悪代官の伏魔殿掲示板

マルウェア駆除相談

こんばんは。
マルウェア駆除についてご助言いただけると幸いです。
よろしくお願いいたします。

以下、Hijackthis及びCCleanerのログを貼り付けます。

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:11:59, on 2014/11/30
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Users\Daiki\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
C:\Program Files (x86)\TokyoLoader\TokyoLoader.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Daiki\Desktop\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo!ツールバーフィッシング警告 - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_21\Modules\ypho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ifp6toolbar - {BE920B15-1DCA-450e-87D0-C1EEA491F3DD} - C:\Program Files (x86)\Digital Arts\IFP6\app\bin\ifp6toolbar32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Yahoo!ツールバーヘルパー - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_21\Modules\YahooToolBar.dll
O2 - BHO: navinow - {F6AC6E26-60C4-4132-95EA-F9B2D23C2990} - C:\Users\Public\Documents\navinow\navinow.dll
O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_21\Modules\YahooToolBar.dll
O4 - HKLM\..\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
O4 - HKLM\..\Run: [KSafeTray] "c:\program files (x86)\kingsoft\Kingsoft System Defender\KSafeTray.exe" -autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ApplicationManager] C:\Users\Daiki\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: TokyoLoader.lnk = C:\Program Files (x86)\TokyoLoader\TokyoLoader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: OneNote に送る(&N) - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {7CF38931-9AAA-447C-8BC6-27029A6D695F} (VWRCCtrl Class) - https://reg.msc.sony.jp/share/activex/vaio/VOR.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: CLHNService3 - Unknown owner - C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\CLHNService.exe
O23 - Service: CyberLink Product - 2013/07/26 11:59:33 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KSafe service (KSafeSvc) - Kingsoft Corporation - c:\program files (x86)\kingsoft\Kingsoft System Defender\KSafeSvc.exe
O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
O23 - Service: NI Citadel 4 Service (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\SysWOW64\lkcitdl.exe
O23 - Service: NI PSP Service Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\SysWOW64\lkads.exe
O23 - Service: NI Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\SysWOW64\lktsrv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NetworkSupport - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: NI Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI Service Locator (NiSvcLoc) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
O23 - Service: NI System Web Server (NISystemWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Unknown owner - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\vuagent.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 12617 bytes

Adobe AIR Adobe Systems Incorporated 2014/11/17 15.0.0.356
Adobe Community Help Adobe Systems Incorporated. 2014/03/21 3.5.23
Adobe Flash Player 15 Plugin Adobe Systems Incorporated 2014/11/16 6.00 MB 15.0.0.223
Adobe Photoshop Elements 10 Adobe Systems Incorporated 2014/03/21 2.60 GB 10.0
Adobe Premiere Elements 10 2013/01/30
Adobe Premiere Elements 10 Adobe Systems Incorporated 2014/03/21 1.23 GB 10.0
Adobe Reader X (10.1.12) MUI Adobe Systems Incorporated 2014/09/20 548 MB 10.1.12
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2013/07/26 26.3 MB 8.0.911.0
ApplicationManager 2011.4.27.209 kingsoft 2014/03/21 2011.4.27.209
Audacity 2.0.5 Audacity Team 2013/12/28 45.5 MB 2.0.5
BUFFALO エアステーション設定ツール BUFFALO INC. 2013/06/30 2.95 MB 2.0.12
BUFFALO クライアントマネージャＶをアンインストール BUFFALO INC. 2013/06/30 9.87 MB 1.4.10
BUFFALO パソコン環境表示ツール BUFFALO INC. 2013/06/30 4.17 MB 1.1.0
Canon MP610 series 2014/03/21
CCleaner Piriform 2014/11/30 5.00
CyberLink Power2Go 8 CyberLink Corp. 2013/01/30 281 MB 8.0.0.1923
CyberLink PowerDVD CyberLink Corp. 2013/07/26 192 MB 9.0.6426.52
Dolby Home Theater v4 Dolby Laboratories Inc 2013/07/26 2.44 MB 7.2.8000.17
EPSON EP-704A プリンターアンインストール SEIKO EPSON Corporation 2014/03/22
EPSON Scan Seiko Epson Corporation 2014/03/21
Google Chrome Google Inc. 2013/02/06 39.0.2171.71
i-フィルター 6.0 デジタルアーツ株式会社 2013/01/30 23.6 MB 6.00.20.0076
Intel(R) Management Engine Components Intel Corporation 2014/03/21 8.1.0.1252
Intel(R) Processor Graphics Intel Corporation 2014/03/21 10.18.10.3412
Intel(R) Rapid Storage Technology Intel Corporation 2014/11/30 11.5.3.1004
Java(TM) 7 Update 5 Oracle 2013/01/29 101 MB 7.0.50
Java(TM) 7 Update 5 (64-bit) Oracle 2013/01/29 95.0 MB 7.0.50
Kingsoft AntiVirus Kingsoft Internet Security 2014/03/21 kis2013
Kingsoft System Defender 3.7.0.49 Kingsoft System Defender 2013/10/06 3.7.0.49
Microsoft Office 2010 Microsoft Corporation 2014/03/21 14.0.7015.1000
Microsoft Office Home and Business 2013 - ja-jp Microsoft Corporation 2014/11/21 15.0.4667.1002
Microsoft SkyDrive Microsoft Corporation 2014/03/21 26.6 MB 17.0.2015.0811
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/02/08 290 KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2013/12/28 11.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2013/12/31 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2013/01/30 676 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2013/02/08 590 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/19 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/19 11.1 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2014/10/19 10.0.50903
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 2014/10/19 10.0.50903
National Instruments ソフトウェア National Instruments 2014/07/13
Navinow WebTool 1.0 株式会社インターパイロン Interpylon.Inc 2014/03/21 1.0
PcWaveForm7 2014/03/21
PhotoWizard Microsoft 2013/01/30 382 MB 1.0.0
PlayMemories Home Sony Corporation 2013/01/29 6.3.02.07270
Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Communications 2013/07/26 90.5 MB 8.0.0.218
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/03/21 6.0.1.6748
SmartSound Common Data SmartSound Software Inc. 2013/01/30 13.4 MB 1.1.0
SmartSound Premiere Elements 10 x64 Plugin SmartSound Software Inc. 2013/01/30 40.0 KB 5.70.0001
SmartSound Sonicfire Pro 5 SmartSound Software Inc. 2013/01/30 60.7 MB 5.7.1
Synaptics Pointing Device Driver Synaptics Incorporated 2014/03/21 46.4 MB 16.2.16.2
TokyoLoader UNKNOWN 2014/11/17 0.6.30
Unifizer NEC三栄㈱ 2014/08/16 9.17 MB 1.0.0
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/10/30 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/09/20 34.8 MB 15.0.1215
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/04/06 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2014/08/12 17.0 KB 16.0.1016.1
Update for Video Converter Update for Video Converter 2014/03/21
VAIO - Xperia Link Sony Corporation 2013/07/26 1.0.2.11280
VAIO Care Sony Corporation 2013/01/30 160 MB 8.0.0.08150
VAIO CPU Fan診断ツール Sony Corporation 2013/01/29 1.1.0.09200
VAIO Gate Sony Corporation 2013/07/26 3.0.1.02270
VAIO Gate Default Sony Corporation 2013/01/30 3.0.0.08060
VAIO Gesture Control Sony Corporation 2013/01/29 2.0.0.08240
VAIO Image Optimizer Sony Corporation 2013/01/29 81.8 MB 3.0.00.08170
VAIO Improvement Sony Corporation 2013/01/29 2.0.0.08090
VAIO Media Server Settings Sony Corporation 2013/07/26 61.5 MB 1.0.2.11060
VAIO Movie Creator Sony Corporation 2013/07/26 107 MB 4.0.00.10170
VAIO Update Sony Corporation 2014/07/13 7.0.1.02280
VAIO お引越サポート Sony Corporation 2013/01/30 1.8.0.08212
VAIO の製品登録 (無料) Sony Corporation 2013/01/29 7.0.0.07200
VAIO の設定 Sony Corporation 2013/01/29 6.0.0.08200
VAIO データリストアツール Sony Corporation 2013/01/29 1.10.0.07270
VAIO ホームネットワークビデオプレーヤー Sony Corporation 2013/07/26 69.9 MB 1.2.5.06250
VAIO ホームネットワークビデオプレーヤーデジタル放送プラグイン CyberLink Corp. 2013/07/26 14.4 MB 4.0
VAIO マニュアル Sony Corporation 2013/01/29 3.0.0.08100
Video Converter Packages 2014/03/21
Yahoo!ツールバー Yahoo! JAPAN. 2014/03/21 2.57 MB 7.3.0.21
データビューア株式会社クボタ 2014/07/13 4.08 MB 3.5.0
日本hao123ショートカット hao123 2014/03/21 1.0.0.1108
筆ぐるめ Ver.19 富士ソフト株式会社 2013/01/30 389 MB 19.00.0000

