悪代官の伏魔殿掲示板
DNS Unlockerに感染
初めまして、こんにちは

昨日、いつものようにインターネットサーフィンをしようとGoogle chromeを開くと、DNS Unlockerの広告が出てきました。確認してみると、DNS Unlockerがインストールせれていたので、アンインストールしたのですが直りません。色々調べて、やってみたのですが広告は消えないまま表示されたままになっています。

お忙しいとは思いますが、どうかお力添えをお願いします。



  • キツツキ
  • 2015/09/06 (Sun) 19:22:04
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:29:09, on 2015/09/05
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.3 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\FolderSize\FolderSize.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\(ユーザー名)\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo!ツールバーフィッシング警告 - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: Yahoo!ツールバーヘルパー - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
O3 - Toolbar: Trend ツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Copy] "C:\Users\【ユーザー名】\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Folder Size] C:\Program Files (x86)\FolderSize\FolderSize.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: LilyCalendar.lnk = C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: コンテンツ管理アシスタント for PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FBD7DF6-0ABE-4555-871F-1A39827E9AB0}: NameServer = 199.203.131.145,82.163.143.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{9d488b69-9a2b-4f5a-89bf-457770929666}: NameServer = 199.203.131.145,82.163.143.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{ac798826-281b-4c3c-9929-8ff611e3fc67}: NameServer = 199.203.131.145,82.163.143.167
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: CyberLink Product - 2013/02/22 15:02:51 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: CypherGuard cguard Service 32bit Edition - CypherTec Inc. - C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe
O23 - Service: CypherGuard cguard Service 64bit Edition - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe
O23 - Service: CypherGuard Info Service - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cthwsrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: インテル(R) ラピッド・ストレージ・テクノロジー (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\elecom\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\elecom\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16043 bytes

CC
+Lhaca 2014/12/01
7-Zip 9.20 2014/12/01
7-Zip 9.38 (x64 edition) Igor Pavlov 2015/05/20 4.66 MB 9.38.00.0
777タウン.net Sammy NetWorks Co.,Ltd. 2013/12/29 3.0.0.65
ActivePerl 5.16.3 Build 1603 (64-bit) ActiveState 2013/10/18 83.3 MB 5.16.1603
Adobe AIR Adobe Systems Incorporated 2014/12/01 15.0.0.356
Adobe Creative Cloud Adobe Systems Incorporated 2015/08/07 287 MB 3.2.0.129
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 2015/08/13 8.85 MB 18.0.0.232
Adobe Flash Player 18 PPAPI Adobe Systems Incorporated 2015/08/13 18.3 MB 18.0.0.232
Adobe Illustrator CC 2014 Adobe Systems Incorporated 2015/01/16 907 MB 18.1.1
Adobe Lightroom Adobe Systems Incorporated 2015/08/08 1.42 GB 6.1.1
Adobe Photoshop CC 2015 Adobe Systems Incorporated 2015/08/07 1.90 GB 16.0.1
Adobe Reader XI (11.0.05) - Japanese Adobe Systems Incorporated 2013/12/07 149 MB 11.0.05
Amazon Kindle Amazon 2015/06/24
AMV4 Video Codec amaman 2015/02/21 3.73 MB 4.02
AmvVideoCodec 2014/12/01
Android SDK Tools Google Inc. 2014/12/01 1.16
Apple Application Support(32 ビット) Apple Inc. 2015/04/29 94.2 MB 3.1.3
Apple Application Support(64 ビット) Apple Inc. 2015/04/29 109 MB 3.1.3
Apple Mobile Device Support Apple Inc. 2015/04/29 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 2013/10/09 2.38 MB 2.1.3.127
Bandicam Bandisoft.com 2014/12/01 26.2 MB 2.0.2.655
Bandisoft MPEG-1 Decoder Bandisoft.com 2014/12/01
Black Desert GameOn 2015/05/17 6
Bonjour Apple Inc. 2013/10/09 2.00 MB 3.0.0.10
BUFFALO クライアントマネージャV をアンインストール BUFFALO INC. 2014/07/19 10.2 MB 1.5.0
CCleaner Piriform 2014/12/01 4.15
CJIJ_Launcher(1.0.0.5) CJ Internet Japan, Inc. 2013/11/13 2.03 MB
clockmascotalice UNKNOWN 2014/12/01 1.0
Common GameOn 2015/05/16 13062208
Copy Barracuda Networks, Inc. 2014/11/08 97.5 MB 1.47.410.0
CopyTrans Suite削除専用 WindSolutions 2015/01/21 2.37
Creation Kit bgs.bethsoft.com 2014/12/01
CyberLink Media Suite 10 CyberLink Corp. 2014/12/01 1.05 GB 10.0
CyberLink PowerProducer 5.5 CyberLink Corp. 2013/02/22 168 MB 5.5.3.4118
Deck Builder for Duel Masters 2014/12/01
DMM ゲームランチャー 2015/07/08
DMMGamesPlugin 2015/07/08
DMM電子書籍ビューア x64 Edition 株式会社 DMM.com 2014/05/28 79.9 MB 1.0.0.0
Driver_DC1150_v1.1.0.89_64bit 会社名 2013/11/06 1.79 MB 1.1.0.89
EveryonePiano 1.7 EveryonePiano.com 2015/05/13 1.7.1.12
Explzh for Windows (64bit) pon software 2015/01/15 7.2.4.0
FFsplit version 0.7 FFsplit Team 2015/05/20 12.2 MB 0.7
Folder Size Brio 2015/05/16 426 KB 2.6
Freemake Audio Converter バージョン 1.1.0 Ellora Assets Corporation 2013/10/31 49.7 MB 1.1.0
Freemake Video Converter バージョン 4.1.6 Ellora Assets Corporation 2015/04/28 78.6 MB 4.1.6
Genymotion version 2.3.1 Genymobile 2014/12/03 187 MB 2.3.1
giam209 2014/12/01
GIMP 2.6.11 The GIMP Team 2014/02/05 107 MB 2.6.11
Google Chrome Google Inc. 2015/09/05 45.0.2454.85
Google Drive Google, Inc. 2015/08/17 34.1 MB 1.24.9931.5480
honestech VHS to DVD 2.5 SE honestech 2013/12/04 2.5
iCloud Apple Inc. 2015/04/29 89.5 MB 4.0.6.28
Inkscape 0.48.4 2014/12/01 0.48.4
Intel(R) Rapid Storage Technology Intel Corporation 2013/10/06 11.7.0.1013
IObit Uninstaller IObit 2015/06/24 4.3.0.118
iTunes Apple Inc. 2015/04/29 233 MB 12.1.2.27
Java 8 Update 25 Oracle Corporation 2014/11/16 73.3 MB 8.0.250
Java 8 Update 25 (64-bit) Oracle Corporation 2014/11/22 85.3 MB 8.0.250
Java 8 Update 5 (64-bit) Oracle Corporation 2014/04/26 129 MB 8.0.50
Java SE Development Kit 8 Update 25 (64-bit) Oracle Corporation 2014/11/22 311 MB 8.0.250.18
Java SE Development Kit 8 Update 5 (64-bit) Oracle Corporation 2014/04/26 248 MB 8.0.50
Left 4 Dead 2 Valve 2014/12/01
Lhaplus 2014/12/01
LightWave 2015.2 64bit 日本語版 D-STORM, Inc. 2015/08/07 2015.2
LilyCalendar SakuraApps 2015/07/11 8.37 MB
Logicool ゲームソフトウェア 8.55 Logicool 2014/12/01 85.3 MB 8.55.137
MCSkin3D バージョン 1.3 Altered Softworks & MCSkin3D Development Team 2015/03/13 6.04 MB 1.3
MGSPlayer Media Global Stage Co.Ltd. 2014/04/19 3.07 MB 1.2.2
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2015/03/16 2.93 MB 4.0.40804.0
Microsoft Office Professional 2013 - ja-jp Microsoft Corporation 2015/08/23 15.0.4745.1002
Microsoft OneDrive Microsoft Corporation 2015/08/20 36.1 MB 17.3.5930.0814
Microsoft Silverlight Microsoft Corporation 2015/08/13 199 MB 5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/02/22 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/02/22 4.84 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 2014/12/03 7.51 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2014/03/09 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2014/03/09 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2013/02/22 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2013/12/01 8.05 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2013/10/07 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2015/02/13 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/04/22 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/04/22 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/04/22 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2015/08/07 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2015/08/07 17.1 MB 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2015/02/13 10.0.50903
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 2015/02/13 10.0.50903
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 2014/04/10 9.44 MB 4.0.20823.0
Minecraft Mojang 2015/05/11 1.22 MB 1.0.3.0
Mozilla Firefox 40.0.3 (x86 ja) Mozilla 2015/09/02 85.0 MB 40.0.3
Mozilla Maintenance Service Mozilla 2015/09/02 379 KB 40.0.3.5716
Niconico Live Encoder niwango, inc. 2014/12/25 2.0.4
NifSkope (remove only) 2014/12/01
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/13 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/13 347.52
NVIDIA GeForce Experience 2.2.2 NVIDIA Corporation 2015/03/13 2.2.2
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/13 1.3.33.0
NVIDIA Miracast 仮想オーディオ 347.52 NVIDIA Corporation 2015/03/13 347.52
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2015/03/13 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/13 347.52
Opera Stable 31.0.1889.174 Opera Software 2015/08/19 31.0.1889.174
Oracle VM VirtualBox 4.2.12 Oracle Corporation 2014/12/03 134 MB 4.2.12
PHANTASY STAR ONLINE 2 SEGA 2013/12/06 7.51 MB
PhotoScape 2014/12/01
PictBear Version 2.04 Fenrir Inc. 2014/12/03 7.67 MB
Pmangインストールマネージャー GameOn,Pmang 2015/05/16 1.0.1.1
Rainlendar2 (remove only) 2015/07/11
Rainmeter 2015/07/12 3.2.1 r2386
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/12/01 6.0.1.6662
Sentinel Protection Installer 7.6.7 SafeNet, Inc. 2015/08/07 5.92 MB 7.6.7
Skype(TM) 7.4 Skype Technologies S.A. 2015/05/20 49.1 MB 7.4.102
SoundEngine Free Coderium 2013/11/02 5.1.0.5
Steam Valve Corporation 2014/12/01
TechFun-Eclipse Tech Fun corp. 2014/12/01 3.7.1
Tera Term 4.85 2014/12/17 11.0 MB
TeraPad 2014/12/01
The Elder Scrolls V: Skyrim Bethesda Game Studios 2014/12/01
Unity Unity Technologies ApS 2014/12/01
Unity Web Player Unity Technologies ApS 2014/12/01 12.0 MB
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/12/03 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/12/03 40.3 MB 16.0.1404.1
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/12/03 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2015/05/29 9.00 KB 16.0.1515.1
VideoPad 動画編集ソフト NCH Software 2014/12/01 3.38
VLC media player VideoLAN 2014/12/01 2.1.5
WDC-433SU2M ドライバー elecom 2014/08/03 1.5.28.0.4
Windows Live Essentials Microsoft Corporation 2013/02/22 16.4.3505.0912
WorldPainter 1.10.4 pepsoft.org 2015/01/29 1.10.4
XMedia Recode バージョン 3.1.7.4 XMedia Recode 2013/12/01 20.6 MB 3.1.7.4
Yahoo!ツールバー Yahoo! JAPAN. 2014/12/01 2.77 MB 7.3.0.18
  • キツツキ
  • 2015/09/06 (Sun) 19:23:12
返信フォームへ 
まずは確認です
こんばんは。
ここの管理人の悪代官という大ウソつきです。
でも人生のツキにはまったく無縁なので安心してください(泣

