19:25:05 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\DASBOOT
[2014/08/11 19:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2014/08/10 19:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PicRec
[2014/08/10 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PicRec
[2014/08/10 19:29:48 | 000,000,000 | ---D | C] -- C:\http_filter
[2014/08/10 19:29:46 | 000,000,000 | ---D | C] -- C:\windows\Microsoft
[2014/08/10 19:29:40 | 000,049,880 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\netmon_wfp.sys
[2014/08/10 19:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicRec (x86)
[2014/08/03 20:23:00 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 6
[2014/08/03 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 5
[2014/08/03 20:22:45 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 4
[2014/08/03 20:22:40 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 3
[2014/08/03 20:22:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 2
[2014/08/03 16:59:26 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 1
[2014/07/30 19:49:58 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 1
[2014/07/28 22:34:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\baidu
[2014/07/26 23:38:04 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 2
[2014/07/26 18:57:10 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 3
[2014/07/26 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 4
[2014/07/22 19:11:20 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 5
[2014/07/22 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 6
[2014/07/21 21:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/21 21:44:06 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/07/21 21:44:03 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/07/21 21:44:03 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/07/21 21:44:03 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/17 22:06:46 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 7
[2014/07/10 18:22:55 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe
[2014/07/10 18:22:55 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe
[2014/07/10 18:22:50 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/07/10 18:22:50 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2014/07/10 18:22:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2014/07/10 18:17:54 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/06/22 13:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/06/22 13:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/06/22 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/06/21 16:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AppSnow
[2014/06/21 16:17:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Chromatic Browser
[2014/06/16 22:23:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2012/01/11 06:42:29 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[2 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2014/08/14 23:07:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/08/14 22:17:00 | 000,000,704 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/14 21:35:32 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/14 21:35:32 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/14 21:27:47 | 000,000,700 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/14 21:27:38 | 000,809,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/14 21:27:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/14 21:27:12 | 3152,359,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/14 21:03:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/14 17:58:24 | 001,351,330 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/14 17:58:24 | 000,668,716 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/14 17:58:24 | 000,424,608 | ---- | M] () -- C:\windows\SysNative\perfh011.dat
[2014/08/14 17:58:24 | 000,126,950 | ---- | M] () -- C:\windows\SysNative\perfc011.dat
[2014/08/14 17:58:24 | 000,126,868 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/11 19:37:29 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/08/08 15:24:04 | 000,045,248 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/07/30 01:07:10 | 000,000,242 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/29 10:16:38 | 000,049,880 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\netmon_wfp.sys
[2014/07/25 23:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/07/25 22:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/07/25 22:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/07/25 22:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/07/25 22:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/07/25 22:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/07/25 22:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/07/25 22:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/07/25 22:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/07/25 21:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/07/25 21:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 21:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/07/25 21:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/07/25 21:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/07/25 21:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/07/25 21:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/07/25 21:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 21:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/07/25 21:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/07/25 21:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/07/25 21:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/07/25 21:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/07/25 21:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/07/25 21:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/07/25 20:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/07/25 20:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 20:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/07/25 20:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/07/25 20:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/07/25 20:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/07/25 20:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/07/25 20:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/07/25 20:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/07/25 19:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/07/25 19:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/07/16 12:25:04 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/07/14 11:02:45 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/07/11 03:02:05 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/11 02:56:08 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/07/11 02:56:01 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/07/11 02:55:32 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/07/09 11:03:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\KBDYAK.DLL
[2014/07/09 11:03:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\KBDTAT.DLL
[2014/07/09 11:03:23 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU1.DLL
[2014/07/09 11:03:23 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU.DLL
[2014/07/09 11:03:22 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\KBDBASH.DLL
[2014/07/09 10:31:42 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\KBDYAK.DLL
[2014/07/09 10:31:42 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\KBDTAT.DLL
[2014/07/09 10:31:42 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU1.DLL
[2014/07/09 10:31:42 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU.DLL
[2014/07/09 10:31:41 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\KBDBASH.DLL
[2014/07/01 07:24:50 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/07/01 07:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/06/22 13:58:35 | 000,000,942 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2014/06/22 13:57:58 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2014/06/22 13:57:37 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2014/06/18 11:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\osk.exe
[2014/06/18 10:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\osk.exe
[2 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/08/14 21:03:50 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/22 13:58:35 | 000,000,942 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2014/05/21 18:52:24 | 000,000,000 | ---- | C] () -- C:\windows\NewSoft CD Labeler.INI
[2014/03/30 01:55:37 | 000,079,360 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2014/03/20 19:08:17 | 000,407,948 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/01/12 15:25:09 | 000,234,544 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2013/01/12 15:25:09 | 000,022,064 | ---- | C] () -- C:\windows\DCEBoot64.exe
[2013/01/12 15:11:57 | 000,000,242 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/01/01 17:59:40 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/12/10 23:49:10 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/12/10 23:39:19 | 001,330,178 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/12/08 21:37:12 | 000,000,000 | RHS- | C] () -- C:\windows\FFSSET.BIN
[2012/12/08 21:35:46 | 000,001,915 | ---- | C] () -- C:\windows\if42le.ini
[2012/12/08 21:35:46 | 000,000,326 | ---- | C] () -- C:\windows\Pexplore.ini
[2012/09/23 21:02:24 | 000,637,952 | ---- | C] () -- C:\windows\SysWow64\7-zip32.dll
[2012/03/28 23:05:11 | 000,009,184 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Excel 97-2003.EML

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 11:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 10:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2014/08/14 21:27:47 | 000,000,700 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/14 22:17:00 | 000,000,704 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500413AS ATA Device
Partitions: 4
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Brother DCP-J925N USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 98.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 343.00GB
Starting Offset: 104963506176
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 25.00GB
Starting Offset: 473185648640
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2013/02/27 14:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2014/04/12 11:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2013/07/09 14:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 13:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C
  • baikon
  • 2014/08/14 (Thu) 23:41:09
返信フォームへ 
Re: 広告が出てしまいます
以下、続きです