SBW
2014/11/30 (Sun) 19:24:46

返信フォームへ

Re: マルウェア駆除相談

こんばんは、たまに出てくる回答者のイルカです。管理人の悪代官さんではありませんがご勘弁を。

ログを見ると、NavinowとDSiteのハイブリッドでしょうか。
Chromeということで、状況によっては手間取る可能性があることをご了承ください。

■ソフトウェアの更新
以下のソフトはバージョンが古いので、特別な理由のない限りアップデートを推奨します。
古いバージョンのソフトにはセキュリティ上の脆弱性があり、ウイルスに狙われる定番となっていますので。
使っていないのであればアンインストールしてもいいでしょう。

・Java(TM) 7 Update 5
・Java(TM) 7 Update 5 (64-bit)
最新版に更新しましょう。
途中でAsk Toobarとか余計なものを入れないように。
https://java.com/ja/download/

■不要と思われるソフトウェアのアンインストール
コントロールパネルからで構いません。無ければ無視で。

・Navinow WebTool 1.0
・Update for Video Converter
・Video Converter Packages
・日本hao123ショートカット
アドウェアのようです。アンインストールを推奨します。

・PcWaveForm7
覚えがなければ、アンインストールしてください。

■AdwCleanerでの処置
AdwCleanerの使い方
http://www59.atwiki.jp/malware_laboratory/pages/4.html

を参考に、「Adwcleanerのダウンロード」～「駆除ログの出力」までを行い、結果出てきたログをお知らせください。

■OTLによる解析
OTLと呼ばれる、高機能解析ツールを使って調べます。

1. 以下にある(直リンクです)解析ツール「OTL」(OldTimer Listit)をダウンロードし、デスクトップに置いてください。
ウイルス対策ソフトやブラウザから危険判定されるかもしれませんが、誤検知ですので気にしないで進めてください。
http://oldtimer.geekstogo.com/OTL.exe

2. 実行後、次の設定を変更してください。
・ウィンドウの上の方にある「Scan All Users」にチェックを入れる
・「Scan 64bit Files」があった場合には、それにもチェックを入れる
・「Extra Registry」を「Use SafeList」に設定する
・「File Scans」の「File Age」を「60 Days」に設定する

3. 以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT

3. 左上の「Run Scan」を押してください。数分すると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に出来ます。

これらのファイルの内容を、分割した上で本文に貼り付けてください。特にOTL.txtは結構長いので、途中で分割しないと切れてしまいます。
最大文字数を超えた場合、貼り付けることはできても、投稿すると切れてしまいますので。
途中の「[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]」あたりで分割してみてください。

イルカ
2014/11/30 (Sun) 19:36:32

返信フォームへ

Re: マルウェア駆除相談

イルカ様
早速のご回答ありがとうございます。
以下の通り作業実行しました。

■不要と思われるソフトウェアのアンインストール
⇒実行しました。

■AdwCleanerでの処置
⇒以下に処置後のログを記載します。
# AdwCleaner v4.102 - レポート作成日 30/11/2014 時間 20:09:58
# 更新日 23/11/2014 更新元 Xplode
# Database : 2014-11-27.1 [Live]
# オペレーティングシステム : Windows 8.1 (64 bits)
# ユーザー名 : Daiki - VAIO
# プログラムの実行場所 : C:\Users\Daiki\Desktop\Downloads\adwcleaner_4.102 (3).exe
# オプション : 除去

***** [ サービス ] *****

***** [ ファイル / フォルダ ] *****

フォルダ除去 : C:\ProgramData\iolo
フォルダ除去 : C:\Users\Daiki\AppData\Roaming\DigitalSites
フォルダ除去 : C:\Users\Daiki\AppData\Roaming\Systweak
フォルダ除去 : C:\Users\Daiki\AppData\Roaming\iolo
ファイル除去 : C:\WINDOWS\System32\roboot64.exe
ファイル除去 : C:\Users\Daiki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk

***** [ タスク ] *****

タスク除去 : Digital Sites
タスク除去 : RegClean Pro_DEFAULT
タスク除去 : RegClean Pro_UPDATES

***** [ ショートカット ] *****

***** [ レジストリ ] *****

キー除去 : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
キー除去 : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
キー除去 : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
キー除去 : HKCU\Software\dsiteproducts
キー除去 : HKCU\Software\InstallCore
キー除去 : HKCU\Software\systweak
キー除去 : HKLM\SOFTWARE\systweak
キー除去 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
キー除去 : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\jp.hao123.com

***** [ Webブラウザ ] *****

-\\ Internet Explorer v11.0.9600.17344

設定復元 : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v39.0.2171.71

*************************

AdwCleaner[R0].txt - [2086 octets] - [30/11/2014 20:07:38]
AdwCleaner[S0].txt - [1810 octets] - [30/11/2014 20:09:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1870 octets] ##########

SBW
2014/11/30 (Sun) 20:17:26

返信フォームへ

ちょっと確認を

横レスすみません。
ここの管理人の悪代官です。

ログを見せてもらいましたが、普通の個人PCでは使わないような業務用らしいアプリが見えてますね。
>Unifizer NEC三栄㈱
>National Instruments ソフトウェア

該当のPCは職場でお仕事に使うPCですか？
まずは支障ない範囲でPC環境の説明をレスください。

職場のPCで起きたトラブルの相談を外部に持ち出すのはNGです。
まともな会社ならそれだけで厳罰対象（解雇含む）にもなるので、この場合は速やかに職場の責任者に報告して、職場として正式に対処するしかありません。

小規模な事業所の公私兼用PCとかなら状況次第では協力可能ですが、規模の大小にかかわらず職場のPCならそれに入っている全データの重みを認識して慎重な判断と対処は必須と承知しておいてください