ChromeでDNS Unlockerでのトラブルですか。
ログも見ましたが、悪名高いFreemake等が入ってますね。
これだけでも厄介ですが、この悪代官はもうすぐ他界して悪霊になる予定なので大丈夫です(謎

それでも全部片付くまでにはどうしても手間は覚悟してもらうので、腰を据えてかかってください。
【お覚悟はよろしくて?】(←それ悪代官側のセリフじゃないし

ただ相談をお受けする前に確認です。

該当のPCはお仕事に使っているPCですか?
お仕事にも使うようなAdobe製の高価なアプリ等がログに見えてますので。

本当に仕事用PCなら外部の人間は一切タッチできません。
処置の成否にかかわらず重大な責任問題にまで発展します。

お仕事にはまったく無縁の完全な個人・私用PCなら支障ない範囲でPC環境の説明をお願いします。
説明で協力可能と判断できたら改めて処置レスしていきましょう
  • 悪代官
  • 2015/09/06 (Sun) 21:18:09
返信フォームへ 
Re: DNS Unlockerに感染
Adobe製のアプリは学校の課題で使うので入れています。

このPC自体は完全な私用です。
  • キツツキ
  • 2015/09/06 (Sun) 22:32:41
返信フォームへ 
まずはFreemakeの削除から
説明ありがとうございます。

>Adobe製のアプリは学校の課題で使うので入れています。

はい、学生さんでしたか。わかりました。それなら協力可能でしょう。
では以下の説明をよく読んでから、順番に作業にかかってください。

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」(通称:GU)
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

少なくとも下記のアプリは旧バージョンです。
Adobe Reader XI (11.0.05) - Japanese Adobe Systems Incorporated 2013/12/07 149 MB 11.0.05

GIMP 2.6.11 The GIMP Team 2014/02/05 107 MB 2.6.11

Java 8 Update 25 Oracle Corporation 2014/11/16 73.3 MB 8.0.250

Lhaplus 2014/12/01

Skype(TM) 7.4 Skype Technologies S.A. 2015/05/20 49.1 MB 7.4.102

VLC media player VideoLAN 2014/12/01 2.1.5

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

今度はPCをセーフモードで起動してください(やり方↓)
http://freesoft.tvbok.com/win8/tips-and-tools/safemode.html

セーフモードでGUを使って、下記をアンインストールしてください。
Bandicam Bandisoft.com 2014/12/01 26.2 MB 2.0.2.655

Bandisoft MPEG-1 Decoder Bandisoft.com 2014/12/01

DMM ゲームランチャー 2015/07/08

DMMGamesPlugin 2015/07/08

DMM電子書籍ビューア x64 Edition 株式会社 DMM.com 2014/05/28 79.9 MB 1.0.0.0

Freemake Audio Converter バージョン 1.1.0 Ellora Assets Corporation 2013/10/31 49.7 MB 1.1.0

Freemake Video Converter バージョン 4.1.6 Ellora Assets Corporation 2015/04/28 78.6 MB 4.1.6

ここでPCを通常モードで再起動してから、今度はCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

続いて「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。
  • 悪代官
  • 2015/09/07 (Mon) 06:17:46
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

CC(windows)
有効 HKCU:Run ApplePhotoStreams Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
有効 HKCU:Run Copy Barracuda Networks, Inc. "C:\Users\【ユーザー名】\AppData\Roaming\Copy\CopyAgent.exe"
有効 HKCU:Run Folder Size Brio C:\Program Files (x86)\FolderSize\FolderSize.exe
有効 HKCU:Run GoogleDriveSync Google "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
有効 HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
有効 HKCU:Run OneDrive Microsoft Corporation "C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
無効 HKCU:Run Rainlendar2 Rainy C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
有効 HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
有効 HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
有効 HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run IAStorIcon Intel Corporation C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run Launch LCore Logitech Inc. C:\Program Files\Logicool Gaming Software\LCore.exe /minimized
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
有効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
有効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
無効 Startup Common LilyCalendar.lnk sakura apps C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
有効 Startup Common クライアントマネージャV.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup Common コンテンツ管理アシスタント for PlayStation(R).lnk Sony Computer Entertainment Inc. C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
無効 Startup User Rainmeter.lnk Open Source Developer, Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe

CC(IE)
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
有効 Extension Skype for Business Click to Call Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
無効 Helper Microsoft SkyDrive Pro Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
有効 Helper Skype for Business Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll
無効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
無効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
無効 Helper Yahoo!ツールバーフィッシング警告 Yahoo Japan Corporation. C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
無効 Helper Yahoo!ツールバーヘルパー Yahoo! JAPAN C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
無効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
無効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
無効 Toolbar Yahoo!ツールバー Yahoo! JAPAN C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll

CC(取り直し一回目)
+Lhaca 2014/12/01
7-Zip 9.20 2014/12/01
7-Zip 9.38 (x64 edition) Igor Pavlov 2015/05/20 4.66 MB 9.38.00.0
777タウン.net Sammy NetWorks Co.,Ltd. 2013/12/29 3.0.0.65
ActivePerl 5.16.3 Build 1603 (64-bit) ActiveState 2013/10/18 83.3 MB 5.16.1603
Adobe AIR Adobe Systems Incorporated 2014/12/01 15.0.0.356
Adobe Creative Cloud Adobe Systems Incorporated 2015/08/07 287 MB 3.2.0.129
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 2015/08/13 8.85 MB 18.0.0.232
Adobe Flash Player 18 PPAPI Adobe Systems Incorporated 2015/08/13 18.3 MB 18.0.0.232
Adobe Illustrator CC 2014 Adobe Systems Incorporated 2015/01/16 907 MB 18.1.1
Adobe Lightroom Adobe Systems Incorporated 2015/08/08 1.42 GB 6.1.1
Adobe Photoshop CC 2015 Adobe Systems Incorporated 2015/08/07 1.90 GB 16.0.1
Adobe Reader XI (11.0.12) - Japanese Adobe Systems Incorporated 2015/09/07 247 MB 11.0.12
Amazon Kindle Amazon 2015/06/24
AMV4 Video Codec amaman 2015/02/21 3.73 MB 4.02
AmvVideoCodec 2014/12/01
Android SDK Tools Google Inc. 2014/12/01 1.16
Apple Application Support(32 ビット) Apple Inc. 2015/04/29 94.2 MB 3.1.3
Apple Application Support(64 ビット) Apple Inc. 2015/04/29 109 MB 3.1.3
Apple Mobile Device Support Apple Inc. 2015/04/29 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 2013/10/09 2.38 MB 2.1.3.127
Black Desert GameOn 2015/05/17 6
Bonjour Apple Inc. 2013/10/09 2.00 MB 3.0.0.10
BUFFALO クライアントマネージャV をアンインストール BUFFALO INC. 2014/07/19 10.2 MB 1.5.0
CCleaner Piriform 2014/12/01 4.15
CJIJ_Launcher(1.0.0.5) CJ Internet Japan, Inc. 2013/11/13 2.03 MB
clockmascotalice UNKNOWN 2014/12/01 1.0
Common GameOn 2015/05/16 13062208
Copy Barracuda Networks, Inc. 2014/11/08 97.5 MB 1.47.410.0
CopyTrans Suite削除専用 WindSolutions 2015/01/21 2.37
Creation Kit bgs.bethsoft.com 2014/12/01
CyberLink Media Suite 10 CyberLink Corp. 2014/12/01 1.05 GB 10.0
CyberLink PowerProducer 5.5 CyberLink Corp. 2013/02/22 168 MB 5.5.3.4118
Deck Builder for Duel Masters 2014/12/01
DMM電子書籍ビューア x64 Edition 2014/05/28
Driver_DC1150_v1.1.0.89_64bit 会社名 2013/11/06 1.79 MB 1.1.0.89
EveryonePiano 1.7 EveryonePiano.com 2015/05/13 1.7.1.12
Explzh for Windows (64bit) pon software 2015/01/15 7.2.4.0
FFsplit version 0.7 FFsplit Team 2015/05/20 12.2 MB 0.7
Folder Size Brio 2015/05/16 426 KB 2.6
Genymotion version 2.3.1 Genymobile 2014/12/03 187 MB 2.3.1
giam209 2014/12/01
Google Chrome Google Inc. 2015/09/05 45.0.2454.85
Google Drive Google, Inc. 2015/08/17 34.1 MB 1.24.9931.5480
honestech VHS to DVD 2.5 SE honestech 2013/12/04 2.5
iCloud Apple Inc. 2015/04/29 89.5 MB 4.0.6.28
Inkscape 0.48.4 2014/12/01 0.48.4
Intel(R) Rapid Storage Technology Intel Corporation 2013/10/06 11.7.0.1013
IObit Uninstaller IObit 2015/06/24 4.3.0.118
iTunes Apple Inc. 2015/04/29 233 MB 12.1.2.27
Java 8 Update 60 Oracle Corporation 2015/09/07 20.6 MB 8.0.600.27
Java SE Development Kit 8 Update 25 (64-bit) Oracle Corporation 2014/11/22 311 MB 8.0.250.18
Java SE Development Kit 8 Update 5 (64-bit) Oracle Corporation 2014/04/26 248 MB 8.0.50
Left 4 Dead 2 Valve 2014/12/01
LightWave 2015.2 64bit 日本語版 D-STORM, Inc. 2015/08/07 2015.2
LilyCalendar SakuraApps 2015/07/11 8.37 MB
Logicool ゲームソフトウェア 8.55 Logicool 2014/12/01 85.3 MB 8.55.137
MCSkin3D バージョン 1.3 Altered Softworks & MCSkin3D Development Team 2015/03/13 6.04 MB 1.3
MGSPlayer Media Global Stage Co.Ltd. 2014/04/19 3.07 MB 1.2.2
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2015/03/16 2.93 MB 4.0.40804.0
Microsoft Office Professional 2013 - ja-jp Microsoft Corporation 2015/08/23 15.0.4745.1002
Microsoft OneDrive Microsoft Corporation 2015/08/20 36.1 MB 17.3.5930.0814
Microsoft Silverlight Microsoft Corporation 2015/08/13 199 MB 5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/02/22 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/02/22 4.84 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 2014/12/03 7.51 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2014/03/09 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2014/03/09 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2013/02/22 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2013/12/01 8.05 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2013/10/07 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2015/02/13 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/04/22 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/04/22 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/04/22 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2015/08/07 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2015/08/07 17.1 MB 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2015/02/13 10.0.50903
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 2015/02/13 10.0.50903
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 2014/04/10 9.44 MB 4.0.20823.0
Minecraft Mojang 2015/05/11 1.22 MB 1.0.3.0
Mozilla Firefox 40.0.3 (x86 ja) Mozilla 2015/09/02 85.0 MB 40.0.3
Mozilla Maintenance Service Mozilla 2015/09/02 379 KB 40.0.3.5716
Niconico Live Encoder niwango, inc. 2014/12/25 2.0.4
NifSkope (remove only) 2014/12/01
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/13 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/13 347.52
NVIDIA GeForce Experience 2.2.2 NVIDIA Corporation 2015/03/13 2.2.2
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/13 1.3.33.0
NVIDIA Miracast 仮想オーディオ 347.52 NVIDIA Corporation 2015/03/13 347.52
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2015/03/13 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/13 347.52
Opera Stable 31.0.1889.174 Opera Software 2015/08/19 31.0.1889.174
Oracle VM VirtualBox 4.2.12 Oracle Corporation 2014/12/03 134 MB 4.2.12
PHANTASY STAR ONLINE 2 SEGA 2013/12/06 7.51 MB
PhotoScape 2014/12/01
PictBear Version 2.04 Fenrir Inc. 2014/12/03 7.67 MB
Pmangインストールマネージャー GameOn,Pmang 2015/05/16 1.0.1.1
Rainlendar2 (remove only) 2015/07/11
Rainmeter 2015/07/12 3.2.1 r2386
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/12/01 6.0.1.6662
Sentinel Protection Installer 7.6.7 SafeNet, Inc. 2015/08/07 5.92 MB 7.6.7
Skype(TM) 7.8 Skype Technologies S.A. 2015/09/07 71.1 MB 7.8.102
SoundEngine Free Coderium 2013/11/02 5.1.0.5
Steam Valve Corporation 2014/12/01
TechFun-Eclipse Tech Fun corp. 2014/12/01 3.7.1
Tera Term 4.85 2014/12/17 11.0 MB
TeraPad 2014/12/01
The Elder Scrolls V: Skyrim Bethesda Game Studios 2014/12/01
Unity Unity Technologies ApS 2014/12/01
Unity Web Player Unity Technologies ApS 2014/12/01 12.0 MB
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/12/03 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/12/03 40.3 MB 16.0.1404.1
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/12/03 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2015/05/29 9.00 KB 16.0.1515.1
VideoPad 動画編集ソフト NCH Software 2014/12/01 3.38
VLC media player VideoLAN 2015/09/07 2.2.1
WDC-433SU2M ドライバー elecom 2014/08/03 1.5.28.0.4
Windows Live Essentials Microsoft Corporation 2013/02/22 16.4.3505.0912
WorldPainter 1.10.4 pepsoft.org 2015/01/29 1.10.4
XMedia Recode バージョン 3.1.7.4 XMedia Recode 2013/12/01 20.6 MB 3.1.7.4
Yahoo!ツールバー Yahoo! JAPAN. 2014/12/01 2.77 MB 7.3.0.18
やります!アンコちゃん 2.2.0.6 居酒屋「めがね」 2015/08/12 2.2.0.6
ウイルスバスター クラウド トレンドマイクロ株式会社 2014/10/11 450 MB 7.0
カスタムメイド3D 2 Edit体験版 KISS 2015/08/02 1.03 GB
コンテンツ管理アシスタント for PlayStation(R) Sony Computer Entertainment Inc. 2013/12/01 6.33 MB 3.00.7187.47
チルトシフトスタジオ GRAFFICIA 2013/10/23 19.4 MB 1.10.0
デザインドール Terawell 2014/04/10 42.2 MB 5.6
デスクトップカレンダー 2.2.1.3583 DesktopCal, Inc. 2015/07/11 2.2.1.3583
リサイズ超簡単!Pro v3.17 2014/12/01
寝取られ新婚生活&お別れ温泉旅行セット 2015/07/11
抽選王 古川 明人 2014/06/08 4.87 MB 0.61.1
日本hao123ショートカット hao123 2015/08/19 1.0.0.1111
野田工房ランタイムVer.1.2.1のインストール 2014/12/01