●Extras

OTL Extras logfile created on: 2014/08/14 23:09:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.91 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.71% Memory free
7.83 Gb Paging File | 6.16 Gb Available in Paging File | 78.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 36.75 Gb Free Space | 37.63% Space Free | Partition Type: NTFS
Drive D: | 342.93 Gb Total Space | 110.52 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\user\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\user\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C162E8F-E8DD-4048-A403-DC47FF7F75C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E7BE6C2-A8BD-4381-AE1A-B75B70CA4252}" = rport=10243 | protocol=6 | dir=out | app=system |
"{37945EE4-406C-4E96-B85B-47BEDF56F6A3}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
"{4BB65BE8-A3F6-4CE3-A30E-B8FED23F8C99}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F2E4C74-E5C4-4B15-AF3E-4CEAD3BC79E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52B7B8E7-AEBF-44E0-93BE-CE0FA9FDD322}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{531A6949-B7C9-4135-9BDE-6E6C98ED2F55}" = rport=137 | protocol=17 | dir=out | app=system |
"{5372D955-4D68-4E23-80DF-0A89FDCCEE78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{606CBBF8-6DB3-4A78-8902-64E12F94EA1B}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{61C79847-5480-463E-91C8-46148CCBB05D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CAF3E00-C23D-4E76-809B-0D247C8A2D80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82BC122A-9BA3-40EC-A9C8-AAEF12DF38F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{83B4D557-D223-4BAB-926F-0EECA30EE791}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{83E45600-1219-49A4-963F-BD8EA66FFD43}" = rport=138 | protocol=17 | dir=out | app=system |
"{861618E1-086E-48AA-BCB2-978D711A7D8B}" = lport=137 | protocol=17 | dir=in | app=system |
"{86555C90-BF20-4868-817F-8C2A7B422E3C}" = rport=445 | protocol=6 | dir=out | app=system |
"{86CF0377-8CE4-4C61-8B94-E74AC7916974}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F9ABBC3-39DE-49C1-BEAA-B45D3F5923DF}" = rport=139 | protocol=6 | dir=out | app=system |
"{91E24F63-A676-4886-8366-31771D05D466}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98F53C57-5038-4A2D-9FC2-B1D982183F87}" = lport=138 | protocol=17 | dir=in | app=system |
"{9B17F54F-ED5A-4183-90F0-8CE573C6AE87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFFB0C10-54FE-4B1F-8CF2-229B83900C8B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B65DB222-864A-48F1-97CA-DDB22F02EC10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA8D52BD-69B7-43FF-BB67-A5D01BCC0FB7}" = lport=445 | protocol=6 | dir=in | app=system |
"{DAD676AB-A554-4E18-9209-8B63FE5D228F}" = lport=139 | protocol=6 | dir=in | app=system |
"{E228446C-305F-4041-8D98-1A48C26C9E93}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E51CC397-6869-4C12-BD7B-720312FCA217}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EBFC16A8-C06E-4931-8D23-2E9F924BD8DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECC7DC44-82F2-47F4-AFCD-34E5487525DF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043C267A-5CF5-46D9-9405-5462B8CC77C7}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{08C903DA-B786-462A-A564-9ED35E303F13}" = protocol=17 | dir=in | app=c:\nexon\counter-strike online\bin\cstrike-online.exe |
"{0A2EFDAA-A251-4B78-BEBC-6F244CFC2246}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{0D4BFC92-BD96-44D0-96D4-798D9255196B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BDD8AEF-61D4-4BEE-8905-2FC768DD1FB6}" = protocol=17 | dir=in | app=c:\program files (x86)\nakido\nakido.exe |
"{1CDD88AB-8EC0-44DC-BC10-FFCA244C6557}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{2684A81D-3D8D-4FB8-801B-AD665DA75DDA}" = protocol=6 | dir=in | app=c:\program files (x86)\nakido\nakido.exe |
"{27A41A58-8447-4456-85D3-E8090D84C46C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3710DA6A-4649-4ADA-AB67-C3929932039B}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{375C8222-4C31-44B1-B811-0B222DD55B5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3841AEA1-8739-4466-A174-E59175068BE2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D716DC7-890A-44A4-87B5-F09BDE402A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{45C2F703-8F46-4BF1-8003-1BE635EFEAA8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4767A2CD-3235-46A8-87B5-CC9740CC5BAE}" = protocol=6 | dir=in | app=c:\nexon\counter-strike online\bin\cstrike-online.exe |
"{4B3BF988-384C-4D62-A74E-8DBD86CB7AAB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5DC8F353-1E51-4DD9-9D14-11892AD50A4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6885040A-8488-40A3-9EB3-70BD1EEEE979}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe |
"{6BFEAD38-1B18-4400-8E22-7FE2793B92F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6EEDBFD3-BE08-41C7-B09B-ED3747576BCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{700BC279-2840-4ADE-8D71-96F21264FEDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7698680A-AA54-4679-8004-7AE76CA95A87}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{775AC490-110A-4E61-B381-029AD1221AC4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{807E6472-8A8B-4AC7-B289-F63B7447D701}" = protocol=58 | dir=in | app=system |
"{85A5035A-E395-43F9-BC32-506681D191FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8716CFFD-C547-487A-AB38-5B800FB58F1C}" = protocol=6 | dir=out | app=system |
"{8EE568B8-911A-49D1-8B1A-B05A022CADCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96C69452-E1A6-43A1-AE3F-DBC1C3429F0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A22D1289-4A80-4741-BF26-570604A9F692}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{A86668CC-072D-4C35-90F0-30D5DC60F838}" = protocol=17 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{B122C080-9D3E-4D55-B549-671C44584606}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{B147398E-63F0-414B-BD8E-25B4BFE45E63}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{B81F8021-3CA1-4614-868B-2445FA7CE85C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2FF273D-4A67-4B61-8208-8E4AB6D306E5}" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
"{C4322918-6A53-4131-ABE7-2F2986F8AF95}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{D024B672-11CE-4061-9217-13F233580CE0}" = protocol=6 | dir=in | app=c:\programdata\nexonjp\503\nmservice.exe |
"{D12C817B-6C10-4A86-B103-EBDCF85E03B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |
"{D786CA33-7F9C-449C-9146-76A9BE70F916}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2FD1F30-A304-4B62-9CFB-51489A070AFC}" = protocol=17 | dir=in | app=c:\programdata\nexonjp\503\nmservice.exe |
"{ED27F24B-08BB-4C78-95E6-DDE98804512D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EE62C83B-AD9F-410D-A884-4D74E8F04554}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEBA86F9-0C4C-4179-BC7E-682AA7C36421}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EEED909C-B758-4577-BF2D-90A7C1A070E1}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{EFF2A4F0-C998-4B4D-8264-B6EF039052D3}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{F5406DD1-38D6-4BB5-AEC4-AD921A8D166F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FACAA11C-71BF-402E-9333-D741DEB95373}" = protocol=6 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"TCP Query User{00F4A5C2-7190-4E0D-8FA0-127244D45651}C:\windows\syswow64\explorer.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
"TCP Query User{07D16EE4-945B-4534-87D7-E976445425CF}C:\users\user\appdata\roaming\kuuzo\laahu.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\kuuzo\laahu.exe |
"TCP Query User{4CC60E0B-90A9-444D-92BB-CA597DFA8060}C:\users\user\appdata\roaming\nakido\nakido.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\nakido\nakido.exe |
"TCP Query User{717F2A8D-C7EF-40EC-8246-16D6D79C59B1}C:\users\user\appdata\roaming\nakido\nakido.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\nakido\nakido.exe |
"TCP Query User{8D7AE950-F3BE-4354-9928-A0E015E100DD}C:\users\user\appdata\roaming\kuuzo\laahu.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\kuuzo\laahu.exe |
"UDP Query User{0C82B7FB-6A7D-45E2-A58E-626D85BAB0CB}C:\windows\syswow64\explorer.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |
"UDP Query User{3C3DA9A6-D70F-4A3A-AE64-8A06A5F3596F}C:\users\user\appdata\roaming\kuuzo\laahu.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\kuuzo\laahu.exe |
"UDP Query User{842C08ED-1A65-4BBD-8E3F-606E01C407F0}C:\users\user\appdata\roaming\nakido\nakido.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\nakido\nakido.exe |
"UDP Query User{BA1FFCD6-F1F7-4048-AC5B-6149093417ED}C:\users\user\appdata\roaming\nakido\nakido.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\nakido\nakido.exe |
"UDP Query User{F8618E6E-7D81-4412-B1D7-B2B5E0DEDB48}C:\users\user\appdata\roaming\kuuzo\laahu.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\kuuzo\laahu.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1AAF6669-31B2-3840-9346-F0F653840FD1}" = Microsoft .NET Framework 4.5.1 (JPN)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{3BF2C0A8-2C44-4A36-AA96-3BD6FB7BB01F}" = Windows Live Remote Client Resources
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{54C5B89F-0A8C-4C07-A51D-7380974DA459}" = Windows Live Remote Service Resources
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - 日本語 (Japanese)
"{5783F2D7-B001-0411-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - 日本語 (Japanese)
"{5783F2D7-B001-0411-2102-0060B0CE6BBA}" = AutoCAD 2013 - 日本語 (Japanese)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0411-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Japanese) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041" = Microsoft .NET Framework 4.5.1 (日本語)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD 2013 - 日本語 (Japanese)" = AutoCAD 2013 - 日本語 (Japanese)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"WinRAR archiver" = WinRAR 4.01 (64ビット)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019EF473-6D0A-415C-9A2E-1AF5F66AC60F}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{139C06F6-2DC5-485F-B34A-D333AA122379}" = セキュリティ申込・設定ツール
"{15D95497-8F76-41E5-8894-EDDB59E39BD9}" = Windows Live メール
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C2051A-1ACA-48B4-9BA5-24625DCBD880}" = RealDownloader
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 65
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = レノボ ドライバとアプリのインストール
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{57008A17-E76A-4832-A195-FE6A94DC8A66}" = Homepage Print 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7134EF35-DA07-41F8-A71F-66709E194BB5}" = Windows Live Mesh
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{783033B0-D8E6-11D5-9293-0050BA073EEC}" = Presto! ImageFolio 4
"{81AB7CB8-76C7-4557-B713-C93930AFCB54}" = 筆まめ Ver.20
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
"{894194F9-B4B9-4F1C-AFB5-5A5998DAFA3C}" = Presto! PageManager 9.02 SE
"{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォト ギャラリー
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0411-0000-0000000FF1CE}" = Microsoft Office Access MUI (Japanese) 2007
"{90120000-0015-0411-0000-0000000FF1CE}_PROPLUS_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2007
"{90120000-0016-0411-0000-0000000FF1CE}_PROPLUS_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0411-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Japanese) 2007
"{90120000-0018-0411-0000-0000000FF1CE}_PROPLUS_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0411-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Japanese) 2007
"{90120000-0019-0411-0000-0000000FF1CE}_PROPLUS_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2007
"{90120000-001A-0411-0000-0000000FF1CE}_PROPLUS_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2007
"{90120000-001B-0411-0000-0000000FF1CE}_PROPLUS_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
"{90120000-001F-0411-0000-0000000FF1CE}_PROPLUS_{8B0BBAAA-BB10-41E1-B27E-24CF08CBB253}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
"{90120000-0028-0411-0000-0000000FF1CE}_PROPLUS_{277B1BCF-97A7-40F2-87A5-3CACB0E9714B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0411-1000-0000000FF1CE}_PROPLUS_{8A3FCBEB-9029-40E2-8799-2299CBBEF4D8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0411-1000-0000000FF1CE}_PROPLUS_{84C84010-F698-443E-84B4-A82DD01A17FE}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2007
"{90120000-0044-0411-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Japanese) 2007
"{90120000-0044-0411-0000-0000000FF1CE}_PROPLUS_{209FA1DF-E70E-436A-BB71-9ECB81FC3776}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2007
"{90120000-006E-0411-0000-0000000FF1CE}_PROPLUS_{84C84010-F698-443E-84B4-A82DD01A17FE}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A162AF3F-7908-44E1-A072-67FB887A9517}" = スタートアップツール
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother ドライバー&ソフトウェア DCP-J925N
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{BAF0CA91-4642-46C8-9BCD-C93B61508701}" = リモート接続用の Windows Live Mesh ActiveX コントロール (日本語)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F8418921-5B66-4732-9CA4-B7112CA241F1}" = NewSoft CD Labeler
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Autodesk Content Service" = Autodesk Content Service
"CloneDVD2" = CloneDVD2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"GetASFStream" = GetASFStream
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"Kingsoft Office" = Kingsoft Office 2010 (6.6.0.2724)
"PowerWord Lite" = キングソフト辞書
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 17.0" = RealPlayer Cloud
"RemoteToolGuider.west_is1" = NTT西日本 リモートサポートツール
"WinLiveSuite" = Windows Live Essentials
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 4.0.0
"診断復旧ツール_is1" = 診断復旧ツール

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-4033256246-680146763-291166523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2014/04/22 11:28:42 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: MsiExec.exe、バージョン: 5.0.7601.17514、タイム スタンプ: 0x4ce792c4
障害が発生しているモジュール名:
QuickTime.qts_unloaded、バージョン: 0.0.0.0、タイム スタンプ: 0x52d49206 例外コード: 0xc0000005 障害オフセット:
0x726dcd89 障害が発生しているプロセス ID: 0x6e4 障害が発生しているアプリケーションの開始時刻: 0x01cf5e3f8ab94ec7 障害が発生しているアプリケーション
パス: C:\Windows\syswow64\MsiExec.exe 障害が発生しているモジュール パス: QuickTime.qts レポート ID: c8b05032-ca32-11e3-8d12-4437e6864963

Error - 2014/04/23 8:04:44 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 2014/04/24 6:42:55 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 2014/04/25 8:41:33 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 2014/04/26 5:15:35 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 2014/04/26 7:50:12 | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = プログラム iexplore.exe バージョン 10.0.9200.16843 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センター コントロール パネルで、問題の履歴をクリックしてください。 プロセス ID: 10e0 開始時刻: 01cf613147c23b72 終了時刻: 15 アプリケーション
パス: C:\Program Files\Internet Explorer\iexplore.exe レポート ID: eaedf98c-cd38-11e3-8d21-4437e6864963


Error - 2014/04/27 4:38:48 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 2014/04/27 5:02:07 | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = プログラム iexplore.exe バージョン 10.0.9200.16843 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センター コントロール パネルで、問題の履歴をクリックしてください。 プロセス ID: 2f4 開始時刻: 01cf61f5a7e154f3 終了時刻: 15 アプリケーション
パス: C:\Program Files\Internet Explorer\iexplore.exe レポート ID: 9995bdde-cdea-11e3-933a-4437e6864963


Error - 2014/04/27 5:12:56 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 2014/04/27 7:01:18 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 2012/10/13 12:59:46 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 44
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2012/12/18 9:30:52 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2013/01/08 10:19:49 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2013/02/24 10:31:16 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2013/10/09 6:52:08 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2013/12/23 1:56:30 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2014/08/14 8:25:10 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2014/08/14 8:25:10 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2014/08/14 8:25:10 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2014/08/14 8:25:10 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2014/08/14 8:25:33 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2014/08/14 8:25:47 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2014/08/14 8:26:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2014/08/14 8:27:52 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Baidu Japanese IME Service_2.8.1.12 サービスを、次のエラーが原因で開始できませんでした: %%2