悪代官
2014/11/30 (Sun) 20:20:27

返信フォームへ

Re: マルウェア駆除相談

悪代官様。

ご返信ありがとうございます。

相談内容は「個人用PCについて」です。
業務とは関係ありません。

よろしくお願いいたします。

SBW
2014/11/30 (Sun) 20:33:38

返信フォームへ

Re: マルウェア駆除相談

（続き）

■OTLによる解析

Extras.txtの内容を以下に記載いたします。
OTL Extras logfile created on: 2014/11/30 20:19:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daiki\Desktop\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.88 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 79.97% Memory free
9.13 Gb Paging File | 7.41 Gb Available in Paging File | 81.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 429.31 Gb Total Space | 371.49 Gb Free Space | 86.53% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: VAIO | User Name: Daiki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-477131865-3118507367-1778731762-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A3BB187-468E-4D84-9792-02A814D0A23C}" = lport=3580 | protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\nisvcloc\nisvcloc.exe |
"{9004D520-C8AF-4D33-B390-FC4953CA8855}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\mdns responder\nimdnsresponder.exe |
"{C9BA94FC-A700-4DAC-A32B-08740AF5A518}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = lport=3581-3582 | protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}" = lport=3580 | protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\nisvcloc\nisvcloc.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = lport=3581-3582 | protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{FF4A0B61-444F-4C02-A029-1B0AF543081E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025A1175-685B-45F3-A215-26852D0F6E3F}" = dir=out | name=vaio care |
"{0473DE82-8886-4B16-91E6-88165003380B}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{0539ECF2-279B-42C3-9E3E-074CE5CF9714}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0C0859BF-1E4B-4896-AACD-BE5A257EA7B5}" = dir=out | name=juniper networks junos pulse |
"{0FD5668F-C7B7-4C4C-8ACA-A1B041A7AE17}" = dir=in | name=microsoft solitaire collection |
"{1A6AF62B-9016-4611-B6FE-72C4B108BF97}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{1E86ECD5-D80E-4269-9991-51078D22075A}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{22EC3136-CADE-4416-9D77-F40268D55AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe |
"{2856C56D-054E-4890-B2BE-556C822B94CE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{28C27CCD-9768-471A-AB2E-FB780A3923B7}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{2C2C772F-DD0A-4560-B0F8-F10B95F3D289}" = dir=out | name=skype |
"{31FD440C-542F-4468-8C49-CEFCAED92E1A}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe |
"{419ADB96-AA89-4216-BCDE-3D63F697052E}" = dir=out | name=microsoft minesweeper |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{45AF5432-D5B9-40F1-99B4-47B9DA0CF3B3}" = dir=out | name=windows_ie_ac_001 |
"{4CDD9EF2-264E-4F70-9393-8171E2D14031}" = dir=in | name=f5 vpn |
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{4F77B09D-8279-4810-B504-B6027658D233}" = dir=out | name=楽天gateway |
"{5102B041-6965-497E-973D-FC74802D7E73}" = dir=out | name=sony select |
"{53BB9739-6271-4442-A359-20A78FAD5357}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{54C0C2E7-F993-4093-ADD7-A2293CA28F37}" = dir=in | app=c:\users\daiki\appdata\local\microsoft\skydrive\skydrive.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{6194C5EC-7070-40B0-B9B6-B5EB8728399F}" = dir=in | name=vaio care |
"{634C8594-54BC-4039-9B89-65B286272633}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{67A321E0-A3AE-4C50-9507-F5A225F097F0}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{67F5238B-0B2A-43DC-A5C9-80F6C2610E02}" = dir=out | name=sonicwall mobile connect |
"{6E0A2F50-B864-4322-AFFC-A880E789A334}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{771217A1-0619-428A-9643-0AD05F9E7569}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{78A6E690-4E30-4550-9699-7DC8E10167F6}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{7A6B3645-4A8B-4501-90D5-95FEBB79F668}" = dir=out | name=windows_ie_ac_001 |
"{7FD6A412-72EF-412E-8AE7-B6FA41EB6E03}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84937ADF-2465-4493-8EB1-E08832EC93FF}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{85390457-4B36-4FDA-A46B-6E640675E3A9}" = dir=out | name=f5 vpn |
"{888743EB-8632-4496-BED6-1BF5DBBFBCAD}" = dir=out | name=@{microsoft.bingsports_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{8C00BB72-00EA-427F-AF5F-287569D49C92}" = dir=in | name=juniper networks junos pulse |
"{8E5B1129-3E6A-4ED2-80E8-AD3A9A0855A5}" = dir=in | name=check point vpn |
"{91A8D41D-4531-4245-8B1B-B3D1020BBD67}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{92056752-B56F-42B5-8217-F34BB089FDB6}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{93660564-C00C-4A71-AF38-8CD402864693}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{97D71156-0EF5-4788-BF38-D7E41C9285CA}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{9E25BD9B-CE86-4E54-BB72-DE0AE2C8D1EA}" = dir=in | name=microsoft minesweeper |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A044E6D5-72B9-416B-8BB9-899F30D9F8E6}" = dir=out | name=ヤフオク! (v) |
"{A128B9F1-66E0-4E79-8504-71E656D988C2}" = dir=in | app=c:\windows\system32\lxedcoms.exe |
"{AAB510F8-0559-4629-9530-AD61F4E77419}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{ADF793AF-D895-4337-9E96-6D193CCF667F}" = dir=out | name=@{microsoft.bingweather_3.0.4.214_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{AEA2976E-F91D-4754-9A8B-DABF539D6602}" = dir=out | name=@{microsoft.zunemusic_2.6.343.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{AFEC00A7-51A1-49F1-A00E-3EF3AAFE6A20}" = dir=in | name=sonicwall mobile connect |
"{BF84EC2A-3544-4D59-817C-C9945249B97B}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{C2111C1D-7613-4DCA-8C19-CCF40F7D2921}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{C84123B0-2B09-46CB-A785-C4D91F77508B}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{CB3D6F57-9241-4A4E-98FD-6E08C578EA7B}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D0D59255-8B53-4580-AC5A-C6CD82102879}" = dir=out | name=@{microsoft.zunevideo_2.6.376.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{D250E08A-537F-4B49-B377-E332D1A5F475}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{D3347335-493A-4C32-892C-B025735A3462}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{D340DCC5-ADB5-4816-ADA7-8718EFBEB337}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DA27BD8A-98B9-4D48-B45C-A34D14D15B7D}" = dir=out | name=check point vpn |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DBCEA590-292B-4537-A42F-10F5266845C7}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{E1D5A3D8-2C7A-47B1-91FD-DBB9D8A2572D}" = dir=in | name=skype |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7FA1C8E-8D24-4DA0-8AFD-B68664DE6AEB}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F071A753-92B5-4EAA-9D61-8B7A3E67BE20}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F54B1504-985C-4D29-BEC1-1B841AD6A190}" = dir=out | name=hulu |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F92BB401-C868-4D93-AEBE-061FBB7C1BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FA7194A8-27E7-441E-A189-FA4D2AA40758}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{FD33E42D-3D26-476B-8F24-39D9EAF9C95E}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FDF39097-A0E7-4AAA-998F-1DAB6D5343D4}" = dir=out | name=windows_ie_ac_001 |
"{FF227FE0-02AB-4B9C-8444-A59934D703C4}" = dir=out | name=microsoft solitaire collection |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E00E94-7A78-40FA-9BEF-71C190E98041}" = NI VC2008MSMs x64
"{112D8201-03A2-43B2-861B-EB3FCB855547}" = Mathカーネルライブラリ（64ビット）
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{1B2C85A0-2B9E-4291-8B37-468D57503E98}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{35E3FB2E-8ABA-4778-9BE1-0192F49EA05A}" = NI Trace Engine (64-bit)
"{3A6898F6-9B23-40DE-9B2D-617DBDEFDBF9}" = NI mDNS Responder 2.2 for Windows 64-bit
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B432082-B58C-4035-91FB-F28D504D3148}" = VUx64
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = VSSTx64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5388ABD8-6E23-4498-BE10-01079387590F}" = VGClientX64
"{553C52C6-993E-47D4-8E49-3097B4BD4969}" = VGClientX64
"{5A1CD0BB-7E65-45DC-9A9A-682CE8B62AA4}" = Update for Japanese Microsoft IME Standard Dictionary
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62A172B2-550E-499D-9A82-5190D18390AA}" = VAIO Media Server Settings
"{63B6ADAB-AB1B-4542-911D-C15FFBD5E1BE}" = NI ActiveXコンテナ（64ビット）
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{70EF3883-996F-44BE-AF2C-54F73CFD0D2C}" = NI System Web Server Base 13.5.0 (64-bit)
"{75CF9162-AEA0-4A9D-9DD0-0B74A0523DE3}" = NI SSLサポート（64ビット）
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86F29A75-A109-4B1B-B7E0-4F9F4C897462}" = NI Authentication 13.5.0 (64-bit)
"{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0411-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Japanese) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{A3154334-4692-449E-8836-3CCD28D0B1D7}" = NI Logos64 XT Support
"{A8367645-8535-4578-9AE1-5019435BAF40}" = NI Web Application Server 13.5（64ビット）
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AB447E3B-7A95-4CA6-8ECD-B25C96314B67}" = VCCx64
"{AD1A77F2-5E5F-4A1C-A5C5-74CE7CEC5EC6}" = Networkx64
"{AE6F115B-DE1B-4D55-A27D-B9AE1B285706}" = NI System State Publisher (64-bit)
"{AFC5A844-CA3A-4566-89E7-3E24E6AFF9A3}" = NI VC2010SP1MSMs x64
"{B2149E16-A01C-458E-A6E5-B9DC96EAD1AA}" = NI Logos 5.5 (64ビット)
"{B939BFEB-824F-4456-A4EE-2B86ED04033D}" = Update for Japanese Microsoft IME Trending Words Dictionary
"{CC608842-EFFB-2528-BE17-98B97F22FD5D}" = AMD Catalyst Install Manager
"{D110D0D3-D7AF-8F83-DCD6-C7E00F2D6A87}" = ccc-utility64