HJT(取り直し一回目)
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:08:08, on 2015/09/07
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.3 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\FolderSize\FolderSize.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\【ユーザー名】\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo!ツールバーフィッシング警告 - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - BHO: Yahoo!ツールバーヘルパー - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
O3 - Toolbar: Trend ツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Copy] "C:\Users\【ユーザー名】\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Folder Size] C:\Program Files (x86)\FolderSize\FolderSize.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: LilyCalendar.lnk = C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: コンテンツ管理アシスタント for PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FBD7DF6-0ABE-4555-871F-1A39827E9AB0}: NameServer = 199.203.131.145,82.163.143.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{9d488b69-9a2b-4f5a-89bf-457770929666}: NameServer = 199.203.131.145,82.163.143.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{ac798826-281b-4c3c-9929-8ff611e3fc67}: NameServer = 199.203.131.145,82.163.143.167
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: CyberLink Product - 2013/02/22 15:02:51 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: CypherGuard cguard Service 32bit Edition - CypherTec Inc. - C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe
O23 - Service: CypherGuard cguard Service 64bit Edition - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe
O23 - Service: CypherGuard Info Service - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cthwsrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: インテル(R) ラピッド・ストレージ・テクノロジー (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\elecom\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\elecom\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15190 bytes
  • キツツキ
  • 2015/09/07 (Mon) 16:12:55
返信フォームへ 
Re: DNS Unlockerに感染
PCの状態は特に変化なしです。

広告は表示されたままです。

旧バージョンだった各アプリケーションは、

 GIMP 2.6.11 The GIMP Team 2014/02/05 107 MB 2.6.11
 Lhaplus 2014/12/01
はアンインストール、それ以外はアップデートしました。

復元ポイントは指示通り作成、アンインストール対象に上がっていた物は、すべてアンインストール。
DMM系のアプリケーションは、セーフモードでインターネットに繋がっていなかったので強制消去を使いました。

そのあと、すぐにCCでwinとIEのログを取り、ブラウザ(IEとGoogleChrome)を起動。ネットサーフィンを少ししました。

二度目(取り直し一回目)のHJT、CCログは、ブラウザ起動から約2時間程経ってから取りました。
  • キツツキ
  • 2015/09/07 (Mon) 16:23:45
返信フォームへ 
相談者さん多数につきレスを簡略化します
作業と報告、ご苦労様です。

今日は普段以上に相談者さんが激増しているため、各スレへの指示と説明レスを簡略で進めます。
できるだけ多くの方にレスするためなので、すみませんがご了承ください。

CCで「Windows」タブと「IE」タブのログは出てますが、「Firefox」「スケジュールされたタスク」「コンテキストメニュー」の各タブログが出てないので、これを追加で見せてください。

それと下記の作業もお願いします。
下記のツールを準備してください。
「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://www.japan-secure.com/entry/blog-entry-7.html

以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。

注)インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

両ツールのアップデートができたらPCをセーフモードで再起動してから、ディスククリーンアップを使ってゴミファイルの掃除してください。

続いてPCをセーフモード起動してから、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

ACでの作業ができたら次はMBAMの作業です。
セーフモードのままMBAM起動してスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」です。
対象ドライブはCを含めて全ドライブを選択してください。
ですが、もし「フルスキャン」というボタンが表示されない場合はMBAMを最新版に更新してしまった可能性があるので、この時は「カスタムスキャン」を選択してください。
この操作が最新版MBAMでのフルスキャンにあたります。
スキャン対象は全ドライブを選択(チェック)してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとしばらくPC状態を様子見後、作業後に保存したACとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。
  • 悪代官
  • 2015/09/07 (Mon) 20:51:15
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

CC追加分(Firefox)
無効 Extension Trend Micro Osprey Firefox Extension 1.6.0.1102 Trend Micro default Firefox 40.0.3 C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 7.0.0.1243 Trend Micro default Firefox 40.0.3 C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
有効 Plugin Adobe Acrobat 11.0.12.18 Adobe Systems Inc. default Firefox 40.0.3 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin AdobeAAMDetect 3.0.0.0 Adobe Systems default Firefox 40.0.3 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
有効 Plugin CJIJ Launcher plugin 1.0.0.5 1.0.0.5 CJ Internet Japan default Firefox 40.0.3 C:\Program Files (x86)\CJIJ\npCJIJLauncher.dll
有効 Plugin Google Update 1.3.28.13 Google Inc. default Firefox 40.0.3 C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default Firefox 40.0.3 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Java Deployment Toolkit 8.0.600.27 11.60.2.27 Oracle Corporation default Firefox 40.0.3 C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll
有効 Plugin Java(TM) Platform SE 8 U60 11.60.2.27 Oracle Corporation default Firefox 40.0.3 C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll
有効 Plugin Microsoft Office 2013 15.0.4514.1000 Microsoft Corporation default Firefox 40.0.3 C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
有効 Plugin NVIDIA 3D Vision 7.17.13.4752 NVIDIA Corporation default Firefox 40.0.3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
有効 Plugin NVIDIA 3D VISION 7.17.13.4752 NVIDIA Corporation default Firefox 40.0.3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
有効 Plugin Photo Gallery 16.4.3505.912 Microsoft Corporation default Firefox 40.0.3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin pmangdiagnostic 1.0.0.1 gameon default Firefox 40.0.3 C:\GameOn\Common files\nppmangdiagnostic.dll
有効 Plugin pmangsupport 1.0.0.1 gameon default Firefox 40.0.3 C:\GameOn\Common files\nppmangsupport.dll
有効 Plugin Shockwave Flash 18.0.0.232 Adobe Systems Incorporated default Firefox 40.0.3 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
有効 Plugin Silverlight Plug-In 5.1.40728.0 Microsoft Corporation default Firefox 40.0.3 c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
有効 Plugin Unity Player 4.3.5.32006 Unity Technologies ApS default Firefox 40.0.3 C:\Users\【ユーザ名】\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
有効 Plugin VLC Web Plugin 2.1.3.0 VideoLAN default Firefox 40.0.3 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CC追加分(スケジュールされたタスク)
有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -check pepperplugin
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task AdobeAAMUpdater-1.0-hiro-【ユーザー名】 Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
有効 Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Microsoft OneDrive Auto Update Task-S-1-5-21-1986508758-1585181776-1248126739-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDrive.exe
有効 Task Opera scheduled Autoupdate 1423651649 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate
無効 Task Optimize Start Menu Cache Files-S-1-5-21-1986508758-1585181776-1248126739-1001
有効 Task Titanium BTC Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe -btc
有効 Task Uninstaller_SkipUac_x【ユーザー名】IObit C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
有効 Task {3015A55F-6F87-4C55-946D-7BCB23334334} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\【ユーザー名】\Downloads\ShukuSen150.exe -d C:\Users\【ユーザー名】\Downloads
有効 Task {7DE26901-5AA7-426A-A4FE-27F9B3F2ECDB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\【ユーザー名】\Downloads\forge-1.7.10-10.13.1.1222-installer-win.exe -d C:\Users\【ユーザー名】\Downloads
有効 Task {9A763C48-1541-4E08-A714-ED2C87D21793} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.9.0.106/ja/abandoninstall?source=lightinstaller&page=tsInstall

CC追加分(コンテキストメニュー)
有効 Directory 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 Directory GDContextMenu Google C:\Program Files (x86)\Google\Drive\contextmenu64.dll
有効 Directory IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Directory ShExplzh pon software C:\WINDOWS\SysWOW64\ShExplzh.dll
有効 Directory ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Directory VLCメディアプレイヤーで再生 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 Directory 書庫内検索(I)... pon software C:\Program Files\Explzh\Explzh.exe /f %1
有効 Drive ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Drive 書庫内検索(I)... pon software C:\Program Files\Explzh\Explzh.exe /f %1
有効 File 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 File AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 File CopyShExt Barracuda Networks, Inc. C:\Users\【ユーザー名】\AppData\Roaming\Copy\overlay\CopyShExt.dll
有効 File GDContextMenu Google C:\Program Files (x86)\Google\Drive\contextmenu64.dll
有効 File IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
有効 File ShExplzh pon software C:\WINDOWS\SysWOW64\ShExplzh.dll
有効 File ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 Folder AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 Folder CopyShExt Barracuda Networks, Inc. C:\Users\【ユーザー名】\AppData\Roaming\Copy\overlay\CopyShExt.dll
有効 Folder IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Folder ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll

AC
# AdwCleaner v5.006 - ログファイルの作成日 07/09/2015 作成時間 21:55:18
# 更新日 06/09/2015 作成元 Xplode
# データベース : 2015-09-04.4 [サーバー]
# オペレーティングシステム : Windows 8.1 Pro (x64)
# ユーザー名 : 【ユーザー名】 - HIRO
# 実行場所 : C:\Users\【ユーザー名】\Downloads\AdwCleaner.exe
# オプション : 削除
# サポート : http://toolslib.net/forum

***** [ サービス ] *****


***** [ フォルダ ] *****


***** [ ファイル ] *****

[-] ファイル 削除済み項目 : C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] ファイル 削除済み項目 : C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] ファイル 削除済み項目 : C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] ファイル 削除済み項目 : C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal

***** [ ショートカット ] *****


***** [ スケジュールタスク ] *****


***** [ レジストリ ] *****

[-] キー 削除済み項目 : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee

***** [ Webブラウザ ] *****

[-] [C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] 削除済み項目 : babylon.com
[-] [C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] 削除済み項目 : websearch

*************************

:: Winsock設定を初期化しました

*************************

C:\AdwCleaner[C1].txt - [5708 バイト] - [05/09/2015 02:39:19]
C:\AdwCleaner[S1].txt - [23534 バイト] - [05/09/2015 02:30:28]
C:\AdwCleaner[S2].txt - [1442 バイト] - [05/09/2015 03:35:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1807 バイト] ##########

MBAM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

定義バージョン: v2015.09.07.02

Windows 8 x64 NTFS (セーフモード)
Internet Explorer 11.0.9600.17937
【ユーザー名】 :: HIRO [管理者]

2015/09/07 21:59:56
mbam-log-2015-09-07 (21-59-56).txt

スキャンタイプ: フルスキャン (C:\|D:\|E:\|)
有効なスキャン領域: メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン  | ヒューリスティック/Shuriken エンジンを使用してスキャン  | 不審なプログラム (PUP) | 不審な変更 (PUM)
無効なスキャン領域: ピア・ツー・ピアプログラム(P2P)
スキャンしたアイテム数: 993303
経過時間: 39 分, 33 秒

メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)

メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリキーの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリ値の検出: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.WebSearchInfo) -> データ: {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} -> 正常に隔離され削除されました。

レジストリデータ項目の検出: 3
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5FBD7DF6-0ABE-4555-871F-1A39827E9AB0}|NameServer (Trojan.DNSChanger) -> 悪: (199.203.131.145,82.163.143.167) 良: () -> 正常に隔離され修復されました。
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d488b69-9a2b-4f5a-89bf-457770929666}|NameServer (Trojan.DNSChanger) -> 悪: (199.203.131.145,82.163.143.167) 良: () -> 正常に隔離され修復されました。
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ac798826-281b-4c3c-9929-8ff611e3fc67}|NameServer (Trojan.DNSChanger) -> 悪: (199.203.131.145,82.163.143.167) 良: () -> 正常に隔離され修復されました。

フォルダの検出: 0
(悪意のあるアイテムは検出されていません。)

ファイルの検出: 10
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCheaapPrice\whr1VTp2ZHGNyE.exe.vir (PUP.Optional.MultiPlug) -> 正常に隔離され削除されました。
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCheauPPrice\dcKSNdmdTJEy3T.exe.vir (PUP.Optional.MultiPlug) -> 正常に隔離され削除されました。
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DNS Unlocker\dnskingston.exe.vir (PUP.Optional.DNSUnlocker) -> 正常に隔離され削除されました。
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DNS Unlocker\ZonaTools.XPlorerBar.dll.vir (PUP.Optional.DNSUnlocker) -> 正常に隔離され削除されました。
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uunisoaoles\uunisoaoles.exe.vir (PUP.Optional.MultiPlug) -> 正常に隔離され削除されました。
C:\AdwCleaner\Quarantine\C\ProgramData\{19dc80b2-f236-99ae-19dc-c80b2f2302cb}\hqghumeaylnlf.exe.vir (PUP.Optional.SuperOptimizer) -> 正常に隔離され削除されました。
C:\AdwCleaner\Quarantine\C\ProgramData\{cb6aa725-997f-8f87-cb6a-aa7259979c96}\hqghumeaylnlf.exe.vir (PUP.Optional.SuperOptimizer) -> 正常に隔離され削除されました。
C:\Users\【ユーザー名】\Downloads\CR_Downloader_for_super-mario-sunshine (1).exe (PUP.Optional.InstallCore) -> 正常に隔離され削除されました。
C:\Users\【ユーザー名】\Downloads\CR_Downloader_for_super-mario-sunshine.exe (PUP.Optional.InstallCore) -> 正常に隔離され削除されました。
C:\Users\【ユーザー名】\Downloads\PhotoScape_V3-6-5.exe (PUP.Optional.OpenCandy) -> 正常に隔離され削除されました。

(終)
  • キツツキ
  • 2015/09/08 (Tue) 01:30:03
返信フォームへ 
Re: DNS Unlockerに感染
すみません、こちらのミスで、こちらのユーザーネームが表示されてしまっています。パスワードをつけていなかった為編集が出来ません。そちらの権限で、編集することはできないでしょうか?
  • キツツキ
  • 2015/09/08 (Tue) 01:39:19
返信フォームへ 
Re: DNS Unlockerに感染
簡略の件、了解です。

PCの状態は大きくは変化していません。若干、表示される広告が減った気もしますが、あまり変化していません。

まず初めに、CCの追加分(「Firefox」「スケジュールされたタスク」「コンテキストメニュー」)のログを保存しました。

その後、ACとMBAMを保存。
ただ、MBAMの保存の際、GoogleChromeでは配布されているサイトがブロックされてしまい、ダウンロードしても危険なファイルとして開くことが出来なかったので、IEを使用してダウンロードしました。

MBAMは指示通り、定義ファイルのみを更新しました。

しかし、ACの方が、更新できたかいまいちわからないです。起動時毎回ダウンロードをしているので、それが更新なのでしょうか?

ともあれ、ACは一度起動して、閉じました。

その後、PCをセーフモードで再起動、ディスククリーンアップで元からチェックの付いた物(「WindowsUpdateのクリーンアップ」「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「縮小表示」)だけディスククリーンアップしました。

再び、セーフモードで再起動、ACを起動、スキャンを実行した後いくつか検出された項目があったので消去、その後AC側から再起動を命令されたので実行しました。

再起動後、ログを保存。

再び、セーフモードで再起動、MBAMを起動、起動時アップデートを勧められましたが、キャンセルして旧バージョンのまま起動しました。(定義ファイルは更新済みです。)

スキャナーからフルスキャンを選択、C含めすべてのドライブをスキャンしました。
スキャン終了後、14件ほど検出されたのそれらをすべて隔離、詳細を表示しログを保存しようとしたのですが、名前を付けて保存の画面が固まってしまった為、強制終了、するとログを表示していたテキストも閉じてしまったので、仕方なくそのまま再起動。再起動後、再びMBAMを起動、ログのタグから今回のログを取得しました。
  • キツツキ
  • 2015/09/08 (Tue) 02:55:19
返信フォームへ 
Re: DNS Unlockerに感染
ユーザーネーム件編集していただき、ありがとうございます。今後はこのようなことが無いように気を付けたいと思います。お手数おかけしました、改めてありがとうございました。
  • キツツキ
  • 2015/09/08 (Tue) 11:50:50
返信フォームへ 
今度はOTLで解析です
今夜もレスが遅くなってすみません。
各ログも見せていただきました。

両ツールでは少しだけ検出がありましたが、それらも全部隔離処置しているならいいです。

では次の解析作業に行きましょう。

以下のツールを準備してください。
OTL(OldTimer Listit)
ファイル直リンなので、DLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで分割して、複数回に分けてレス送信してください。

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
  • 悪代官
  • 2015/09/08 (Tue) 20:39:02
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

OTL logfile created on: 2015/09/08 20:45:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\【ユーザー名】\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17937)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.92 Gb Total Physical Memory | 13.77 Gb Available Physical Memory | 86.50% Memory free
19.21 Gb Paging File | 16.87 Gb Available in Paging File | 87.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.00 Gb Total Space | 2.94 Gb Free Space | 1.33% Space Free | Partition Type: NTFS
Drive D: | 14.41 Gb Total Space | 0.06 Gb Free Space | 0.41% Space Free | Partition Type: FAT32
Drive E: | 4.38 Gb Total Space | 1.55 Gb Free Space | 35.40% Space Free | Partition Type: UDF