Error - 2014/08/14 8:28:03 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = SPDRIVER_1.35.1.155 サービスを、次のエラーが原因で開始できませんでした: %%3

Error - 2014/08/14 8:30:31 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Google アップデート サービス (gupdate) サービスを、次のエラーが原因で開始できませんでした: %%2


< End of report >

  • baikon
  • 2014/08/14 (Thu) 23:42:31
返信フォームへ 
Re: 広告が出てしまいます
OTL続き


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2013/02/27 14:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2014/04/12 11:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2013/07/09 14:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 13:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2012/10/04 02:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2012/02/11 15:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2014/04/12 11:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2014/04/12 11:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2010/11/21 12:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2012/05/01 14:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 12:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2012/06/03 07:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 143 bytes -> C:\Users\user\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1EDB939

< End of report >
  • baikon
  • 2014/08/14 (Thu) 23:49:30
返信フォームへ 
Re: 広告が出てしまいます
いくつか迷惑ソフトが見つかりましたので、そちらはOTLで駆除します。
ところで、PicRecと言うソフトに見覚えはありますか?
もしなければ、次回にこれも削除します。

それから…Adobe系のソフトで変わった使い方をされているようですが、使い方にはお気を付けください。



■不要と思われるソフトウェアのアンインストール
コントロールパネルからで構いません。無ければ無視で。

・UpdateService
アドウェアのようです。アンインストールを推奨します。

・Java(TM) 6 Update 31 (64-bit)
重複ですので不要です。



■Fixスクリプトによる処置
OTLを起動後、以下のスクリプトを「Custom Scan/Fixes」に貼り付け、「Run Fix」を押してください。
長いですが、最初の「:OTL」から最後の「[reboot]」まで抜かさないように。

実行するとプロセスがすべて強制終了されますので、アプリはできるだけ終了しておいてください。
また、ごみ箱が空になりますので、必要なファイルがある場合は先に救出してください。
なお、OTLがフリーズしてしまって先に進まない場合は、セーフモードでコンピュータを起動したうえで実行してください。

セーフモードへの入り方:
http://www59.atwiki.jp/malware_laboratory/pages/8.html

完了後、再起動を要求されますので、「OK」で再起動してください。再起動後、ログが出ますので、そちらを載せてください。なお、今回のログに関しては、そのまま貼り付けで構いません。
なお、ログを閉じてしまった場合は、C:\_OTL\MovedFiles フォルダ内にログ(日付と時刻からなる数字ファイル名のファイル)がありますので、そちらの内容をお知らせください。

---ここから

:OTL
PRC - [2014/07/29 10:16:38 | 000,019,968 | ---- | M] () -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe
SRV - [2014/07/29 10:16:38 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe -- (sogr)
IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpro.com/search/toolbar/hao123/{B8A604A6-7A71-57CB-E1D0-D1416BA0AA83}?q={searchTerms}
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpro.com/search/toolbar/hao123/{B8A604A6-7A71-57CB-E1D0-D1416BA0AA83}?q={searchTerms}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtest4354@BestOffers: C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014/03/30 01:59:32 | 000,000,000 | ---D | M]
[2014/03/30 01:59:26 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
[2014/03/30 01:59:32 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
[2012/11/29 23:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader@ftdownloader.com.xpi
CHR - homepage: http://jp.hao123.com/?tn=smt_hp_hao123_jp
O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.x64.dll File not found
O2:[b]64bit:[/b] - BHO: (NaviNow Web Tool 1.0) - {F6AC6E26-60C4-4132-95EA-F9B2D23C2990} - C:\Users\Public\DOCUME~1\navinow\NAVINO~1.DLL File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 143 bytes -> C:\Users\user\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1EDB939

:Files
ipconfig /flushdns /c
c:\program files (x86)\yourfiledownloader
c:\program files (x86)\goforfiles
%userprofile%\appdata\roaming\kuuzo
C:\Program Files (x86)\MySearch
C:\Users\Public\DOCUME~1\navinow

:Commands
[purity]
[emptytemp]
[reboot]

---ここまで
  • イルカ
  • 2014/08/15 (Fri) 10:30:49
返信フォームへ 
Re: 広告が出てしまいます
・PicRec は削除希望です。
・UpdateService はコンパネに見つかりませんでした。
・アドビ系のソフトですが問題があれば何かヒントをお願いします(><)


以下、OTLログになります。

OTL logfile created on: 2014/08/15 19:31:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.91 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 57.28% Memory free
7.83 Gb Paging File | 6.37 Gb Available in Paging File | 81.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 36.06 Gb Free Space | 36.93% Space Free | Partition Type: NTFS
Drive D: | 342.93 Gb Total Space | 110.56 Gb Free Space | 32.24% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/08/14 23:07:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2014/07/29 10:16:38 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\PicRec (x86)\PicRec (x86)\WFP\FilterUsageExample.exe
PRC - [2014/07/29 10:16:38 | 000,019,968 | ---- | M] () -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe
PRC - [2014/06/22 13:57:35 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/06/10 22:03:38 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/12/21 15:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/03/16 13:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
PRC - [2010/10/05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/05/22 20:29:46 | 000,263,448 | ---- | M] (株式会社モーリン) -- C:\Program Files (x86)\Common Files\Creoapp\MrnTS_Sync5.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014/07/25 22:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/12/10 23:48:43 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2010/09/23 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/07/29 10:16:38 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe -- (sogr)
SRV - [2014/06/22 13:57:35 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/06/10 22:03:38 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/21 15:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/03/16 13:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
SRV - [2010/10/05 22:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 22:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/05/22 20:29:46 | 000,263,448 | ---- | M] (株式会社モーリン) [Auto | Running] -- C:\Program Files (x86)\Common Files\Creoapp\MrnTS_Sync5.exe -- (MrnTS_Sync5)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2014/07/29 10:16:38 | 000,049,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netmon_wfp.sys -- (netmon_wfp)
DRV:[b]64bit:[/b] - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013/10/02 11:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/04/29 09:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:[b]64bit:[/b] - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 23:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/01/11 05:50:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012/01/11 05:50:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/05/18 14:50:01 | 000,058,368 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor)
DRV:[b]64bit:[/b] - [2010/12/17 07:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010/09/21 15:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:[b]64bit:[/b] - [2010/06/19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:[b]64bit:[/b] - [2009/07/22 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 06:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009/06/11 05:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/04/08 23:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2010/03/23 11:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpro.com/search/toolbar/hao123/{B8A604A6-7A71-57CB-E1D0-D1416BA0AA83}?q={searchTerms}
IE - HKLM\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.jp/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpro.com/search/toolbar/hao123/{B8A604A6-7A71-57CB-E1D0-D1416BA0AA83}?q={searchTerms}
IE - HKCU\..\SearchScopes\{FDC320A9-B4B2-491E-B140-815C11613CB6}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npNxGameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.11.0: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.11.0: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\NTTW\Security\SEC\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HomePagePrint2@corpus.co.jp: C:\Program Files (x86)\Homepage Print 2\Firefox [2012/12/08 21:33:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/05/14 18:13:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DD9AC48-0855-4AE7-9934-159B4377FFA2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/06/22 13:58:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtest4354@BestOffers: C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014/03/30 01:59:32 | 000,000,000 | ---D | M]