"{D2837730-4960-3B35-8088-201387FD3BDB}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{DD782E07-8DA9-48D4-B965-129963663E52}" = NI TDMストリーミング 2.5 (64ビット)
"{E0F928B4-2BB2-4D7E-B16E-2B202CB58EDE}" = VAIO Care
"{E416D773-1E46-4FF4-BFAE-267D78CE10D8}" = NI GMP Windows 64-bit Installer 13.5.0
"{F257450A-AF7B-425F-BB04-E82A24DF24BD}" = NI Curl 13.5.0 (64-bit)
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{FB483FA3-A91A-42C2-B3A6-6F6B504A4C5B}" = VAIO ホームネットワークビデオプレーヤー
"{FDC60158-F92E-41DA-8515-1A5EAEF89EAC}" = i-フィルター 6.0
"CCleaner" = CCleaner
"EPSON EP-704A" = EPSON EP-704A プリンターアンインストール
"HomeBusinessRetail - ja-jp" = Microsoft Office Home and Business 2013 - ja-jp
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語
"PremElem100" = Adobe Premiere Elements 10
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A663F1-6C03-48CA-8E85-55806AAE2615}" = VAIO Movie Creator Template Data
"{04A5064E-9238-590A-11D0-FAEF7EA45A80}" = CCC Help Dutch
"{05B13ED9-843F-4AFF-F925-083879FE61B4}" = CCC Help Thai
"{06623EB3-9292-5ED9-A935-6E3B197A0BA6}" = CCC Help Greek
"{0A661901-E66D-4329-8B5B-BD4CD55FD430}" = 筆ぐるめ Ver.19
"{0DEEF8A0-A14B-4058-96E2-59B00C581A42}" = NI LabWindows/CVI 2013 Low-Level Driver (Updated)
"{10181264-340D-4BE7-B879-3A49604A6FD1}" = VUx86
"{10DD6128-A810-4A90-9523-475D573FBB37}" = PlayMemories Home
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{11F5F987-A86C-ACDC-63AE-E885949A2394}" = CCC Help Czech
"{14AC95A2-7675-4988-A5BD-3F5B943AED08}" = VAIO Gate
"{15015752-9990-4516-A2B1-93823281FB8E}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{1D07C6E5-FE41-4C81-8A0A-A52111404EF5}" = Catalyst Control Center - Branding
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F7F5330-D1C5-49D8-85A3-75E29C2434FE}" = NI mDNS Responder 2.2.0
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2586E081-A584-9912-5228-04901A1B3E01}" = CCC Help Swedish
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2C0E578A-2497-8D29-DDC8-A7EA086E0256}" = CCC Help Danish
"{2C1641D5-437E-4EE7-BC5E-89FCDCDF09BD}" = 英語版以外の言語のLabVIEW 2013 SP1 ランタイムエンジンサポート
"{33B7D3DD-D769-4D04-B8AD-842336FC524A}" = NI LabVIEW Run-Time Engine Interop 2013
"{3490653F-2789-46A1-B1BF-6BD4CF4131AB}" = FDUx86
"{36E20EA8-8430-F3C7-B85C-8EB152CC34EA}" = CCC Help Chinese Standard
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3C100F93-4F0E-4C32-9AEB-EFB3E2CA34F8}" = PhotoWizard
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1A81BF-154E-40EE-987B-159E81D25BF7}" = VAIO の製品登録 (無料)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A80EB0-B405-11E1-9C1E-005056C00008}" = SCS Shortcut
"{52357C9C-605C-41F1-BE5D-A6BCFF1FBA3B}" = NI Web Application Server 13.5
"{53606225-A1A8-4A74-BA4B-00206F38DB60}" = NI ActiveXコンテナ
"{55153CED-100B-4561-BB16-368DA24E1109}" = NI System Web Server Base 13.5.0
"{5544F42F-1D96-E29C-2EDC-91E1F5727FD5}" = PX Profile Update
"{5597C927-029A-46A7-A0C0-8DABD9891A50}" = VAIO Image Optimizer
"{55BB8C5E-63AA-D4A8-652E-00757F518A5C}" = Catalyst Control Center InstallProxy
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO データリストアツール
"{57F391AA-27FF-BC37-1884-3203052BACAE}" = CCC Help Turkish
"{5C22B458-F39B-4F37-A524-3A7924BA7951}" = NI Authentication 13.5.0
"{5CE16272-2DA3-409F-8ACE-2C3A29DF9B7F}" = NI Service Locator 13.5
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO お引越サポート
"{6289941F-04B5-0039-1AAB-041310B44E84}" = CCC Help Finnish
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{6458DFA6-D59A-4562-B04E-5E4542205FE4}" = NI System State Publisher
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{652186F5-67BB-4D00-A49C-F26E49C9AC72}" = NI MDF Support
"{664BAA9C-5A7E-CC6F-49DD-03976924D12D}" = CCC Help Japanese
"{67A61FCF-C544-1179-5C06-5B4B4D176DD2}" = CCC Help Chinese Traditional
"{692955F2-DE9F-4078-8FAA-858D6F3A1776}" = VAIO Gesture Control
"{6AC3B0CF-9B28-E8B7-AA2C-57DB7253E2A8}" = CCC Help Italian
"{70400242-737B-4BB1-A951-4FACC011A5D9}" = NI LabWindows/CVI 2013 Low-Level Driver (Original)
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}" = Update for Japanese Microsoft IME Standard Extended Dictionary
"{7A495E30-B56F-BB47-B6A1-9922C94F7F9D}" = CCC Help Portuguese
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7D2B796A-C573-448E-A8BF-09D4D8BEEFD8}" = NI SSLサポート
"{7DB71278-9AD7-4480-AB08-8649C5010B17}" = Update for Japanese Microsoft IME Standard Dictionary
"{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}" = VMLx86
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8188ECA2-921D-AF49-4314-9A31EB768200}" = Catalyst Control Center
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{857087BB-A988-4462-A5C6-CF6739143B56}" = KUx86
"{85F033B1-61E5-4D93-8B42-9E674EAE0F88}" = NI System Web Server 13.5
"{8B289829-D99A-46FA-9501-B33E461C775D}" = NI Uninstaller
"{8E37009C-9803-494D-820D-89DE51682DAF}" = データビューア
"{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO の設定
"{90140000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2010
"{90140000-0018-0411-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Japanese) 2010
"{90140000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2010
"{90140000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2010
"{90140000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2010
"{90140000-00A1-0411-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Japanese) 2010
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0411-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90824F67-3626-31DB-E41F-2C9A0024E666}" = CCC Help Russian
"{90A91C0A-F146-465B-9A13-70A1E0B3F0AB}" = NI Trace Engine
"{91140000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Essentials 2010
"{98E79025-0D0E-F793-B400-F96CD0DA3B62}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D8112DB-3490-4BF1-AAFA-1D224FFB5D3C}" = VHD
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A05EFB3F-19E2-4F9E-8380-BE095CCF0BE4}" = NI Logos XT Support
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A6B4DC8F-6608-1268-2521-8C25BDD7B24E}" = CCC Help English
"{A7AD80DA-96BC-4AE3-9C47-38031D730A12}" = NI LabVIEW ランタイムエンジン 2013 SP1
"{A808CAD0-131C-4F9B-9B20-BEC24D5F579B}" = NI SSL LabVIEW RTE 2013 SP1 Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9556859-D269-424A-BF4A-549C90352FB4}" = VAIO ホームネットワークビデオプレーヤーデジタル放送プラグイン
"{AA4B3623-6213-41EC-9BFB-F001D72C47A6}" = VAIO Gesture Control
"{AAEABC4C-A7EF-4E5C-B15A-03979CF53B1D}" = NI Curl 13.5.0
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.12) MUI
"{ACFDF2DC-99F7-68A9-63B2-45AC6CA345B8}" = CCC Help Hungarian
"{B24BB74E-8359-43AA-985A-8E80C9219C70}" = VSSTx86
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B31938C7-7E97-49EE-8F88-951E156268A3}" = VCCx86
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8717D3F-6AD0-93D0-B59F-827A56072E7B}" = CCC Help French
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8AD702E-5AF2-45E8-AB8A-2C7F996E7728}" = NI LabVIEW 2013 Deployment Framework
"{BBAC09E8-0140-4F34-8CF7-90D61C773B26}" = NI LabVIEW 2013ランタイムエンジンウェブサーバ
"{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO CPU Fan診断ツール
"{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}" = VAIO Movie Creator
"{C2D801D7-85CC-2860-7F78-73C021489D11}" = Catalyst Control Center Graphics Previews Common
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO マニュアル
"{C97069CE-D337-DC8B-14EA-86E557A7F1DD}" = TokyoLoader
"{CA533BA0-E6F9-4349-B0EC-ABDEB0481E77}" = NI Logos 5.5
"{CD650B6A-FE79-40E0-A069-299CF6575E6B}" = XperiaLinkx86
"{CE9B7785-2CFB-9E6A-1906-7F51BAAF7D42}" = PX Profile Update
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D38B8984-0643-99DD-13EE-F5E2DA3FD724}" = CCC Help Korean
"{D74B8A47-8F16-478E-921D-88FA2B731D01}" = NI EulaDepot
"{D91558BF-D1F3-411F-AEFE-8774CB406512}" = VAIO - Xperia Link
"{E6757A5B-EE7E-4D72-82B7-D1B2991DF55E}" = PYV_x86
"{E6C61E6E-D4B7-03DE-D570-3B4644D49E33}" = CCC Help German
"{E71784F9-5B67-4052-A5FC-55C038396936}" = Mathカーネルライブラリ
"{E7E4AD48-7348-9041-AB91-99388E008123}" = Catalyst Control Center Localization All
"{E84997A1-4D6F-4C0B-B60D-F85B360D2666}" = NI VC2008MSMs x86
"{E8FEF8C7-BC3E-4965-A4FF-A4FC539DE017}" = Unifizer
"{E9DE4A5E-FF20-C409-1126-757062CE6477}" = CCC Help Spanish
"{ECCEB4D0-7080-4F8A-B498-E40A32A4FBED}" = Restore
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EECC6212-CAD3-7EFD-7333-D374F2BD3B0C}" = CCC Help Polish
"{EEDB0927-3BD8-4349-856E-425A146CC680}" = NI LabVIEW 2012 Real-Time NBFifo
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2273FA7-117C-43D7-BD59-00B025535442}" = NI VC2010SP1MSMs x86
"{F278392D-547E-4E67-AD1C-2576C2852B50}" = NI Measurement Studio ComponentWorks 3D Graph
"{F8B31A9F-59EC-4D26-9156-796360E85C94}" = NI TDMストリーミング 2.5
"{FB1F30CB-2A2E-49FE-83B9-56FD8195169E}" = NI GMP Windows 32-bit Installer 13.5.0
"{FB4A820D-2D7A-4BD1-9B5E-42E78C6F261F}" = NI エラーレポート 2013 SP1
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FF201E2E-B3B0-409E-D6B3-7EC68DD966D0}" = Catalyst Control Center Profiles Mobile
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"ApplicationManager" = ApplicationManager 2011.4.27.209
"Audacity_is1" = Audacity 2.0.5
"BUFFALO_AirSet2_is1" = BUFFALO エアステーション設定ツール
"BUFFALO_BPCEnv_is1" = BUFFALO パソコン環境表示ツール
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}" = VAIO Movie Creator Template Data
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}" = VAIO Image Optimizer
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"InstallShield_{A9556859-D269-424A-BF4A-549C90352FB4}" = VAIO ホームネットワークビデオプレーヤーデジタル放送プラグイン
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}" = VAIO Movie Creator
"Kingsoft Internet Security" = Kingsoft AntiVirus
"Kingsoft System Defender" = Kingsoft System Defender 3.7.0.49
"NI Uninstaller" = National Instruments ソフトウェア
"Office14.EssentialsR" = Microsoft Office 2010
"PcWaveForm7" = PcWaveForm7
"TokyoLoader" = TokyoLoader
"UN900119" = BUFFALO クライアントマネージャＶ
"UN900119_is1" = BUFFALO クライアントマネージャＶをアンインストール
"Yahoo!Jツールバー" = Yahoo!ツールバー