Computer Name: HIROAKI | User Name: 【ユーザー名】 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/09/08 20:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\【ユーザー名】\Downloads\OTL.exe
PRC - [2015/08/29 06:10:07 | 000,245,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
PRC - [2015/07/31 03:18:57 | 002,909,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2015/07/29 09:23:18 | 022,344,224 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2015/07/23 05:16:32 | 002,266,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
PRC - [2015/07/23 05:16:24 | 002,303,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2015/07/22 17:02:46 | 000,156,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
PRC - [2015/07/22 15:33:42 | 000,174,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
PRC - [2015/07/22 15:33:12 | 000,680,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
PRC - [2015/07/22 01:02:22 | 031,535,264 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2015/07/16 18:39:26 | 005,521,792 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
PRC - [2015/07/15 19:57:58 | 001,011,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/03/20 18:12:26 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2015/02/06 06:01:44 | 002,585,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/02/06 06:01:44 | 001,706,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/02/06 02:57:45 | 000,410,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2015/01/08 10:05:16 | 000,060,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2014/11/21 13:20:52 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/04/08 07:06:08 | 001,259,808 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2014/04/08 01:03:04 | 000,383,264 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2014/04/07 13:38:00 | 000,139,104 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
PRC - [2014/03/31 14:12:36 | 000,211,808 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
PRC - [2013/10/15 17:30:30 | 000,525,448 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2013/10/15 17:30:28 | 003,526,776 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2013/02/13 00:36:48 | 000,126,976 | ---- | M] (Brio) -- C:\Program Files (x86)\FolderSize\FolderSize.exe
PRC - [2013/02/13 00:36:46 | 000,114,688 | ---- | M] (Brio) -- C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
PRC - [2013/01/09 01:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2012/11/19 12:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/11/19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/05/09 16:03:28 | 000,078,312 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012/03/28 19:34:28 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/29 19:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe
PRC - [2011/03/09 14:21:54 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/09/08 02:54:04 | 001,176,576 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._core_.pyd
MOD - [2015/09/08 02:54:04 | 001,067,008 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._controls_.pyd
MOD - [2015/09/08 02:54:04 | 000,816,128 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._windows_.pyd
MOD - [2015/09/08 02:54:04 | 000,806,400 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._gdi_.pyd
MOD - [2015/09/08 02:54:04 | 000,733,184 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._misc_.pyd
MOD - [2015/09/08 02:54:04 | 000,686,080 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\unicodedata.pyd
MOD - [2015/09/08 02:54:04 | 000,682,496 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\pysqlite2._sqlite.pyd
MOD - [2015/09/08 02:54:04 | 000,525,640 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\windows._lib_cacheinvalidation.pyd
MOD - [2015/09/08 02:54:04 | 000,364,544 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\pythoncom27.dll
MOD - [2015/09/08 02:54:04 | 000,320,512 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32com.shell.shell.pyd
MOD - [2015/09/08 02:54:04 | 000,167,936 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32gui.pyd
MOD - [2015/09/08 02:54:04 | 000,127,488 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\pyexpat.pyd
MOD - [2015/09/08 02:54:04 | 000,123,392 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._wizard.pyd
MOD - [2015/09/08 02:54:04 | 000,119,808 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32file.pyd
MOD - [2015/09/08 02:54:04 | 000,108,544 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32security.pyd
MOD - [2015/09/08 02:54:04 | 000,098,816 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32api.pyd
MOD - [2015/09/08 02:54:04 | 000,078,848 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._animate.pyd
MOD - [2015/09/08 02:54:04 | 000,077,312 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._html2.pyd
MOD - [2015/09/08 02:54:04 | 000,068,096 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\usb_ext.pyd
MOD - [2015/09/08 02:54:04 | 000,038,912 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32inet.pyd
MOD - [2015/09/08 02:54:04 | 000,035,840 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32process.pyd
MOD - [2015/09/08 02:54:04 | 000,025,600 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32pdh.pyd
MOD - [2015/09/08 02:54:04 | 000,024,064 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32pipe.pyd
MOD - [2015/09/08 02:54:04 | 000,022,528 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32ts.pyd
MOD - [2015/09/08 02:54:04 | 000,018,432 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32event.pyd
MOD - [2015/09/08 02:54:04 | 000,017,408 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32profile.pyd
MOD - [2015/09/08 02:54:04 | 000,011,264 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32crypt.pyd
MOD - [2015/09/08 02:54:04 | 000,010,240 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\select.pyd
MOD - [2015/09/08 02:54:03 | 001,161,216 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_ssl.pyd
MOD - [2015/09/08 02:54:03 | 000,713,216 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_hashlib.pyd
MOD - [2015/09/08 02:54:03 | 000,128,512 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_elementtree.pyd
MOD - [2015/09/08 02:54:03 | 000,110,080 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\pywintypes27.dll
MOD - [2015/09/08 02:54:03 | 000,087,552 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_ctypes.pyd
MOD - [2015/09/08 02:54:03 | 000,045,568 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_socket.pyd
MOD - [2015/09/08 02:54:03 | 000,036,864 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_psutil_windows.pyd
MOD - [2015/09/08 02:54:03 | 000,027,136 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_multiprocessing.pyd
MOD - [2015/09/08 02:54:03 | 000,020,480 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_yappi.pyd
MOD - [2015/09/08 02:54:03 | 000,013,824 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\common.time34.pyd
MOD - [2015/09/08 02:54:03 | 000,007,168 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\hashobjs_ext.pyd
MOD - [2015/08/15 05:39:32 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2015/08/15 05:39:28 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll
MOD - [2015/08/14 22:44:39 | 012,898,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\592a40dd076e6e46b4a8bc95bb64b2e8\System.Windows.Forms.ni.dll
MOD - [2015/08/14 22:44:28 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\662aae610c401a254416904a4861b189\System.ServiceModel.ni.dll
MOD - [2015/08/14 22:44:11 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll
MOD - [2015/08/14 22:44:04 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2015/08/14 22:43:55 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\814dd462b742d7c16c620e79397b2463\System.Configuration.ni.dll
MOD - [2015/08/14 22:43:26 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\67bdc09fa286920c1f42f2a98c400f95\System.Core.ni.dll
MOD - [2015/08/14 22:43:07 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2015/07/22 15:32:36 | 036,732,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
MOD - [2015/07/22 01:02:22 | 031,535,264 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2015/07/16 18:39:24 | 000,121,856 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
MOD - [2015/07/16 18:39:22 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
MOD - [2015/07/16 18:39:22 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
MOD - [2015/07/16 18:39:22 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
MOD - [2015/07/16 18:39:22 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
MOD - [2015/07/16 18:39:22 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
MOD - [2015/07/16 18:39:20 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
MOD - [2015/05/14 17:51:21 | 002,964,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fc3b086418e8d8807cfb6b88ccae1c64\System.IdentityModel.ni.dll
MOD - [2015/05/14 17:51:09 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\e79e1e2079071cbc484fdea26d5d0c23\IAStorUtil.ni.dll
MOD - [2015/03/20 18:12:42 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/12/10 05:37:31 | 000,026,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\e8ad82cba0e31a5f24d1c14a6ff6088b\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/12/10 05:37:13 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll
MOD - [2014/12/10 05:37:13 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll
MOD - [2014/12/03 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\6b32db57e0a4d65caa47d67dfea865e8\IAStorCommon.ni.dll
MOD - [2014/09/24 15:59:52 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2011/03/09 14:21:56 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2011/03/09 14:21:48 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:[b]64bit:[/b] - [2015/07/14 03:32:44 | 002,765,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,366,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2015/05/31 04:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2015/05/25 22:07:50 | 001,430,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/05/12 22:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2015/05/08 00:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2015/02/21 08:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 021,833,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:[b]64bit:[/b] - [2014/12/01 00:21:23 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/29 13:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:[b]64bit:[/b] - [2014/10/29 12:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/10/29 12:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/10/29 11:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/10/29 11:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2014/10/29 11:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/10/29 10:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/10/29 10:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2014/10/29 09:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/10/29 09:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2011/11/29 19:48:06 | 000,131,000 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cthwsrv64.exe -- (CypherGuard Info Service)
SRV:[b]64bit:[/b] - [2011/11/29 19:26:28 | 000,127,416 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe -- (CypherGuard cguard Service 64bit Edition)
SRV - [2015/09/02 04:08:44 | 000,149,160 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/08/20 05:39:00 | 000,838,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/08/13 02:53:11 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/07/31 03:18:57 | 002,909,472 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/07/22 15:33:12 | 000,680,112 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2015/07/09 13:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/05/08 00:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2015/02/06 06:01:44 | 001,706,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/02/06 02:57:45 | 000,410,952 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/10/29 12:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/29 10:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/29 10:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/04/08 07:06:08 | 001,259,808 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2014/04/08 01:03:04 | 000,383,264 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2014/04/07 13:38:00 | 000,139,104 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2013/11/07 07:12:11 | 005,204,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/07/11 17:06:40 | 000,452,912 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\elecom\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2013/07/11 17:05:40 | 001,863,680 | ---- | M] (Ralink) [Auto | Stopped] -- C:\Program Files (x86)\elecom\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2013/02/13 00:36:46 | 000,114,688 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2013/01/09 01:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2012/11/19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/05/09 16:03:26 | 000,242,664 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/11/29 19:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe -- (CypherGuard cguard Service 32bit Edition)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/09/05 03:07:16 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:[b]64bit:[/b] - [2015/07/07 18:40:12 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2015/07/07 18:40:05 | 000,270,168 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2015/07/07 18:40:05 | 000,114,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2015/04/16 15:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2015/03/30 15:28:52 | 000,044,296 | -H-- | M] (LogMeIn Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Hamdrv.sys -- (Hamachi)
DRV:[b]64bit:[/b] - [2015/03/20 10:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2015/03/18 02:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2015/03/13 13:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2015/03/09 11:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2015/03/09 11:02:45 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2015/03/04 19:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:[b]64bit:[/b] - [2014/12/01 00:22:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/12/01 00:22:04 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/10/29 12:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/10/29 12:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/10/29 12:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/10/29 12:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/10/15 17:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/10/07 15:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/10/07 15:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/09/24 17:01:27 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:[b]64bit:[/b] - [2014/09/24 16:29:37 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:20 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:06 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:37 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/15 09:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/02/02 16:17:40 | 000,124,192 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cymon.sys -- (Cymon)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:14 | 000,117,312 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:10 | 000,085,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:04 | 000,283,160 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 21:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 21:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 17:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 08:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/10 09:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/31 03:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 04:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2013/07/11 11:39:06 | 000,037,904 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\tmel.sys -- (tmel)
DRV:[b]64bit:[/b] - [2013/07/08 12:16:30 | 000,103,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmusa.sys -- (tmusa)
DRV:[b]64bit:[/b] - [2013/06/28 13:44:32 | 002,441,392 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2013/06/18 23:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:[b]64bit:[/b] - [2013/06/13 15:35:10 | 000,100,640 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:[b]64bit:[/b] - [2013/05/31 00:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:[b]64bit:[/b] - [2013/05/05 16:32:46 | 000,039,168 | ---- | M] (Scarlet.Crush Productions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScpVBus.sys -- (ScpVBus)
DRV:[b]64bit:[/b] - [2013/04/12 11:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2012/11/19 12:10:38 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/07/13 11:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2012/02/23 12:20:36 | 000,317,744 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:[b]64bit:[/b] - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2011/07/14 22:00:50 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV:[b]64bit:[/b] - [2010/02/04 13:49:02 | 000,740,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC1150.X64.SYS -- (DC1150.X64)
DRV:[b]64bit:[/b] - [2009/11/24 09:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/24 09:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:[b]64bit:[/b] - [2009/09/03 05:00:19 | 000,045,616 | R--- | M] (I-O DATA DEVICE, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IOSPD5.SYS -- (IOSPD5)
DRV - [2013/02/22 18:24:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {818E0927-F026-4031-A592-4FEABD11A97E}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MANMJS
IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MANMJS
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oem.msn.com/
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\..\SearchScopes,DefaultScope = {818E0927-F026-4031-A592-4FEABD11A97E}
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\..\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MANMJS
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cjinternet.jp/application/cjij-launcher-plugin,version=1.0.0.5: C:\Program Files (x86)\CJIJ\npCJIJLauncher.dll (CJ Internet Japan)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll (gameon)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\Common files\nppmangsupport.dll (gameon)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\【ユーザー名】\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\8.0.1173\8.0.1173\FIREFOXEXTENSION
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014/10/11 22:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}: C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ [2014/11/05 23:56:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/08/03 21:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\【ユーザー名】\AppData\Roaming\mozilla\Extensions
[2015/08/20 21:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\【ユーザー名】\AppData\Roaming\mozilla\Firefox\Profiles\uzuugfdb.default\extensions
[2015/09/02 04:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/09/02 04:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2013/08/22 22:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (no name) - {613c18c1-08f1-4a62-9015-afeb9515af51} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Yahoo!ツールバーフィッシング警告) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll (Yahoo Japan Corporation. )
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yahoo!ツールバーヘルパー) - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logicool Gaming Software\LCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [Copy] C:\Users\【ユーザー名】\AppData\Roaming\Copy\CopyAgent.exe (Barracuda Networks, Inc.)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [Folder Size] C:\Program Files (x86)\FolderSize\FolderSize.exe (Brio)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [OneDrive] C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Users\【ユーザー名】\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
  • キツツキ
  • 2015/09/08 (Tue) 21:04:42
返信フォームへ 
Re: DNS Unlockerに感染
ログ続きです。