[2014/03/30 01:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2014/03/30 01:59:26 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
[2014/03/30 01:59:32 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
[2014/06/21 16:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2014/06/21 16:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins
[2012/11/29 23:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader@ftdownloader.com.xpi
[2012/11/10 22:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/28 19:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/28 19:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/28 19:01:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://jp.hao123.com/?tn=smt_hp_hao123_jp
CHR - plugin: Error reading preferences file
CHR - Extension: RealPlayer Downloader = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.11_1\
CHR - Extension: Google 繧ヲ繧ゥ繝ャ繝・ヨ = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2013/01/17 22:36:26 | 000,001,028 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O2:[b]64bit:[/b] - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:[b]64bit:[/b] - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O2:[b]64bit:[/b] - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.x64.dll File not found
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:[b]64bit:[/b] - BHO: (NaviNow Web Tool 1.0) - {F6AC6E26-60C4-4132-95EA-F9B2D23C2990} - C:\Users\Public\DOCUME~1\navinow\NAVINO~1.DLL File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O2 - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ホームページぷりんと2BHO) - {EFC91ACA-519F-428D-8472-81E158609D25} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll (CORPUS CORPORATION)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ホームページぷりんと2) - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\Program Files (x86)\Homepage Print 2\IEBand.dll (CORPUS CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe (西日本電信電話株式会社)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://202.241.175.203/SysCamInst.cab (Panasonic Network Camera)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA1A0795-C4FA-4704-B1E8-46FDEE511F1F}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/11 21:00:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/08/14 23:57:46 | 000,699,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/08/14 23:57:46 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/14 23:07:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/08/14 21:23:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/08/14 21:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/14 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/14 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/08/14 18:51:52 | 000,000,000 | ---D | C] -- C:\windows\jumpshot.com
[2014/08/14 02:03:13 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/14 02:03:13 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/14 02:03:13 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/14 02:03:13 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/14 02:03:11 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/14 02:03:11 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/14 02:02:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/14 02:02:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDYAK.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDYAK.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDTAT.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDTAT.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU1.DLL
[2014/08/14 00:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDBASH.DLL
[2014/08/14 00:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU1.DLL
[2014/08/14 00:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU.DLL
[2014/08/14 00:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU.DLL
[2014/08/14 00:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDBASH.DLL
[2014/08/14 00:57:45 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/14 00:57:44 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/14 00:57:43 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/14 00:57:43 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/14 00:57:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/14 00:57:43 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/14 00:57:40 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/08/14 00:57:36 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/08/14 00:57:35 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/08/14 00:57:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/14 00:57:35 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/08/14 00:57:35 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/14 00:57:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/08/14 00:57:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/08/14 00:57:34 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/08/14 00:57:34 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/08/14 00:57:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/08/14 00:57:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/08/14 00:57:33 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/08/14 00:57:33 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/08/14 00:57:33 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/08/14 00:57:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/08/14 00:57:32 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/08/14 00:57:31 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/08/14 00:57:29 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/08/14 00:57:29 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/08/14 00:57:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/08/14 00:57:27 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/08/14 00:57:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/08/14 00:57:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/08/14 00:57:26 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/08/14 00:57:26 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/08/14 00:57:25 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/08/14 00:57:25 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/08/14 00:57:25 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/08/14 00:57:25 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/08/14 00:57:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/08/14 00:57:24 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/08/14 00:57:24 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/08/14 00:57:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/08/14 00:57:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/08/14 00:57:23 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/14 00:54:41 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/13 19:42:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\computer software market
[2014/08/11 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\eCyber
[2014/08/11 20:18:07 | 000,045,248 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/08/11 20:18:05 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log
[2014/08/11 20:17:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\iSafe
[2014/08/11 19:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/08/11 19:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/08/11 19:25:07 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\windows\SysNative\drivers\PSKMAD.sys
[2014/08/11 19:25:05 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\DASBOOT
[2014/08/11 19:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2014/08/10 19:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PicRec
[2014/08/10 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PicRec
[2014/08/10 19:29:48 | 000,000,000 | ---D | C] -- C:\http_filter
[2014/08/10 19:29:46 | 000,000,000 | ---D | C] -- C:\windows\Microsoft
[2014/08/10 19:29:40 | 000,049,880 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\netmon_wfp.sys
[2014/08/10 19:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicRec (x86)
[2014/08/03 20:23:00 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 6
[2014/08/03 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 5
[2014/08/03 20:22:45 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 4
[2014/08/03 20:22:40 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 3
[2014/08/03 20:22:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 2
[2014/08/03 16:59:26 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Sラブ 1
[2014/07/30 19:49:58 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 1
[2014/07/28 22:34:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\baidu
[2014/07/26 23:38:04 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 2
[2014/07/26 18:57:10 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 3
[2014/07/26 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 4
[2014/07/22 19:11:20 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 5
[2014/07/22 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 6
[2014/07/21 21:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/21 21:44:06 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/07/21 21:44:03 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/07/21 21:44:03 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/07/21 21:44:03 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/17 22:06:46 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\くろさき 7
[2012/01/11 06:42:29 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[2 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/08/15 19:17:00 | 000,000,704 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/15 19:09:48 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/15 19:09:48 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/15 18:59:54 | 000,000,700 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/15 18:59:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/15 18:59:18 | 3152,359,424 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/14 23:57:46 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/08/14 23:57:46 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/14 23:07:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/08/14 21:27:38 | 000,809,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/14 21:03:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/14 17:58:24 | 001,351,330 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/14 17:58:24 | 000,668,716 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/14 17:58:24 | 000,424,608 | ---- | M] () -- C:\windows\SysNative\perfh011.dat
[2014/08/14 17:58:24 | 000,126,950 | ---- | M] () -- C:\windows\SysNative\perfc011.dat
[2014/08/14 17:58:24 | 000,126,868 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/11 19:37:29 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/08/08 15:24:04 | 000,045,248 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/07/30 01:07:10 | 000,000,242 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/07/29 10:16:38 | 000,049,880 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\netmon_wfp.sys
[2014/07/25 23:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/07/25 22:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/07/25 22:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/07/25 22:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/07/25 22:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/07/25 22:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/07/25 22:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/07/25 22:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/07/25 22:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/07/25 21:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/07/25 21:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 21:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/07/25 21:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/07/25 21:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/07/25 21:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/07/25 21:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/07/25 21:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 21:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/07/25 21:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/07/25 21:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/07/25 21:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/07/25 21:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/07/25 21:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/07/25 21:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/07/25 20:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/07/25 20:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 20:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/07/25 20:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/07/25 20:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/07/25 20:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/07/25 20:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/07/25 20:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/07/25 20:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/07/25 19:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/07/25 19:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/08/14 21:03:50 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/21 18:52:24 | 000,000,000 | ---- | C] () -- C:\windows\NewSoft CD Labeler.INI
[2014/03/30 01:55:37 | 000,079,360 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2014/03/20 19:08:17 | 000,407,948 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/01/12 15:25:09 | 000,234,544 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2013/01/12 15:25:09 | 000,022,064 | ---- | C] () -- C:\windows\DCEBoot64.exe
[2013/01/12 15:11:57 | 000,000,242 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/01/01 17:59:40 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/12/10 23:49:10 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/12/10 23:39:19 | 001,330,178 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/12/08 21:37:12 | 000,000,000 | RHS- | C] () -- C:\windows\FFSSET.BIN
[2012/12/08 21:35:46 | 000,001,915 | ---- | C] () -- C:\windows\if42le.ini
[2012/12/08 21:35:46 | 000,000,326 | ---- | C] () -- C:\windows\Pexplore.ini
[2012/09/23 21:02:24 | 000,637,952 | ---- | C] () -- C:\windows\SysWow64\7-zip32.dll
[2012/03/28 23:05:11 | 000,009,184 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft Excel 97-2003.EML

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 11:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 10:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< :OTL >[/color]

[color=#A23BEC]< PRC - [2014/07/29 10:16:38 | 000,019,968 | ---- | M] () -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe >[/color]
Invalid Switch: 29 10:16:38 | 000,019,968 | ---- | M] () -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe

[color=#A23BEC]< SRV - [2014/07/29 10:16:38 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe -- (sogr) >[/color]
Invalid Switch: 29 10:16:38 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\sogr\WindowsUpdater.exe -- (sogr)

[color=#A23BEC]< IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpro.com/search/toolbar/hao123/{B8A604A6-7A71-57CB-E1D0-D1416BA0AA83}?q={searchTerms} >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes,DefaultScope = >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://www.bigseekpro.com/search/toolbar/hao123/{B8A604A6-7A71-57CB-E1D0-D1416BA0AA83}?q={searchTerms} >[/color]

[color=#A23BEC]< FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtest4354@BestOffers: C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014/03/30 01:59:32 | 000,000,000 | ---D | M] >[/color]
Invalid Switch: 30 01:59:32 | 000,000,000 | ---D | M]

[color=#A23BEC]< [2014/03/30 01:59:26 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers >[/color]
Invalid Switch: 30 01:59:26 | 000,000,000 | ---D | M] (Free Games 111) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers

[color=#A23BEC]< [2014/03/30 01:59:32 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers >[/color]
Invalid Switch: 30 01:59:32 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers

[color=#A23BEC]< [2012/11/29 23:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader@ftdownloader.com.xpi >[/color]
Invalid Switch: 29 23:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader@ftdownloader.com.xpi

[color=#A23BEC]< CHR - homepage: http://jp.hao123.com/?tn=smt_hp_hao123_jp >[/color]
Invalid Switch: ?tn=smt_hp_hao123_jp

[color=#A23BEC]< O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. >[/color]
Invalid Switch: b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

[color=#A23BEC]< O2:[b]64bit:[/b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. >[/color]
Invalid Switch: b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.

[color=#A23BEC]< O2:[b]64bit:[/b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. >[/color]
Invalid Switch: b] - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.

[color=#A23BEC]< O2:[b]64bit:[/b] - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.x64.dll File not found >[/color]
Invalid Switch: b] - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.x64.dll File not found

[color=#A23BEC]< O2:[b]64bit:[/b] - BHO: (NaviNow Web Tool 1.0) - {F6AC6E26-60C4-4132-95EA-F9B2D23C2990} - C:\Users\Public\DOCUME~1\navinow\NAVINO~1.DLL File not found >[/color]
Invalid Switch: b] - BHO: (NaviNow Web Tool 1.0) - {F6AC6E26-60C4-4132-95EA-F9B2D23C2990} - C:\Users\Public\DOCUME~1\navinow\NAVINO~1.DLL File not found

[color=#A23BEC]< O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. >[/color]

[color=#A23BEC]< O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. >[/color]

[color=#A23BEC]< O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found. >[/color]

[color=#A23BEC]< O2 - BHO: (MySearch) - {C9E891B1-BBFB-6DE4-0F86-427072044BE9} - C:\Program Files (x86)\MySearch\h.dll File not found >[/color]

[color=#A23BEC]< O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. >[/color]
Invalid Switch: b] - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.

[color=#A23BEC]< O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >[/color]
Invalid Switch: b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

[color=#A23BEC]< O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. >[/color]

[color=#A23BEC]< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >[/color]

[color=#A23BEC]< O3 - HKU\S-1-5-21-4033256246-680146763-291166523-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >[/color]

[color=#A23BEC]< [2 C:\Users\user\AppData\Local\*.tmp files -> C:\Users\user\AppData\Local\*.tmp -> ] >[/color]

[color=#A23BEC]< @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:56E2E879 >[/color]

[color=#A23BEC]< @Alternate Data Stream - 143 bytes -> C:\Users\user\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty >[/color]

[color=#A23BEC]< @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720 >[/color]

[color=#A23BEC]< @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1EDB939 >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< :Files >[/color]

[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP 構成
DNS リゾルバー キャッシュは正常にフラッシュされました。

[color=#A23BEC]< c:\program files (x86)\yourfiledownloader >[/color]

[color=#A23BEC]< c:\program files (x86)\goforfiles >[/color]

[color=#A23BEC]< %userprofile%\appdata\roaming\kuuzo >[/color]

[color=#A23BEC]< C:\Program Files (x86)\MySearch >[/color]

[color=#A23BEC]< C:\Users\Public\DOCUME~1\navinow >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< :Commands >[/color]

[color=#A23BEC]< [purity] >[/color]

[color=#A23BEC]< [emptytemp] >[/color]

[color=#A23BEC]< [reboot] >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 143 bytes -> C:\Users\user\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1EDB939

< End of report >




  • baikon
  • 2014/08/15 (Fri) 19:38:40
返信フォームへ 
押すボタンが違います
違うボタンを押されたようです。説明が悪くてすみません。
押すのは、「Run Scan」ではなく「Run Fix」です。画像を添付しましたのでご参照ください。


Adobe系ソフトですが、Acrobat Proをインストールされたのは別の方でしょうか?
アクティベーションを無効化するようなHostsの記述がありましたので、この使い方はなぁ…と。
  • イルカ
  • 2014/08/15 (Fri) 21:32:38
返信フォームへ 
Re: 広告が出てしまいます
いるか 様

すみません!ボタン押下間違いでした(><)
再起動後にログが出ましたので貼り付けいたします。
宜しくお願いします。


アドウェアのせいなのか言語バーが表示されません
言語設定から設定しても表示されません。
削除後はバーが表示されるのでしょうか?