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-477131865-3118507367-1778731762-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2014/09/15 6:18:15 | Computer Name = VAIO | Source = SampleCollector | ID = 131331
Description = CreateFile:SState: Failed with error 0x20: プロセスはファイルにアクセスできません。別のプロセスが使用中です。

Error - 2014/09/18 20:53:05 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: chrome.exe、バージョン: 37.0.2062.120、タイムスタンプ: 0x5407bf0e
障害が発生しているモジュール名:
chrome.dll、バージョン: 37.0.2062.120、タイムスタンプ: 0x5407bc49 例外コード: 0xc0000005 障害オフセット: 0x000984df
障害が発生しているプロセス
ID: 0x1680 障害が発生しているアプリケーションの開始時刻: 0x01cfd39fe12a5f88 障害が発生しているアプリケーションパス: C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe 障害が発生しているモジュールパス: C:\Program Files
(x86)\Google\Chrome\Application\37.0.2062.120\chrome.dll レポート ID: 4ff6f16c-3f97-11e4-bebe-a41731e4fa48
障害が発生しているパッケージの完全な名前:
障害が発生しているパッケージに関連するアプリケーション ID:

Error - 2014/09/20 8:42:16 | Computer Name = VAIO | Source = Application Hang | ID = 1002
Description = プログラム LiveComm.exe バージョン 17.5.9600.20573 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センターコントロールパネルで、問題の履歴をクリックしてください。プロセス ID: 1640 開始時刻: 01cfd4cf952e782c 終了時刻: 4294967295

アプリケーション
パス: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe

レポート
ID: 89fd985e-40c3-11e4-bebf-a41731e4fa48 障害が発生しているパッケージのフルネーム: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe

障害が発生しているパッケージに関連するアプリケーション
ID: ppleae38af2e007f4358a809ac99a64a67c1

Error - 2014/09/30 8:11:34 | Computer Name = VAIO | Source = Application Hang | ID = 1002
Description = プログラム LiveComm.exe バージョン 17.5.9600.20605 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センターコントロールパネルで、問題の履歴をクリックしてください。プロセス ID: 10b4 開始時刻: 01cfdca6f6442358 終了時刻: 4294967295

アプリケーション
パス: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

レポート
ID: ea4ba5f2-489a-11e4-bec0-a41731e4fa48 障害が発生しているパッケージのフルネーム: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

障害が発生しているパッケージに関連するアプリケーション
ID: ppleae38af2e007f4358a809ac99a64a67c1

Error - 2014/10/05 16:20:43 | Computer Name = VAIO | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20:
プロセスはファイルにアクセスできません。別のプロセスが使用中です。

Error - 2014/10/10 21:05:17 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: delegate_execute.exe、バージョン: 37.0.2062.124、タイム
スタンプ: 0x5420d4c7 障害が発生しているモジュール名: delegate_execute.exe、バージョン: 37.0.2062.124、タイムスタンプ:
0x5420d4c7 例外コード: 0xc0000005 障害オフセット: 0x00045c57 障害が発生しているプロセス ID: 0x1cd4 障害が発生しているアプリケーションの開始時刻:
0x01cfe4ef659f2cf0 障害が発生しているアプリケーションパス: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe
障害が発生しているモジュール
パス: C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe
レポート
ID: a9d085fe-50e2-11e4-bec0-a41731e4fa48 障害が発生しているパッケージの完全な名前: 障害が発生しているパッケージに関連するアプリケーション
ID:

Error - 2014/10/10 21:22:25 | Computer Name = VAIO | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start