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab (DMM Downloader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FBD7DF6-0ABE-4555-871F-1A39827E9AB0}: DhcpNameServer = 192.168.10.1
O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmbp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtbim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/09/08 02:30:14 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\TempTaskUpdateDetection015F7561-B231-440F-9E6B-0EE2D25C9F20
[2015/09/07 21:30:55 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes
[2015/09/07 21:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/09/07 21:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/09/07 21:30:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/09/07 21:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/09/07 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (36)
[2015/09/07 14:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/09/07 14:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/09/07 13:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/09/07 13:55:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Sun
[2015/09/07 13:55:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\.oracle_jre_usage
[2015/09/07 13:16:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Geek Uninstaller
[2015/09/07 13:16:21 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\geek (1)
[2015/09/07 00:48:11 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (29)
[2015/09/05 23:19:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (27)
[2015/09/05 23:15:56 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (17)
[2015/09/05 03:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/09/05 03:14:09 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (39)
[2015/09/05 02:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/09/05 02:30:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/09/04 01:40:53 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (38)
[2015/09/03 03:44:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (37)
[2015/09/02 04:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/08/30 11:16:56 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\documents-export-2015-08-29
[2015/08/25 23:19:15 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (33)
[2015/08/25 22:48:43 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (35)
[2015/08/25 21:34:33 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\透けマイクロビキニ(仮)
[2015/08/25 14:41:08 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (34)
[2015/08/24 23:10:43 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\CEF
[2015/08/22 20:59:20 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (32)
[2015/08/18 13:44:34 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (31)
[2015/08/18 11:21:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (30)
[2015/08/18 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (25)
[2015/08/18 01:06:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (24)
[2015/08/18 00:53:29 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\goo
[2015/08/17 23:47:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (23)
[2015/08/17 23:39:55 | 000,000,000 | R--D | C] -- C:\Users\【ユーザー名】\Google ドライブ
[2015/08/17 23:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2015/08/17 23:21:17 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\Macromedia
[2015/08/17 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (21)
[2015/08/17 23:17:48 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\Mozilla
[2015/08/17 00:44:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (18)
[2015/08/16 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (15)
[2015/08/13 11:44:08 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/08/13 11:44:08 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/08/12 23:08:57 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\SharpHeaderCookie
[2015/08/12 23:08:24 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Documents\やりますアンコちゃん
[2015/08/12 23:07:39 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\NicoViewer2_2_0_6setup
[2015/08/12 15:08:26 | 002,228,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015/08/12 15:08:26 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015/08/12 15:08:26 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015/08/12 15:08:26 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015/08/12 15:08:26 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015/08/12 15:08:26 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015/08/12 15:08:26 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015/08/12 15:08:26 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015/08/12 15:08:26 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015/08/12 15:08:26 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015/08/12 15:08:26 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015/08/12 15:07:50 | 005,923,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/08/12 15:07:49 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/08/12 15:07:48 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/08/12 15:07:48 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/08/12 15:07:48 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/08/12 15:07:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/08/12 15:07:48 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/08/12 15:07:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/08/12 15:07:47 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/08/12 15:07:47 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/08/12 15:07:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2015/08/12 15:07:47 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2015/08/12 15:07:47 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015/08/12 15:07:46 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/08/12 15:07:43 | 018,823,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2015/08/12 15:07:43 | 007,458,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015/08/12 15:07:43 | 001,735,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/08/12 15:07:42 | 015,159,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2015/08/12 15:07:41 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2015/08/12 15:07:41 | 001,116,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2015/08/12 15:07:41 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2015/08/12 15:07:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2015/08/12 15:07:41 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2015/08/12 15:07:41 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\davclnt.dll
[2015/08/12 15:07:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2015/08/12 15:07:41 | 000,025,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2015/08/12 15:07:40 | 000,270,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2015/08/12 15:07:40 | 000,114,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys
[2015/08/12 15:07:40 | 000,044,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2015/08/12 15:07:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\csrsrv.dll
[2015/08/12 15:07:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\basesrv.dll
[2015/08/12 15:07:15 | 000,487,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2015/08/12 15:07:15 | 000,393,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2015/08/12 15:07:09 | 007,032,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2015/08/12 15:07:09 | 006,213,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2015/08/12 15:07:09 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2015/08/12 15:07:09 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2015/08/12 15:07:09 | 000,536,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mcupdate_GenuineIntel.dll
[2015/08/12 15:07:08 | 001,994,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2015/08/12 15:07:08 | 000,428,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2015/08/12 15:07:08 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/08/12 15:07:08 | 000,301,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/08/12 15:07:08 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2015/08/12 15:07:08 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/08/12 15:07:08 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/08/12 11:19:16 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (26)
[2 C:\Users\【ユーザー名】\AppData\Local\*.tmp files -> C:\Users\【ユーザー名】\AppData\Local\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/09/08 20:15:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/09/08 19:53:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/09/08 11:02:26 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/09/08 03:00:38 | 001,499,946 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/09/08 03:00:38 | 000,723,316 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/09/08 03:00:38 | 000,500,688 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2015/09/08 03:00:38 | 000,135,994 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2015/09/08 03:00:38 | 000,135,930 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/09/08 02:53:36 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/08 02:53:22 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2015/09/08 02:53:17 | 791,961,597 | -HS- | M] () -- C:\hiberfil.sys
[2015/09/07 21:56:35 | 000,000,000 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\{69CB2F78-C431-465B-8D06-80232F4730C8}
[2015/09/07 21:30:51 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/07 14:11:55 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2015/09/07 14:02:58 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/09/07 13:54:56 | 000,097,888 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2015/09/06 18:31:30 | 000,125,763 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\5.jpg
[2015/09/05 22:34:02 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2015/09/05 03:27:47 | 000,002,289 | ---- | M] () -- C:\Users\【ユーザー名】\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/09/05 03:18:18 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/09/05 03:07:16 | 000,043,664 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2015/09/05 03:05:40 | 000,005,586 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2015/08/27 09:55:05 | 000,115,677 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\CL5pDkgUcAAONiY.jpg
[2015/08/25 17:28:56 | 000,020,340 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\aitemu.jpg
[2015/08/19 09:07:14 | 001,347,265 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\CL7KS6dUMAAOert.png
[2015/08/17 23:40:02 | 000,001,676 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\Google ドライブ.lnk
[2015/08/17 23:17:42 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/08/17 11:43:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_【ユーザー名】.job
[2015/08/15 00:26:24 | 000,001,157 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\Adobe Lightroom.lnk
[2015/08/14 23:26:37 | 002,496,190 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\51954286_p0.png
[2015/08/14 17:27:07 | 000,760,560 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/08/14 01:54:46 | 000,528,087 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\23-2.jpg
[2015/08/14 01:54:43 | 000,535,123 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\23-1.jpg
[2015/08/12 23:08:24 | 000,000,929 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\やります!アンコちゃん.lnk
[2 C:\Users\【ユーザー名】\AppData\Local\*.tmp files -> C:\Users\【ユーザー名】\AppData\Local\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/09/07 21:56:35 | 000,000,000 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\{69CB2F78-C431-465B-8D06-80232F4730C8}
[2015/09/07 21:30:51 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/06 18:31:30 | 000,125,763 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\5.jpg
[2015/09/05 03:18:18 | 000,002,289 | ---- | C] () -- C:\Users\【ユーザー名】\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/09/05 03:18:18 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/09/05 03:05:40 | 000,005,586 | ---- | C] () -- C:\WINDOWS\SysNative\.crusader
[2015/09/05 02:48:10 | 000,043,664 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2015/08/27 09:55:05 | 000,115,677 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\CL5pDkgUcAAONiY.jpg
[2015/08/25 17:28:56 | 000,020,340 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\aitemu.jpg
[2015/08/19 09:07:14 | 001,347,265 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\CL7KS6dUMAAOert.png
[2015/08/17 23:40:02 | 000,001,676 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\Google ドライブ.lnk
[2015/08/17 23:17:42 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/08/17 23:17:42 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/08/14 23:26:37 | 002,496,190 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\51954286_p0.png
[2015/08/14 01:54:46 | 000,528,087 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\23-2.jpg
[2015/08/14 01:54:43 | 000,535,123 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\23-1.jpg
[2015/08/12 23:08:24 | 000,000,929 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\やります!アンコちゃん.lnk
[2015/08/12 15:07:54 | 000,411,133 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/08/07 22:47:09 | 000,000,000 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\{C53A12FC-5C8E-4E24-BE56-FB1B3FC9CEA2}
[2015/06/10 12:16:08 | 000,000,024 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\appdataFr25.bin
[2015/06/10 00:31:58 | 000,000,020 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\appdataFr2.bin
[2015/05/19 23:22:10 | 017,452,880 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop.wav
[2015/03/06 18:07:01 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2015/03/06 18:05:57 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/01/16 19:20:39 | 000,000,034 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\AdobeWLCMCache.dat
[2015/01/14 19:28:02 | 000,524,288 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2015/01/14 19:28:02 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\Lagarith.dll
[2015/01/14 19:28:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2014/12/03 10:55:45 | 000,053,430 | ---- | C] () -- C:\Users\【ユーザー名】\genymotion-log.zip
[2014/12/01 00:36:36 | 000,000,354 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/29 23:00:21 | 000,017,964 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\recently-used.xbel
[2014/11/17 01:31:48 | 000,001,245 | ---- | C] () -- C:\Users\【ユーザー名】\DigitalClock2.class
[2014/11/17 01:25:45 | 000,003,158 | ---- | C] () -- C:\Users\【ユーザー名】\Clock1.class
[2014/11/16 20:25:22 | 000,001,657 | ---- | C] () -- C:\Users\【ユーザー名】\Tokei.class
[2014/11/16 20:25:22 | 000,000,337 | ---- | C] () -- C:\Users\【ユーザー名】\Ada.class
[2014/11/16 20:19:03 | 000,000,879 | ---- | C] () -- C:\Users\【ユーザー名】\DigitalClock2.java
[2014/11/15 20:30:10 | 000,000,094 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/11/02 11:25:10 | 000,021,528 | ---- | C] () -- C:\WINDOWS\DCEBoot64.exe
[2014/10/11 22:50:01 | 000,000,036 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\housecall.guid.cache
[2014/09/29 03:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AI6WIN.INI
[2014/09/24 15:59:40 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/09/20 04:37:04 | 000,200,231 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\VideoPad.dmp
[2014/08/03 16:41:20 | 000,013,973 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCoInst.dat
[2014/08/03 16:41:18 | 000,792,416 | ---- | C] () -- C:\WINDOWS\SysWow64\DiagFunc.dll
[2014/08/03 16:41:18 | 000,000,451 | ---- | C] () -- C:\WINDOWS\SysWow64\DiagFunc.ini
[2014/07/19 20:36:31 | 000,000,993 | ---- | C] () -- C:\WINDOWS\UN900119.INI
[2014/06/20 15:41:04 | 000,007,637 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\Resmon.ResmonCfg
[2014/06/15 01:56:29 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Lhaca.ini
[2013/12/29 19:21:15 | 000,002,304 | ---- | C] () -- C:\WINDOWS\SysWow64\HtsysmNT.sys
[2013/12/07 11:02:13 | 000,231,960 | ---- | C] () -- C:\WINDOWS\RegBootClean64.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2015/03/13 15:07:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/05/08 02:50:50 | 022,292,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/05/08 01:53:12 | 019,734,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 10:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 09:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 10:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2015/09/05 22:34:02 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2015/09/08 19:53:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/09/08 02:53:36 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/08 20:15:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/08/17 11:43:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_【ユーザー名】.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Samsung SSD 840 Series
Partitions: 5
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Generic Storage Device USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 300.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 260.00MB
Starting Offset: 315621376
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 222.00GB
Starting Offset: 722468864
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 457.00MB
Starting Offset: 239094202368
Hidden sectors: 0