以下、OTL

All processes killed
========== OTL ==========
Process WindowsUpdater.exe killed successfully!
Service sogr stopped successfully!
Service sogr deleted successfully!
C:\Windows\Microsoft\sogr\WindowsUpdater.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}\ not found.
HKEY_USERS\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtest4354@BestOffers deleted successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers folder moved successfully.
Folder C:\Users\user\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\ not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader@ftdownloader.com.xpi moved successfully.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\Users\user\AppData\Local\nsm4CDB.tmp deleted successfully.
C:\Users\user\AppData\Local\nsq763A.tmp deleted successfully.
ADS C:\ProgramData\Temp:56E2E879 deleted successfully.
ADS C:\Users\user\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty deleted successfully.
ADS C:\ProgramData\Temp:373E1720 deleted successfully.
ADS C:\ProgramData\Temp:A1EDB939 deleted successfully.
File rity] not found.
File ptytemp] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 08152014_225238

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

  • baikon
  • 2014/08/15 (Fri) 23:08:54
返信フォームへ 
Re: 広告が出てしまいます
一部コケている処理はありますが、まぁ問題はないでしょう。

言語バーに関しては、結構トラブルが多く、またなかなか直りにくいのです。
言語バーをタスクバーに入れている場合は一度出してやると、あるいは表示設定を一度非表示にしてから再度表示させてやると、改善することもあります。


広告の方はどうなりましたか?
  • イルカ
  • 2014/08/16 (Sat) 13:01:13
返信フォームへ 
Re: 広告が出てしまいます
お世話になります。
昨日までは、画面が立ち上がってましたが今日は画面表示されていません!
ありがとうございました!

ところで、下記分はフォルダが存在したままなのですが削除方法を教えて頂け
ないでしょうか?

adobeですが、入れてもらったので詳しくはわかりませんが削除したほうが良いの
でしょうか?
宜しくお願いいたします。



・PicRec

・UpdateService 削除済みでしょうか?
  • baikon
  • 2014/08/16 (Sat) 19:27:52
返信フォームへ 
Re: 広告が出てしまいます
言語バーの件


お世話になります。
ファイル名実行でctfmon.exe をクリックすると表示されるようになりました。
お手数おかけしましたm(__)m
  • baikon
  • 2014/08/16 (Sat) 19:48:43
返信フォームへ 
Re: 広告が出てしまいます
PicRecを削除する前に、別なツールでスキャンをかけておきましょう。
UpdateServiceについても、うまくするとこちらで見つかるかもしれません。

Adobeに関しては、インストールされたのは他の方なのですね。
ログだけで断言はできませんが、アクティベーション(海賊版対策)を回避するようなHostsの記述がありますので、今入っているAdobe Actobat XI Proは海賊版である可能性が高いような気がします。
個人的には、アンインストールすることをお勧めしておきます。



■Malwarebytes Anti-Malwareによる処置
以下のURLの手順を参考に、スキャンを行い、結果をお知らせください。

MBAMの使い方
http://www59.atwiki.jp/malware_laboratory/pages/7.html
  • イルカ
  • 2014/08/17 (Sun) 19:42:36
返信フォームへ 
Re: 広告が出てしまいます
いるか様

お世話になります。
返信が遅れて申し訳ありません!
下記、MBAMのログとなります。
宜しくお願いします。



Malwarebytes Anti-Malware
www.malwarebytes.org

スキャン日付: 2014/08/20
スキャン時刻: 0:36:09
ログファイル:
管理者: はい

バージョン: 2.00.2.1012
マルウェアデータベース: v2014.08.19.08
ルートキットデータベース: v2014.08.16.01
ライセンス: 無料版
マルウェア保護機能: 無効
悪質ウェブサイト保護機能: 無効
Self-protection: 無効

OS: Windows 7 Service Pack 1
CPU: x64
ファイルシステム: NTFS
ユーザー: user

スキャン形式: 脅威スキャン
結果: 完了しました
スキャンされたオブジェクト数: 360794
経過時間: 11 分, 52 秒

メモリ: 有効
スタートアップ: 有効
ファイルシステム: 有効
アーカイブ: 有効
ルートキット: 無効
Heuristics: 有効
PUP: 有効
PUM: 有効

プロセス: 0
(No malicious items detected)

モジュール: 0
(No malicious items detected)

レジストリキー: 13
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\MySearch.MySearch, , [e3914c7c512a91a575252abfcf33b24e],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\MySearch.MySearch.2.1, , [93e15e6aaecd2d090a90c8217989ab55],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch, , [0b692a9e2f4c59dd3f5b2dbc13ef55ab],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch.2.1, , [cda7eddb512a42f47d1da940fe041ae6],
PUP.Optional.WhiteSmoke.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WhiteSmoke_US Toolbar, , [4c284484d5a6c472bd01ba280af8a65a],
PUP.Optional.ShopperPro, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPDRIVER_1.35.1.155, , [c2b242868af135018707f6ec54aed927],
PUP.Optional.iWebar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, , [ee863a8eafcc0036231eec2047bcda26],
PUP.Optional.MySearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [3c3884444c2fbf774c1aa9348f757c84],
PUP.Optional.MySearch, HKLM\SOFTWARE\CLASSES\CLSID\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [3c3884444c2fbf774c1aa9348f757c84],
PUP.Optional.MySearch, HKU\S-1-5-21-4033256246-680146763-291166523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [3c3884444c2fbf774c1aa9348f757c84],
PUP.Optional.MySearch, HKU\S-1-5-21-4033256246-680146763-291166523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [3c3884444c2fbf774c1aa9348f757c84],
PUP.Optional.MySearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [3c3884444c2fbf774c1aa9348f757c84],
PUP.Optional.MySearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [3c3884444c2fbf774c1aa9348f757c84],

レジストリ値: 0
(No malicious items detected)

レジストリデータ: 0
(No malicious items detected)

フォルダー: 18
PUP.Optional.Funshion, C:\Users\user\Funshion, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\Baiduflash, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\Baiduflash\subflash, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flash, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashStamp, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\playhome, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\control, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\funshiontools, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\historyTorrent, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.SNBoost.A, C:\ProgramData\MiniApp\SW-Booster, , [cda7e6e234472115c40d973936cc837d],
PUP.Optional.SNBoost.A, C:\ProgramData\MiniApp\SW-Booster\1052359469, , [cda7e6e234472115c40d973936cc837d],
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SW-Booster, , [3d371fa91a611c1a7da83899bd45d52b],
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SW-Booster\4128175596, , [3d371fa91a611c1a7da83899bd45d52b],
PUP.Optional.Extutil.A, C:\Users\user\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [d59fab1d344781b5a2aea032917136ca],
PUP.Optional.Managera.A, C:\Users\user\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [fd7768607506ac8ad27f745ee71bff01],