Error - 2014/10/18 21:29:55 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: chrome.exe、バージョン: 37.0.2062.124、タイムスタンプ: 0x5420d868
障害が発生しているモジュール名:
chrome.dll、バージョン: 37.0.2062.124、タイムスタンプ: 0x5420d5a6 例外コード: 0xc0000005 障害オフセット: 0x0009b087
障害が発生しているプロセス
ID: 0x1754 障害が発生しているアプリケーションの開始時刻: 0x01cfeb31d46abc56 障害が発生しているアプリケーションパス: C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe 障害が発生しているモジュールパス: C:\Program Files
(x86)\Google\Chrome\Application\37.0.2062.124\chrome.dll レポート ID: 6e04ce3b-572f-11e4-bec0-a41731e4fa48
障害が発生しているパッケージの完全な名前:
障害が発生しているパッケージに関連するアプリケーション ID:

Error - 2014/10/19 7:14:15 | Computer Name = VAIO | Source = System Restore | ID = 8193
Description =

Error - 2014/10/19 7:19:47 | Computer Name = VAIO | Source = Application Hang | ID = 1002
Description = プログラム LiveComm.exe バージョン 17.5.9600.20605 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センターコントロールパネルで、問題の履歴をクリックしてください。プロセス ID: 20f4 開始時刻: 01cfeb8dded2b745 終了時刻: 4294967295

アプリケーション
パス: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

レポート
ID: d27f232d-5781-11e4-bec0-a41731e4fa48 障害が発生しているパッケージのフルネーム: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

障害が発生しているパッケージに関連するアプリケーション
ID: ppleae38af2e007f4358a809ac99a64a67c1

[ System Events ]
Error - 2013/07/25 21:52:28 | Computer Name = VAIO | Source = BTHUSB | ID = 327697
Description = ローカルの Bluetooth アダプターは不明なエラーが発生したため、使用されません。ドライバーはアンロードされました。

Error - 2013/07/25 23:54:02 | Computer Name = VAIO | Source = DCOM | ID = 10010
Description =

Error - 2013/07/25 23:54:02 | Computer Name = VAIO | Source = DCOM | ID = 10010
Description =

Error - 2013/07/29 22:15:26 | Computer Name = VAIO | Source = EventLog | ID = 6008
Description = 以前のシステムシャットダウン ( ?2013/?07/?30 2:49:07) は予期されていませんでした。

Error - 2013/07/29 22:15:41 | Computer Name = VAIO | Source = BugCheck | ID = 1001
Description =

Error - 2013/07/30 0:11:31 | Computer Name = VAIO | Source = disk | ID = 262155
Description = ドライバーは \Device\Harddisk1\DR1 でコントローラーエラーを検出しました。

Error - 2013/07/30 0:11:31 | Computer Name = VAIO | Source = disk | ID = 262155
Description = ドライバーは \Device\Harddisk1\DR1 でコントローラーエラーを検出しました。

Error - 2013/07/31 21:39:03 | Computer Name = VAIO | Source = EventLog | ID = 6008
Description = 以前のシステムシャットダウン ( ?2013/?08/?01 10:18:19) は予期されていませんでした。

Error - 2013/08/02 20:57:30 | Computer Name = VAIO | Source = DCOM | ID = 10010
Description =

Error - 2013/08/02 20:57:30 | Computer Name = VAIO | Source = DCOM | ID = 10010
Description =