ファイル: 122
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SW-Booster\SW-Booster.exe, , [8de77c4c2d4e53e39d10046129d95fa1],
PUP.Optional.MultiPlug.A, C:\ProgramData\MiniApp\SW-Booster\SW-Booster.exe, , [88ec51772e4d2e08ec9c013cc041ca36],
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{2B6540FD-5792-419B-A370-1FB0F086620B}\Custom.dll, , [fe7642862457c1752e4044ff7789bf41],
PUP.Optional.Yontoo.A, C:\Users\user\AppData\Local\Temp\YontooSetup-S.exe, , [5c180abee398f14579b9db46c53b7888],
PUP.Optional.QuickShare.A, C:\Users\user\AppData\Local\Temp\QuickShare1.exe, , [690b8d3b364560d691d039e5bf41d32d],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\verifier.exe, , [62127e4a0e6d6bcb29b874ceca36a858],
PUP.Optional.MiniBar.A, C:\Users\user\AppData\Local\Temp\minibar-master.exe, , [1c58d7f1accfd462252b22002fd18c74],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\nsm9CDD.exe, , [77fdcff9b4c7de5854944f3ec839f010],
PUP.Optional.DownTango.A, C:\Users\user\AppData\Local\Temp\autodesk_autocad_2012_crack_downloader.exe, , [7bf98741e596ea4c75020f8c89784bb5],
PUP.Optional.MultiPlug.A, C:\Users\user\AppData\Local\Temp\down.9588.setupespl.exe, , [82f24a7e69120036c83c58f39c642fd1],
PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\Temp\nso1A2D.exe, , [c0b4794fff7cf93df60fec499f629868],
PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\Temp\nso3C9C.exe, , [c1b32c9c98e360d6dc2955e0e31e55ab],
PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\Temp\nsq3B82.exe, , [fa7a626625569a9c90750e2704fd5da3],
PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\Temp\nst3EDE.exe, , [0b6966621d5e3ef8b25360d50af7847c],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\nsw7442.exe, , [5d17c008c4b77eb8bf29f79609f8af51],
Trojan.Agent.NS, C:\Users\user\AppData\Local\Temp\nsx2082.tmp, , [680c09bf413ad363d57b8c29eb16ba46],
PUP.Optional.SkyTech.A, C:\Users\user\AppData\Local\Temp\awh4484.tmp, , [54207a4e463567cf4b8b223f2cd540c0],
PUP.Optional.GoForFiles.A, C:\Users\user\AppData\Local\Temp\uninstall175532.exe, , [f480f7d1a6d54ee8408782a4e41dbe42],
PUP.Optional.DeltaTB, C:\Users\user\AppData\Local\Temp\toolbar13340378.exe, , [383c6d5bf487d85e297a67b9897747b9],
PUP.Optional.QuickShare.A, C:\Users\user\AppData\Local\Temp\toolbar13431576.exe, , [a5cf6365b6c533035843ae729a6615eb],
PUP.Optional.DiamonData.A, C:\Users\user\AppData\Local\Temp\toolbar13625298.exe, , [42323890750668ce6e42ec6573918d73],
PUP.Optional.QuickShare.A, C:\Users\user\AppData\Local\Temp\toolbar13735076.exe, , [a7cdecdc3447b581b0eb58c8788854ac],
PUP.Optional.DiamonData.A, C:\Users\user\AppData\Local\Temp\toolbar828037.exe, , [a4d06b5df2892412921e262bc53fae52],
PUP.Optional.DeltaTB, C:\Users\user\AppData\Local\Temp\toolbar829036.exe, , [e98bdeeac5b6e452bae9c15f6e92d22e],
PUP.Optional.Delta.A, C:\Users\user\AppData\Local\Temp\DeltaTB.exe, , [e58f6662611ac175ac5f20f3689956aa],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\dlLogic.exe, , [1c58d2f6a1dae2544a963e0451afa25e],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\dltr.exe, , [b2c26a5eeb9096a02db4152dce32e21e],
PUP.Optional.Searchprotect, C:\Users\user\AppData\Local\Temp\UNTFA5B.tmp, , [9ed64a7e1269e551dc38bbffeb16c937],
PUP.Optional.NextLive.A, C:\Users\user\AppData\Local\Temp\UNTFD77.exe, , [096bcdfb8eed96a00e1c81dfb05126da],
PUP.Optional.FileScout.A, C:\Users\user\AppData\Local\Temp\E77D.tmp, , [d59f5a6e81fa20165c2440d39b6612ee],
Adware.EoRezo, C:\Users\user\AppData\Local\Temp\setup_fst_jp.exe, , [6014e7e163181c1a13bb33459d6403fd],
PUP.Optional.InstallCore, C:\Users\user\AppData\Local\Temp\ICReinstall_flashplayer.exe, , [165e8d3bc4b7c2748b4b930cb74dd52b],
PUP.Optional.SmartBar.A, C:\Users\user\AppData\Local\Temp\Installer.exe, , [00740dbba7d458de9bc9d8464eb2bd43],
PUP.Optional.SmartBar.A, C:\Users\user\AppData\Local\Temp\SmartbarExeInstaller.exe, , [51231cac0a71af87ee7626f8e9174ab6],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\GCVerifier.dll, , [0b693890bdbee35324bb4200f10f02fe],
Trojan.Agent.NS, C:\Users\user\AppData\Local\Temp\nsa77F8.tmp, , [34405c6c1467f93d044c8035867b3ac6],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\nsc8F60.exe, , [6d07bc0c88f3241271777d1046bb46ba],
Trojan.Agent.NS, C:\Users\user\AppData\Local\Temp\nsd4138.tmp, , [076d3e8ab3c886b0ca86f2c3db26916f],
PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\Temp\nse17CC.exe, , [2e467e4a8feca1950500ef4647ba6799],
Trojan.Agent.NS, C:\Users\user\AppData\Local\Temp\nsfC94B.tmp, , [84f00abe12694de9e36da60f867b9b65],
Trojan.Agent.NS, C:\Users\user\AppData\Local\Temp\nsiCF8D.tmp, , [9dd74880d6a564d267e9dbda4fb2b050],
PUP.Optional.SearchProtect.A, C:\Users\user\AppData\Local\Temp\nsm5849.tmp, , [a0d49d2b6714af872fe07523ba4759a7],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\nsm775F.exe, , [a5cf15b30873c07620c8f994966bd729],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\nsm9982.exe, , [b8bcb8106318a88ead3b7815679a47b9],
Backdoor.Bot, C:\Users\user\AppData\Local\Temp\~tmp685814210521815212.tmp, , [f57fffc935466cca06b3e27c649d36ca],
PUP.Optional.CodecPerformer.A, C:\Users\user\AppData\Local\Temp\Сodec Performer804225.exe, , [77fda8205d1e82b4d03f8bee04fd827e],
PUP.Optional.CostMin.A, C:\Users\user\AppData\Local\Temp\UNTFF77.exe, , [cba9cdfb90eb013519aa12488082a45c],
PUP.Optional.Somoto.A, C:\Users\user\AppData\Local\Temp\UpdateCheckerSetup.exe, , [ea8a4b7d90eb48ee4273eb2bd62b17e9],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\0D14D40B-BAB0-7891-B272-9DB4D6854580\Latest\BExternal.dll, , [3f35c305b8c3c86eea299a8938c837c9],
PUP.Optional.BabSolution.A, C:\Users\user\AppData\Local\Temp\0D14D40B-BAB0-7891-B272-9DB4D6854580\Latest\BUSolution.dll, , [294bba0e314ab28417f0da3e778ae21e],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\0D14D40B-BAB0-7891-B272-9DB4D6854580\Latest\CrxInstaller.dll, , [d69ea91f126937ffdddf869e827f40c0],
PUP.Optional.Delta.A, C:\Users\user\AppData\Local\Temp\0D14D40B-BAB0-7891-B272-9DB4D6854580\Latest\enhancedNT.dll, , [14602c9c275432047aa9ad7103febe42],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\0D14D40B-BAB0-7891-B272-9DB4D6854580\Latest\MntrDLLInstall.dll, , [fc78f5d3a8d376c02895d450f40d5aa6],
PUP.Optional.Delta.A, C:\Users\user\AppData\Local\Temp\0D14D40B-BAB0-7891-B272-9DB4D6854580\Latest\MyDeltaTB.exe, , [acc812b6265575c1f8dcd6a5a75a8977],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\0D14D40B-BAB0-7891-B272-9DB4D6854580\Latest\Setup.exe, , [6b097454d8a30c2ac6464cd911ef29d7],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\7089D615-BAB0-7891-ABEF-ED43C12BF67D\Latest\BExternal.dll, , [33414c7cd3a8f541858e9b8816eaca36],
PUP.Optional.Hao123.A, C:\Users\user\AppData\Local\Temp\7089D615-BAB0-7891-ABEF-ED43C12BF67D\Latest\JP.exe, , [581c06c2e99253e342cdcd5222ded52b],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\7089D615-BAB0-7891-ABEF-ED43C12BF67D\Latest\MntrDLLInstall.dll, , [0d67f8d0e09b3bfb19a460c41ae720e0],
PUP.Optional.Delta.A, C:\Users\user\AppData\Local\Temp\7089D615-BAB0-7891-ABEF-ED43C12BF67D\Latest\MyDeltaTB.exe, , [b0c494343a41c96db51f54278b76b848],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\7089D615-BAB0-7891-ABEF-ED43C12BF67D\Latest\Setup.exe, , [f87c8d3b3f3ca19505b07ba69b65e21e],
PUP.Optional.Multiplug, C:\Users\user\AppData\Local\Temp\{B0EA23C9-5B87-4602-A4E9-13A56B09013F}\Addons\setupnt.exe, , [e490ad1b3a41e0563e5eaa1d679d857b],
PUP.Optional.Multiplug, C:\Users\user\AppData\Local\Temp\{B0EA23C9-5B87-4602-A4E9-13A56B09013F}\Addons\setupytb.exe, , [c8acd2f643381d19e1bbe3e4e123d828],
PUP.Optional.Booster.A, C:\Users\user\AppData\Local\Temp\{B0EA23C9-5B87-4602-A4E9-13A56B09013F}\Addons\usetup.exe, , [7bf9a127730893a3aa03c89dd82a11ef],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\{1CF3FFE6-3E68-430B-A1E0-764AC710DD10}\Addons\embededstub.exe, , [561e8246a4d7a3935888c47ec43cbf41],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\4C7C6B4B-BAB0-7891-B816-67EC7D0BF7F8\Latest\BExternal.dll, , [264e4187dc9fe155c74cab78c53ba759],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\4C7C6B4B-BAB0-7891-B816-67EC7D0BF7F8\Latest\CrxInstaller.dll, , [a9cb596fccafe84e4f6d2bf97988cf31],
PUP.Optional.Delta.A, C:\Users\user\AppData\Local\Temp\4C7C6B4B-BAB0-7891-B816-67EC7D0BF7F8\Latest\MyBabylonTB.exe, , [6113448482f98ea85d7793e83cc5857b],
PUP.Optional.Babylon.A, C:\Users\user\AppData\Local\Temp\4C7C6B4B-BAB0-7891-B816-67EC7D0BF7F8\Latest\Setup.exe, , [3440f7d12b501e1853b4e730bf424bb5],
PUP.Optional.InstallCore, C:\Users\user\AppData\Local\Temp\is609929163\17739682_stp.EXE, , [7cf853753a4115213ec68aa256aa30d0],
PUP.Optional.InstallCore, C:\Users\user\AppData\Local\Temp\is609929163\20952966_stp.EXE, , [254f10b83a41f54154b084a8fa06c23e],
PUP.Optional.RegCleanerPro, C:\Users\user\AppData\Local\Temp\is609929163\20953159_stp\rcpsetup_adppi5_adppi5.exe, , [f381567257248fa7e7ac2ee8ed147d83],
PUP.Optional.Conduit.A, C:\Users\user\AppData\Local\Temp\nsoE8CF\SpSetup.exe, , [3044b414b1ca092d11e453d6b84937c9],
PUP.Optional.ScramblePacker.A, C:\Users\user\AppData\Local\Temp\Install_10213\iwebar.exe, , [353f0dbbfa816cca0ba147408b767d83],
PUP.Optional.ScramblePacker.A, C:\Users\user\AppData\Local\Temp\Install_10213\sense.exe, , [d59fa7214d2eb284307c94f302ff9868],
PUP.Optional.Goobzo, C:\Users\user\AppData\Local\Temp\Install_10213\shopperpro.exe, , [34407f49f388c96d6698acf932cfe21e],
PUP.Optional.ScramblePacker.A, C:\Users\user\AppData\Local\Installer\Install_17621\sense.exe, , [90e4c800b8c3a5911e8ea0e7b34e5aa6],
PUP.Optional.WebSearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\WebSearch.xml, , [b9bb14b4e992aa8ca65cb2558182e41c],
Exploit.Drop.GS, C:\Users\user\AppData\Local\Temp\2sysconf.exe, , [0e6627a17a0180b6cd35d55ad33054ac],
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastosearch.info_0.localstorage, , [5a1aaf19314aca6c098c3e068e7640c0],
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastosearch.info_0.localstorage-journal, , [77fd35939cdf60d64a4b4afaa064837d],
PUP.Optional.Funshion, C:\Users\user\Funshion\bbinfo.txt, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\platFormGuid.txt, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130906193301-5462519.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130311162226-15600100.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130607180341-7219937.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130716103038-11026092.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130730154647-15470946.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130805154537-4363400.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130809144717-5212173.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130813104742-5785007.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130819152955-9946380.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130823150248-17553763.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130823162430-9491501.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130911104051-17880456.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130913175438-2856475.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130913202220-19579442.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130913202629-4821602.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130917114752-4775023.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130918093654-17969932.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130918140301-4648194.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130918164905-8863806.flv, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130918185100-17351963.swf, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\funshiontools\LoadIE.log, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\adConfig.xml, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\adConfig.xml.bak, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\adMaterialsTable1.xml, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\minisite.json, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\popwind.json, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\textAdLink.xml, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\textMiniAdLink.xml, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\updatexmlfile.txt, , [690b15b3dc9fa195de0d05b39a6814ec],
PUP.Optional.SNBoost.A, C:\ProgramData\MiniApp\SW-Booster\1052359469.ini, , [cda7e6e234472115c40d973936cc837d],
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SW-Booster\4128175596.ini, , [3d371fa91a611c1a7da83899bd45d52b],
PUP.Optional.Extutil.A, C:\Users\user\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [d59fab1d344781b5a2aea032917136ca],
PUP.Optional.Extutil.A, C:\Users\user\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [d59fab1d344781b5a2aea032917136ca],
PUP.Optional.Extutil.A, C:\Users\user\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [d59fab1d344781b5a2aea032917136ca],
PUP.Optional.Managera.A, C:\Users\user\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [fd7768607506ac8ad27f745ee71bff01],
PUP.Optional.Managera.A, C:\Users\user\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [fd7768607506ac8ad27f745ee71bff01],
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences, 良: (), 悪: ( "startup_urls": [ "http://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND", "http://websearch.fastosearch.info/?pid=1091&r=2014/06/21&hid=13753532282638561734&lg=EN&cc=JP&unqvl=55" ],), ,[85ef21a76e0d8ea817aa9f6aee17cb35]
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js, 良: (), 悪: (user_pref("browser.startup.homepage", "http://websearch.fastosearch.info/?pid=1091&r=2014/06/21&hid=13753532282638561734&lg=EN&cc=JP&unqvl=55");), ,[64103a8e2f4cc76ff1cd58b1937250b0]
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js, 良: (), 悪: (user_pref("keyword.URL", "http://websearch.fastosearch.info/?pid=1091&r=2014/06/21&hid=13753532282638561734&lg=EN&cc=JP&unqvl=55&l=1&q=");), ,[5e1640885b20bd79e9d7b45583823dc3]

物理セクタ: 0
(No malicious items detected)


(end)
  • baikon
  • 2014/08/20 (Wed) 01:14:19
返信フォームへ 
マルウェアが
MBAMでよろしくないものが出てしまいました。

Exploit.Drop.GS, C:\Users\user\AppData\Local\Temp\2sysconf.exe, , [0e6627a17a0180b6cd35d55ad33054ac],

リアルマルウェアです。状況が一気に悪化しました。


ひとまずOTLで一時ファイルを削除した後で、マルウェア駆除ツールを走らせて確認しましょう。


■一時ファイルの削除
OTLを起動後、以下のスクリプトを「Custom Scan/Fixes」に貼り付け、「Run Fix」を押してください。
今回は「:Commands」だけです。

実行するとプロセスがすべて強制終了されますので、アプリはできるだけ終了しておいてください。
また、ごみ箱が空になりますので、必要なファイルがある場合は先に救出してください。
なお、OTLがフリーズしてしまって先に進まない場合は、セーフモードでコンピュータを起動したうえで実行してください。

セーフモードへの入り方:
http://www59.atwiki.jp/malware_laboratory/pages/8.html

完了後、再起動を要求されますので、「OK」で再起動してください。再起動後、ログが出ますので、そちらを載せてください。なお、今回のログに関しては、そのまま貼り付けで構いません。
なお、ログを閉じてしまった場合は、C:\_OTL\MovedFiles フォルダ内にログ(日付と時刻からなる数字ファイル名のファイル)がありますので、そちらの内容をお知らせください。

---ここから

:Commands
[purity]
[emptytemp]
[resethosts]
[createrestorepoint]
[reboot]

---ここまで



■RougeKillerによるウイルスの駆除
以下のURLからRougeKillerをダウンロードし、デスクトップに置いてください。
OTL同様、ブラウザから危険判定されるかもしれませんが、誤検知ですので無視して進めてください。
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

その後、以下の操作を行ってください。
1. 可能な限りすべてのアプリを終了してください。
2. デスクトップに保存したRougeKillerを起動し、初期スキャン完了まで待ってください。
3. 初期スキャンが終了したら、「Scan」ボタンをクリックし、スキャンが終わるまで待ってください。
4. 発見されたエントリについて、「Delete」をクリックしてください。
5. 処理が終了したら、デスクトップには「RKReport.txt」が複数作成されているはずです。これらの中身を、本文に貼り付けてください。

参考:
http://www59.atwiki.jp/malware_laboratory/pages/12.html



■aswMBRによるログの取得
以下のファイルをダウンロードし、デスクトップ等に置いてください。
http://public.avast.com/~gmerek/aswMBR.exe

ダウンロード後、実行すると、英語で「定義ファイルをダウンロードしますか?」と聞いてきます。数分~10分程度かかりますが、「はい」でダウンロードしてください。
起動したら、「Scan」を押し、数分待つとスキャンが完了します。完了したら、「Save Log」をクリックし、ログをデスクトップへ保存してください。
その後、ログをこちらに投稿してください。
  • イルカ
  • 2014/08/20 (Wed) 23:47:01
返信フォームへ 
Re: 広告が出てしまいます
お世話になります。
一気に悪化しましたか・・・((+_+))
RougeKillerですが参考サイトと少し違う画面になりました。
初期スキャン→スキャンですが赤文字が表示されませんでしたが
そのままスキャンボタン押下しました。
レジストリ画面には複数の行が表示されたので「Delete」後の
ログとなります。
ログも複数ありませんでした・・・間違っているのでしょうか?
確認お願いいたします(><)

以下、ログ張付けします。

■OTL

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Public

User: user
->Temp folder emptied: 1509049562 bytes
->Temporary Internet Files folder emptied: 11535746 bytes
->Java cache emptied: 104484 bytes
->Google Chrome cache emptied: 19516357 bytes
->Flash cache emptied: 6810 bytes

User: wangzhisong

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155319 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36049849 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,503.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 08222014_211536

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZI27FY0W\Collection[1].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZI27FY0W\st[1] moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z1PRT8P4\afr[1].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z1PRT8P4\afr[2].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z1PRT8P4\afr[4].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O4J5WQY8\221c9a0de45ddfb591161ca8a6e7b091[1].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O4J5WQY8\DMD043ZJ.htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O4J5WQY8\pd[1].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NY2KRC68\afr[2].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JDWKWTLG\MPES8IEW.htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E6AC39QL\afr[2].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LTZ5ODY\INRLB9MI.gif moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LTZ5ODY\QESXLGOH.gif moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7LTZ5ODY\WLUPGBAX.gif moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3WTHZNKQ\sync[1].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3WTHZNKQ\sync[2].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3UPI9RWX\afr[2].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3UPI9RWX\afr[3].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3UPI9RWX\afr[4].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3UPI9RWX\afr[5].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0XQ6PNWA\ad_spot[1].htm moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\CR_DA4A1.tmp\SETUP_PATCH.PACKED.7Z scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


■RougeKiller

RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 08/22/2014 21:47:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> NOT SELECTED
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.co.jp/ -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4033256246-680146763-291166523-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.co.jp/ -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] extensions : user_pref("browser.startup.homepage", "http://websearch.fastosearch.info/?pid=1091&r=2014/06/21&hid=13753532282638561734&lg=EN&cc=JP&unqvl=55"); -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] f601fa5556f961453461cb2846a2c26d
[BSP] 00d61a1192602ad901bd5b541215a1b4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100000 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 205006848 | Size: 351164 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 924190720 | Size: 25675 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Brother DCP-J925N USB Device +++++
Error reading User MBR! ([15] ???????????????? )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ????????????????? )


============================================
RKreport_SCN_08222014_214427.log


■aswMBR

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-22 21:51:35
-----------------------------
21:51:35.257 OS Version: Windows x64 6.1.7601 Service Pack 1
21:51:35.257 Number of processors: 4 586 0x2A07
21:51:35.257 ComputerName: USER-PC UserName: user
21:51:36.942 Initialze error C000010E - driver not loaded
22:02:30.848 AVAST engine defs: 14082200
22:19:43.211 Service scanning
22:20:06.408 Modules scanning
22:20:06.408 Disk 0 trace - called modules:
22:20:06.408
22:20:09.622 AVAST engine scan C:\windows
22:20:16.533 AVAST engine scan C:\windows\system32
22:23:57.398 AVAST engine scan C:\windows\system32\drivers
22:24:17.850 AVAST engine scan C:\Users\user
22:32:32.745 AVAST engine scan C:\ProgramData
22:32:48.610 File: C:\ProgramData\AppSnow\SW-Booster\SW-Booster.exe **INFECTED** Win32:Adware-gen [Adw]
22:35:11.054 File: C:\ProgramData\MiniApp\SW-Booster\SW-Booster.exe **INFECTED** Win32:Agent-ASOC [Adw]
22:35:37.402 Scan finished successfully
22:37:34.340 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"





  • baikon
  • 2014/08/22 (Fri) 22:50:39
返信フォームへ 
Re: 広告が出てしまいます
RogueKillerの操作法が少し変わったようですね。後で訂正しておきます。

RogueKillerでは深刻なものは出なかったようです。aswMBRの方は取りこぼした迷惑ソフトを見つけてくれました。
OTLで取りこぼしを潰しますので、その後、Malwarebytes Anti-Malwareの定義を最新に更新のうえ(起動後の「ダッシュボード」にボタンがあるはずです)、再度スキャンして結果をお知らせください。


■Fixスクリプトによる処置
OTLを起動後、以下のスクリプトを「Custom Scan/Fixes」に貼り付け、「Run Fix」を押してください。
今回は「:Files」以下だけです。

---ここから

:Files
C:\ProgramData\AppSnow\SW-Booster\SW-Booster.exe
C:\ProgramData\MiniApp\

---ここまで
  • イルカ
  • 2014/08/23 (Sat) 02:34:46
返信フォームへ 
Re: 広告が出てしまいます
以下、OTLログを張付けします。

========== FILES ==========
C:\ProgramData\AppSnow\SW-Booster\SW-Booster.exe moved successfully.
C:\ProgramData\MiniApp\SW-Booster\1052359469 folder moved successfully.
C:\ProgramData\MiniApp\SW-Booster folder moved successfully.
C:\ProgramData\MiniApp\Setup folder moved successfully.
C:\ProgramData\MiniApp folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 08232014_175825
  • baikon
  • 2014/08/23 (Sat) 18:00:34
返信フォームへ 
Re: 広告が出てしまいます
■Malwarebytes Anti-Malware



Malwarebytes Anti-Malware
www.malwarebytes.org

スキャン日付: 2014/08/23
スキャン時刻: 20:34:56
ログファイル: 1.txt
管理者: はい

バージョン: 2.00.2.1012
マルウェアデータベース: v2014.08.23.01
ルートキットデータベース: v2014.08.21.01
ライセンス: 無料版
マルウェア保護機能: 無効
悪質ウェブサイト保護機能: 無効
Self-protection: 無効

OS: Windows 7 Service Pack 1
CPU: x64
ファイルシステム: NTFS
ユーザー: user

スキャン形式: 脅威スキャン
結果: 完了しました
スキャンされたオブジェクト数: 353459
経過時間: 7 分, 24 秒

メモリ: 有効
スタートアップ: 有効
ファイルシステム: 有効
アーカイブ: 有効
ルートキット: 無効
Heuristics: 有効
PUP: 有効
PUM: 有効

プロセス: 0
(No malicious items detected)

モジュール: 0
(No malicious items detected)