< End of report >

SBW
2014/11/30 (Sun) 20:35:03

返信フォームへ

Re: マルウェア駆除相談

（続き）

■OTLによる解析

OTL.Txtの内容を以下に記載いたします。
OTL logfile created on: 2014/11/30 20:19:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daiki\Desktop\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.88 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 79.97% Memory free
9.13 Gb Paging File | 7.41 Gb Available in Paging File | 81.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 429.31 Gb Total Space | 371.49 Gb Free Space | 86.53% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: VAIO | User Name: Daiki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/11/30 20:17:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daiki\Desktop\Downloads\OTL.exe
PRC - [2014/11/25 15:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/17 18:10:09 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\TokyoLoader\TokyoLoader.exe
PRC - [2013/11/02 23:53:56 | 001,249,936 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
PRC - [2013/10/06 22:19:59 | 000,123,992 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
PRC - [2012/12/10 11:01:44 | 000,742,856 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\kingsoft\Kingsoft System Defender\KSafeTray.exe
PRC - [2012/10/12 11:55:50 | 000,290,760 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\kingsoft\Kingsoft System Defender\KSafeSvc.exe
PRC - [2012/06/08 12:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011/08/18 15:34:26 | 000,860,624 | ---- | M] (Kingsoft Corp. Ltd.) -- C:\Users\Daiki\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/11/25 15:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 15:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 15:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 15:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/11/17 18:10:09 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\TokyoLoader\TokyoLoader.exe
MOD - [2014/11/17 18:09:09 | 004,885,152 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/06/08 12:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2011/10/21 18:01:48 | 000,140,664 | ---- | M] () -- c:\Program Files (x86)\kingsoft\Kingsoft System Defender\zlib1.dll
MOD - [2011/10/21 18:01:40 | 000,075,160 | ---- | M] () -- C:\Program Files (x86)\kingsoft\Kingsoft System Defender\json.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014/10/30 01:24:10 | 002,443,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:[b]64bit:[/b] - [2014/09/20 21:37:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/08/16 12:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/08/16 09:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/08/16 09:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/07/24 16:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/04/06 20:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/03/24 11:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2014/03/24 11:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/03/14 15:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/03/08 14:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/03/06 16:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/02/28 17:05:06 | 001,642,544 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV:[b]64bit:[/b] - [2014/02/23 00:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/02/22 18:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/02/22 18:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/02/22 18:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/02/22 18:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2013/12/10 19:38:20 | 000,081,248 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64)
SRV:[b]64bit:[/b] - [2013/12/10 16:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2013/08/22 20:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2013/08/22 20:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2013/08/22 20:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2013/08/22 20:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2013/08/22 20:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2013/08/22 19:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2013/08/22 19:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2013/08/22 18:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2013/08/22 18:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013/08/22 18:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/08/22 18:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2013/08/22 18:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2013/08/22 18:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2013/08/22 18:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2012/08/08 20:48:20 | 000,056,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:[b]64bit:[/b] - [2012/08/06 10:28:56 | 000,156,672 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:[b]64bit:[/b] - [2012/07/19 18:55:44 | 000,476,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:[b]64bit:[/b] - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2011/12/01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2014/11/30 19:23:17 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 05:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/16 12:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/03/14 15:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/01/25 02:22:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/10 19:39:00 | 000,057,680 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (NISystemWebServer)
SRV - [2013/12/10 19:38:06 | 000,057,696 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2013/12/10 17:53:10 | 000,090,440 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe -- (NiSvcLoc)
SRV - [2013/10/06 22:19:59 | 000,123,992 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe -- (kxescore)
SRV - [2013/08/22 12:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 11:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/06/12 10:16:48 | 000,380,720 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2013/06/12 10:07:34 | 000,063,792 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2013/06/12 09:57:48 | 000,053,544 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2013/05/11 10:48:20 | 000,260,976 | ---- | M] (National Instruments Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2013/05/10 16:58:34 | 000,639,576 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe -- (NetworkSupport)
SRV - [2013/04/26 18:42:02 | 000,247,768 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2013/01/29 17:27:44 | 000,079,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2013/01/29 17:27:42 | 000,124,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2012/12/28 12:09:46 | 000,226,944 | ---- | M] (Qualcomm Atheros Commnucations) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/12/28 11:04:14 | 000,323,584 | R--- | M] (Atheros) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/11/07 17:13:06 | 000,972,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2012/10/15 17:08:18 | 000,461,024 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2012/10/12 11:55:50 | 000,290,760 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\Program Files (x86)\kingsoft\Kingsoft System Defender\KSafeSvc.exe -- (KSafeSvc)
SRV - [2012/10/09 16:47:04 | 000,108,440 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\CLHNService.exe -- (CLHNService3)
SRV - [2012/08/18 05:36:14 | 000,068,776 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2012/07/27 15:08:52 | 000,474,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/07/25 11:52:34 | 000,364,416 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/25 11:51:25 | 000,276,864 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/25 11:49:04 | 000,128,896 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/07/25 11:41:24 | 000,165,760 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/07/14 22:00:50 | 000,126,328 | ---- | M] (BUFFALO INC.) [On_Demand | Stopped] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2010/10/27 09:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2014/08/15 09:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/07/25 00:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/07/25 00:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/07/24 20:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/05/01 22:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/04/28 06:33:30 | 000,599,240 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2014/03/24 11:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2014/03/24 11:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2014/03/24 11:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/03/21 11:25:18 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2014/03/21 11:25:18 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/03/21 11:25:18 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/03/20 12:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/03/13 21:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/03/09 05:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/02/23 01:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/02/23 00:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/02/22 21:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/01/25 02:22:44 | 004,221,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013/12/27 08:30:20 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2013/12/27 08:30:20 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013/12/05 03:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2013/11/26 21:41:06 | 000,208,696 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl)
DRV:[b]64bit:[/b] - [2013/11/14 16:28:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2013/11/14 16:24:30 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2013/11/14 16:15:26 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2013/11/14 16:15:23 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2013/10/06 22:20:16 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (kavbootc)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 21:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 21:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2013/08/22 21:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2013/08/22 20:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2013/08/22 17:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 08:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/10 09:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/31 03:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 04:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/06/18 23:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2013/06/18 23:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:[b]64bit:[/b] - [2013/02/14 08:33:06 | 000,037,472 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:[b]64bit:[/b] - [2012/12/28 11:47:24 | 000,428,008 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP)
DRV:[b]64bit:[/b] - [2012/12/28 11:47:24 | 000,136,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2012/12/28 11:47:22 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2012/12/28 11:47:20 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2012/12/28 11:47:20 | 000,089,320 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2012/12/28 11:47:18 | 000,345,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2012/12/28 11:47:18 | 000,115,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2012/12/28 11:47:18 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2012/12/08 09:00:29 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/09/27 14:59:24 | 000,457,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2012/09/27 14:59:24 | 000,044,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:[b]64bit:[/b] - [2012/08/23 11:55:54 | 000,103,424 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimssne)
DRV:[b]64bit:[/b] - [2012/08/23 11:34:22 | 000,104,960 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnxc)
DRV:[b]64bit:[/b] - [2012/08/22 21:30:13 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2012/08/16 23:23:38 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2012/07/25 11:44:51 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/07/11 21:33:28 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:[b]64bit:[/b] - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:[b]64bit:[/b] - [2012/06/11 11:43:12 | 000,024,280 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sows.sys -- (SOWS)
DRV:[b]64bit:[/b] - [2011/07/14 22:00:50 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV - [2013/10/06 22:20:19 | 000,164,696 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys -- (KDHacker)
DRV - [2012/09/10 12:33:33 | 000,133,096 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\kingsoft\Kingsoft System Defender\kmodurl64.sys -- (kmodurl)
DRV - [2012/09/03 18:00:32 | 000,083,192 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\ntk3_64.sys -- (ntk3)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.jp/vaio/myvaio/owner/2012c.html [binary data]
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sony.jp/vaio/myvaio/owner/2012c.html [binary data]
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\..\SearchScopes,DefaultScope = {C0B8D355-161D-4662-BF49-506A08B3C266}
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\..\SearchScopes\{14163DF5-814D-4B88-B2EA-CD3473EFA881}: "URL" = http://pt.afl.rakuten.co.jp/c/0d8850b6.ee703e96/_RTvaio10012203?v=2&s=1&sitem={searchTerms}
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\..\SearchScopes\{AE1FA13B-3DC4-4EB6-ABD8-B1854E1CB8B6}: "URL" = http://www.amazon.co.jp/gp/search?ie=UTF8&keywords={searchTerms}&tag=vaiosonycojp-2012q3sb-22&index=blended&linkCode=ure&creative=6339
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\..\SearchScopes\{C0B8D355-161D-4662-BF49-506A08B3C266}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASPJS
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\..\SearchScopes\{DED8C82D-1AF6-4184-A302-E5D681027701}: "URL" = http://www.hmv.co.jp/search/searchresultsutf8.asp?keyword={searchTerms}&site=iesonyvaio1
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\..\SearchScopes\{E098F933-009E-442D-8E51-9E9F806ED20F}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}
IE - HKU\S-1-5-21-477131865-3118507367-1778731762-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2013/08/22 22:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:[b]64bit:[/b] - BHO: (Reg Error: Value error.) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - Reg Error: Value error. File not found
O2:[b]64bit:[/b] - BHO: (i-フィルター 6.0 ブラウザーヘルパー) - {BE920B15-1DCA-450e-87D0-C1EEA491F3DD} - C:\Program Files (x86)\Digital Arts\IFP6\app\bin\ifp6toolbar64.dll (デジタルアーツ株式会社)
O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Yahoo!ツールバーフィッシング警告) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_21\Modules\ypho.dll (Yahoo Japan Corporation. )
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (i-フィルター 6.0 ブラウザーヘルパー) - {BE920B15-1DCA-450e-87D0-C1EEA491F3DD} - C:\Program Files (x86)\Digital Arts\IFP6\app\bin\ifp6toolbar32.dll (デジタルアーツ株式会社)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yahoo!ツールバーヘルパー) - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_21\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKLM\..\Toolbar: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_21\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [KSafeTray] c:\program files (x86)\kingsoft\Kingsoft System Defender\KSafeTray.exe (Kingsoft Corporation)
O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation)
O4 - HKU\S-1-5-21-477131865-3118507367-1778731762-1001..\Run: [ApplicationManager] C:\Users\Daiki\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe (Kingsoft Corp. Ltd.)
O4 - HKU\S-1-5-21-477131865-3118507367-1778731762-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - Startup: C:\Users\Daiki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TokyoLoader.lnk = C:\Program Files (x86)\TokyoLoader\TokyoLoader.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7CF38931-9AAA-447C-8BC6-27029A6D695F} https://reg.msc.sony.jp/share/activex/vaio/VOR.cab (VWRCCtrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85FF33F9-3A10-4407-83E9-55731C9E0DF4}: DhcpNameServer = 192.168.11.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30d6d9eb-66fe-11e4-bec6-a41731e4fa48}\Shell - "" = AutoRun
O33 - MountPoints2\{30d6d9eb-66fe-11e4-bec6-a41731e4fa48}\Shell\AutoRun\command - "" = "E:\Startme.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2014/11/30 20:07:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/30 19:56:33 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2014/11/30 19:56:33 | 000,687,600 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll
[2014/11/30 19:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/30 19:55:55 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2014/11/30 19:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/11/30 19:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/11/30 19:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/30 19:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/30 17:34:22 | 000,000,000 | -H-D | C] -- C:\OneDriveTemp
[2014/11/17 18:10:18 | 000,000,000 | ---D | C] -- C:\Users\Daiki\Documents\TokyoLoader
[2014/11/17 18:10:18 | 000,000,000 | ---D | C] -- C:\Users\Daiki\AppData\Roaming\TokyoLoader
[2014/11/17 18:10:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TokyoLoader
[2014/10/26 09:15:37 | 000,000,000 | ---D | C] -- C:\Users\Daiki\Desktop\新しいフォルダー
[2014/10/19 16:04:20 | 008,757,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014/10/19 16:04:18 | 005,902,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014/10/19 16:04:17 | 006,649,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2014/10/19 16:04:17 | 005,777,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2014/10/19 16:04:17 | 004,758,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/10/19 16:04:17 | 001,710,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2014/10/19 16:04:17 | 001,106,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014/10/19 16:04:16 | 001,507,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014/10/19 16:04:16 | 001,112,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014/10/19 16:04:15 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll
[2014/10/19 16:04:15 | 000,756,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll
[2014/10/19 16:04:15 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wldap32.dll
[2014/10/19 16:04:14 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2014/10/19 16:04:11 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/10/19 16:04:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/10/19 16:04:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2014/10/19 16:04:11 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxm.dll
[2014/10/19 16:04:10 | 000,428,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2014/10/19 16:04:10 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProximityService.dll
[2014/10/19 16:04:10 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveShell.dll
[2014/10/19 16:04:10 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcsvDevice.dll
[2014/10/19 16:04:10 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SkyDriveShell.dll
[2014/10/19 16:04:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhsvc.dll
[2014/10/19 16:04:09 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/10/19 16:04:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/10/19 15:55:56 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/10/19 15:55:50 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/10/19 15:55:50 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/10/19 15:55:48 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/10/19 15:55:48 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/10/19 15:55:47 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/10/19 15:55:47 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/10/19 15:55:47 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/10/19 15:55:47 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/10/19 15:55:47 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2014/10/19 15:55:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2014/10/19 15:55:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2014/10/19 15:55:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2014/10/19 15:55:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2014/10/19 15:08:59 | 000,921,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/10/19 15:08:59 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014/10/19 15:08:58 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014/10/19 15:06:23 | 000,839,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2014/10/19 15:06:22 | 001,702,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2014/10/19 15:06:22 | 000,672,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2014/10/19 15:06:22 | 000,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2014/10/19 15:06:22 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2014/10/19 15:06:22 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2014/10/19 15:06:22 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2014/10/19 15:06:22 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2014/10/19 15:06:22 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2014/10/19 15:06:22 | 000,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014/10/19 15:06:22 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2014/10/19 15:06:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2014/10/19 15:06:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2014/10/19 14:59:52 | 002,779,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2014/10/19 14:56:03 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\packager.dll
[2014/10/19 14:56:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\packager.dll
[2014/10/19 14:56:02 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll
[2014/10/19 14:56:02 | 000,514,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll
[2014/10/19 14:51:45 | 002,646,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/10/19 14:51:45 | 002,321,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]