レジストリキー: 13
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\MySearch.MySearch, , [32cb8940bfbcb3832b4d925c1de5847c],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\MySearch.MySearch.2.1, , [4ab34386df9cc76fa5d3af3fc042d22e],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch, , [619c6e5b89f23ff7f385925c18ea30d0],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch.2.1, , [ac5188418fec43f301772dc12ed413ed],
PUP.Optional.WhiteSmoke.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WhiteSmoke_US Toolbar, , [6f8eb415df9cf541ebb1b82fca380ef2],
PUP.Optional.ShopperPro, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPDRIVER_1.35.1.155, , [1de00bbe99e26acc3e2e85624fb3817f],
PUP.Optional.iWebar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, , [28d5616818631422f02be32ead560bf5],
PUP.Optional.MySearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [7f7e00c935465cda0c40be25f0148d73],
PUP.Optional.MySearch, HKLM\SOFTWARE\CLASSES\CLSID\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [7f7e00c935465cda0c40be25f0148d73],
PUP.Optional.MySearch, HKU\S-1-5-21-4033256246-680146763-291166523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [7f7e00c935465cda0c40be25f0148d73],
PUP.Optional.MySearch, HKU\S-1-5-21-4033256246-680146763-291166523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [7f7e00c935465cda0c40be25f0148d73],
PUP.Optional.MySearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [7f7e00c935465cda0c40be25f0148d73],
PUP.Optional.MySearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C9E891B1-BBFB-6DE4-0F86-427072044BE9}, , [7f7e00c935465cda0c40be25f0148d73],

レジストリ値: 0
(No malicious items detected)

レジストリデータ: 0
(No malicious items detected)

フォルダー: 14
PUP.Optional.Funshion, C:\Users\user\Funshion, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\Baiduflash, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\Baiduflash\subflash, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flash, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashStamp, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\playhome, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\control, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\funshiontools, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\historyTorrent, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SW-Booster, , [bd40e6e3de9ded49c2d6b123d82a6e92],
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SW-Booster\4128175596, , [bd40e6e3de9ded49c2d6b123d82a6e92],

ファイル: 41
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{2B6540FD-5792-419B-A370-1FB0F086620B}\Custom.dll, , [5f9e5574c9b2280e1956281bdc245ea2],
PUP.Optional.ScramblePacker.A, C:\Users\user\AppData\Local\Installer\Install_17621\sense.exe, , [a25b5277c2b90234ec4f87015da404fc],
PUP.Optional.WebSearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\WebSearch.xml, , [906d07c2087341f589539e6d33d053ad],
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastosearch.info_0.localstorage, , [fffe8c3dbfbc51e5c2bbbf8a18ec01ff],
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastosearch.info_0.localstorage-journal, , [718c606985f60036d9a4c881ef157090],
PUP.Optional.Funshion, C:\Users\user\Funshion\bbinfo.txt, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\platFormGuid.txt, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130906193301-5462519.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130311162226-15600100.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130607180341-7219937.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130716103038-11026092.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130730154647-15470946.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130805154537-4363400.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130809144717-5212173.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130813104742-5785007.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130819152955-9946380.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130823150248-17553763.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130823162430-9491501.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130911104051-17880456.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130913175438-2856475.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130913202220-19579442.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130913202629-4821602.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130917114752-4775023.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130918093654-17969932.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130918140301-4648194.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130918164905-8863806.flv, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\Cache\flashNew\20130918185100-17351963.swf, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\funshiontools\LoadIE.log, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\adConfig.xml, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\adConfig.xml.bak, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\adMaterialsTable1.xml, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\minisite.json, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\popwind.json, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\textAdLink.xml, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\textMiniAdLink.xml, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Funshion, C:\Users\user\Funshion\update\updatexmlfile.txt, , [cf2e1aaf2f4c75c16cf308b454ae57a9],
PUP.Optional.Booster.A, C:\ProgramData\AppSnow\SW-Booster\4128175596.ini, , [bd40e6e3de9ded49c2d6b123d82a6e92],
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences, 良: (), 悪: ( "startup_urls": [ "http://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND", "http://websearch.fastosearch.info/?pid=1091&r=2014/06/21&hid=13753532282638561734&lg=EN&cc=JP&unqvl=55" ],), ,[a45924a546355ed8b04c1af53cc98d73]
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js, 良: (), 悪: (user_pref("browser.startup.homepage", "http://websearch.fastosearch.info/?pid=1091&r=2014/06/21&hid=13753532282638561734&lg=EN&cc=JP&unqvl=55");), ,[23da11b8aecdc6709c5d739cbf466e92]
PUP.Optional.FastoSearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js, 良: (), 悪: (user_pref("keyword.URL", "http://websearch.fastosearch.info/?pid=1091&r=2014/06/21&hid=13753532282638561734&lg=EN&cc=JP&unqvl=55&l=1&q=");), ,[ac5104c5601bfa3cc239020d8a7beb15]

物理セクタ: 0
(No malicious items detected)


(end)
  • baikon
  • 2014/08/23 (Sat) 20:45:28
返信フォームへ 
残骸の駆除を
トロイ系は消えましたね。MBAMで見つかったエントリは全て迷惑ソフトの残骸ですので、すべて駆除してしまってください。

コンピュータの調子はいかがでしょうか?
  • イルカ
  • 2014/08/24 (Sun) 09:16:22
返信フォームへ 
Re: 広告が出てしまいます
MBAMにて駆除完了しました!

PCの状態も広告は出なくなりました!

ありがとうございます^^
  • baikon
  • 2014/08/24 (Sun) 15:22:32
返信フォームへ 
しばらく様子を見ましょう
とりあえず問題は治まったようですね。

このまま数日間、問題が発生しないか様子を見てください。
問題が無ければ、以下の後片付けに移ってください。



■後片付け
使ったツールを削除します。

・HijackThis
・CCleaner
コントロールパネルから、アンインストールしてください。
ポータブル版をダウンロードされた場合などはコントロールパネルに出てきませんが、その場合は実行ファイルをそのまま削除可能です。

・OTL
OTLを起動後、上側にある「Clean Up」ボタンを押してください。
OTL自身も自動的に削除されます。

・AdwCleaner
起動後、画面右下にある「アンインストール」を押してください。
本当に削除するかと聞かれるので、「はい」を押すとウィンドウが閉じ、ログなどの関連ファイルがまとめて削除されます。

・RougeKiller
・aswMBR
ダウンロードしたファイルをそのまま削除してください。
  • イルカ
  • 2014/08/25 (Mon) 00:37:16
返信フォームへ 
Re: 広告が出てしまいます
お世話になります。
あれから問題なくPCも快適に動いています。
ログを張付けますので確認お願いします。

●HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:31:31, on 2014/09/02
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPCMNT.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\user\Downloads\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ホームページぷりんと2BHO - {EFC91ACA-519F-428D-8472-81E158609D25} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
O3 - Toolbar: ホームページぷりんと2 - {C4FB9EEC-5B29-486B-ACD1-D93A4396E567} - C:\PROGRA~2\HOMEPA~1\IEBand.dll
O4 - Startup: CTF ローダー.lnk = C:\Windows\System32\ctfmon.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://202.241.175.203/SysCamInst.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Baidu Japanese IME Service_2.8.1.12 (BaiduJP_IME_Service_2.8.1.12) - Unknown owner - C:\Program Files (x86)\Baidu\IME\2.8.1.12\BaiduJPServ.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google アップデート サービス (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - 株式会社モーリン - C:\Program Files (x86)\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - Unknown owner - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)


●cc
無効 HKCU:Run Akamai NetSession Interface "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
無効 HKCU:Run ApplicationManager C:\Users\user\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
無効 HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
無効 HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
無効 HKLM:Run APSDaemon "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
無効 HKLM:Run ControlCenter4 Brother Industries, Ltd. C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
無効 HKLM:Run QuickTime Task "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
無効 HKLM:Run TkBellExe RealNetworks, Inc. "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
有効 Startup User CTF ローダー.lnk Microsoft Corporation C:\Windows\System32\ctfmon.exe


●IE

有効 Extension Research Microsoft Corporation C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Extension 故障かな?と思ったら・・・ 西日本電信電話株式会社 C:\Program Files (x86)\NTTW\OSA_SupportTool\start_w.exe
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper C:\Program Files\Java\jre6\bin\jp2ssv.dll
無効 Helper NaviNow Web Tool 1.0 C:\Users\Public\DOCUME~1\navinow\NAVINO~1.DLL
無効 Helper RealNetworks Download and Record Plugin for Internet Explorer RealDownloader C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
無効 Helper RealNetworks Download and Record Plugin for Internet Explorer RealDownloader C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
無効 Helper TmBpIeBHO Class C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
無効 Helper TmBpIeBHO Class C:\Program Files\NTTW\Security\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
無効 Helper ホームページぷりんと2BHO CORPUS CORPORATION C:\PROGRA~2\HOMEPA~1\IEBand.dll
無効 Toolbar ホームページぷりんと2 CORPUS CORPORATION C:\PROGRA~2\HOMEPA~1\IEBand.dll


●GOOGLE

有効 Extension Google ウォレット 0.0.6.1 Default C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0
無効 Extension RealPlayer Downloader 17.0.11 Default C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.11_1


●タスク

有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task RealDownloaderDownloaderScheduledTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe /bgrecordaliveevent
有効 Task RealDownloaderRealUpgradeLogonTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /logoncheck
有効 Task RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck
有効 Task RealPlayerRealUpgradeLogonTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
有効 Task RealPlayerRealUpgradeScheduledTaskS-1-5-21-4033256246-680146763-291166523-1001 RealNetworks, Inc. C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
  • baikon
  • 2014/09/02 (Tue) 19:57:53
返信フォームへ 
1点だけ
大体問題は無いのですが、1点だけ、消したはずのNavinowのエントリが残ってしまってますね。
無効になっているので影響はないはずですが、気持ち悪いので消しておきましょう。

CCleaenerを起動し、ツール -> スタートアップからInternetExplorerを開いてください。
次に、以下のエントリをクリックし、「エントリの削除」を押してください。
> 無効 Helper NaviNow Web Tool 1.0 C:\Users\Public\DOCUME~1\navinow\NAVINO~1.DLL

さらに、以下のフォルダを開き、フォルダ「navinow」があれば削除してください。
C:\Users\Public\DOCUME~1\
  • イルカ
  • 2014/09/02 (Tue) 23:22:36
返信フォームへ 
Re: 広告が出てしまいます
遅くなりました(>_<)

CCleaenerを起動後、削除完了しました。
navinowのフォルダは見つかりませんでしたので
後片付けに入ります。

ありがとうございました!
  • baikon
  • 2014/09/06 (Sat) 11:41:47
返信フォームへ 

返信フォーム
プレビュー (投稿前に内容を確認)
  
Template by  マシマロック