SBW
2014/11/30 (Sun) 20:41:59

返信フォームへ

Re: マルウェア駆除相談

（続き）

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2014/11/30 20:23:04 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/30 20:17:41 | 001,496,524 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/30 20:17:41 | 000,722,476 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/11/30 20:17:41 | 000,500,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2014/11/30 20:17:41 | 000,135,664 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2014/11/30 20:17:41 | 000,135,592 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/11/30 20:14:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/30 20:14:03 | 000,001,021 | ---- | M] () -- C:\Users\Daiki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TokyoLoader.lnk
[2014/11/30 20:13:21 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/30 20:12:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/30 20:12:32 | 2469,933,055 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/30 20:08:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/30 19:55:13 | 000,272,296 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2014/11/30 19:55:13 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2014/11/30 19:55:13 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2014/11/30 19:55:13 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2014/11/30 19:14:18 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/30 18:12:28 | 000,000,270 | ---- | M] () -- C:\Users\Daiki\AppData\Roaming\WB.CFG
[2014/11/17 18:10:15 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\TokyoLoader.lnk
[2014/10/25 19:21:50 | 002,622,885 | ---- | M] () -- C:\Users\Daiki\Desktop\増田結婚式用2.JPG
[2014/10/19 20:31:09 | 000,486,840 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/11/30 20:14:03 | 000,001,021 | ---- | C] () -- C:\Users\Daiki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TokyoLoader.lnk
[2014/11/30 19:14:18 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/17 18:10:15 | 000,000,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TokyoLoader.lnk
[2014/11/17 18:10:15 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\TokyoLoader.lnk
[2014/10/26 12:35:08 | 002,622,885 | ---- | C] () -- C:\Users\Daiki\Desktop\増田結婚式用2.JPG
[2014/10/26 12:29:50 | 003,478,415 | ---- | C] () -- C:\Users\Daiki\Desktop\増田結婚式用1.JPG
[2014/10/26 12:28:12 | 003,624,550 | ---- | C] () -- C:\Users\Daiki\Desktop\P1040184.JPG
[2014/10/26 12:27:43 | 003,400,274 | ---- | C] () -- C:\Users\Daiki\Desktop\P1040901.JPG
[2014/10/19 16:04:09 | 000,388,729 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/04/29 22:42:24 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/28 21:31:39 | 000,000,242 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/21 11:26:17 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/01/25 02:22:44 | 000,299,520 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014/01/25 02:22:38 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/25 02:22:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/12/29 22:07:07 | 000,000,270 | ---- | C] () -- C:\Users\Daiki\AppData\Roaming\WB.CFG
[2013/12/13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/12/13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/12/13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/12/13 10:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/12/13 10:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/12/13 10:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/10/06 22:19:18 | 000,001,185 | ---- | C] () -- C:\Users\Daiki\ダウンロード - ショートカット.lnk
[2013/08/23 00:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/23 00:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 23:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 16:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 12:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 08:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 08:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/06/30 17:53:34 | 000,000,993 | ---- | C] () -- C:\WINDOWS\UN900119.INI
[2013/02/06 20:34:20 | 000,000,036 | ---- | C] () -- C:\Users\Daiki\AppData\Local\housecall.guid.cache
[2013/01/30 00:33:32 | 000,074,703 | ---- | C] () -- C:\WINDOWS\SysWow64\mfc45.dll
[2013/01/29 23:22:38 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblup.dat
[2013/01/29 23:22:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/01/29 23:15:57 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[color=#E56717]========== ZeroAccess Check ==========[/color]

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/16 13:08:41 | 021,195,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/16 12:16:40 | 018,722,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 18:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 11:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 18:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2014/11/30 20:23:04 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/30 20:13:21 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/30 20:08:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/21 11:37:14 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050A7E380
Partitions: 6
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 260.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 1.00GB
Starting Offset: 273678336
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 260.00MB
Starting Offset: 1819279360
Hidden sectors: 0

DeviceID: Disk #0, Partition #3
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 429.00GB
Starting Offset: 2226126848
Hidden sectors: 0

DeviceID: Disk #0, Partition #4
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 463.00MB
Starting Offset: 463193767936
Hidden sectors: 0

DeviceID: Disk #0, Partition #5
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 34.00GB
Starting Offset: 463679258624
Hidden sectors: 0

[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2014/02/22 21:02:14 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2014/08/29 10:58:52 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2013/08/22 18:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2013/08/22 19:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2014/04/30 13:14:19 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2013/08/22 11:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2013/08/22 18:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2013/08/22 11:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2014/07/24 18:21:23 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2013/08/22 19:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2014/02/22 18:38:56 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2014/04/30 13:23:54 | 000,353,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/04/30 12:46:07 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2014/03/04 16:13:06 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2013/08/22 18:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2013/08/22 20:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2013/08/22 13:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2013/11/14 16:28:01 | 000,433,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2013/08/22 18:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2014/03/27 12:15:43 | 000,718,336 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2013/08/22 18:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2013/08/22 18:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/08/22 18:35:48 | 000,387,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2013/08/22 22:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2014/03/06 18:19:44 | 000,115,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2014/07/24 17:18:34 | 000,795,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2013/08/22 20:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2014/01/29 09:18:11 | 000,534,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2014/02/22 18:38:56 | 000,753,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2013/08/22 20:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2013/08/22 22:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2014/04/09 12:33:54 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2014/07/24 18:03:18 | 000,324,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2013/08/22 18:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/08/22 11:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2014/08/02 09:18:31 | 001,212,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2013/08/22 19:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2013/08/22 12:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2013/08/22 19:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/07/24 18:02:28 | 000,220,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2014/03/27 12:10:11 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2014/04/06 20:01:37 | 000,834,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2014/04/06 20:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:[b]64bit:[/b] - [2014/03/24 11:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2013/08/22 18:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2013/08/22 18:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2013/08/22 19:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2013/08/22 20:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2013/08/22 12:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2013/08/22 18:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2014/09/08 09:05:25 | 003,448,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2013/08/22 19:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2014/07/24 17:32:47 | 001,532,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2013/08/22 18:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 220 bytes -> C:\Users\Daiki\SkyDrive:ms-properties

< End of report >

SBW
2014/11/30 (Sun) 20:42:37

返信フォームへ

Re: マルウェア駆除相談

OTLのログには、これと言って問題のありそうなエントリはありません。
Adwcleanerが全て片付けてくれたのかもしれませんが、現在、相談された問題は残っているでしょうか？

もし問題がまだ残っている場合には、具体的な症状を教えてください。

イルカ
2014/11/30 (Sun) 22:54:05

返信フォームへ

返信フォーム

Template by マシマロック

名前件名 URL メールアドレス画像	メッセージプレビュー（投稿前に内容を確認）
	パスワード