DeviceID: Disk #0, Partition #4
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 10.00GB
Starting Offset: 239573401600
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 14.00GB
Starting Offset: 4194304
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2014/10/29 11:42:20 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:33 | 000,110,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2014/10/29 10:21:02 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:34 | 000,933,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:40 | 000,845,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2014/10/29 10:01:27 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:28 | 000,516,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2014/10/29 09:55:10 | 000,367,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:50 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:24 | 000,131,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:06 | 000,365,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/10/29 10:05:58 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:41 | 000,252,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2014/10/29 10:14:35 | 000,110,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:23 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2014/10/29 10:59:46 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:07:58 | 000,452,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2014/10/29 10:08:58 | 000,397,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2014/10/29 10:01:45 | 000,706,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2014/10/29 09:51:03 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 10:41:58 | 000,391,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:16 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2014/10/29 11:45:24 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2014/10/29 09:54:15 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2014/10/29 11:34:42 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2014/10/29 09:59:21 | 000,542,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2014/10/29 12:51:48 | 000,047,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2014/10/29 09:56:06 | 000,146,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:18:49 | 000,329,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2014/10/29 10:04:06 | 000,640,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2014/10/29 09:49:09 | 000,576,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2014/10/29 09:52:52 | 001,265,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2014/10/29 11:12:14 | 000,313,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2014/10/29 10:34:59 | 000,254,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:29 | 000,059,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2015/05/03 09:39:53 | 000,227,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:59:28 | 001,454,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/05/31 04:35:47 | 000,911,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2015/05/31 04:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2015/03/06 11:47:37 | 001,696,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2014/10/29 10:02:44 | 000,880,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:59:24 | 000,670,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2015/06/16 07:41:04 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2015/06/16 06:16:41 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2014/10/29 10:18:13 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2015/07/19 03:51:50 | 003,704,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:53:17 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2014/10/29 10:03:56 | 001,547,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:29 | 000,289,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< End of report >
  • キツツキ
  • 2015/09/08 (Tue) 21:07:56
返信フォームへ 
Re: DNS Unlockerに感染
ログです

Extras

OTL Extras logfile created on: 2015/09/08 20:45:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\【ユーザー名】\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17937)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.92 Gb Total Physical Memory | 13.77 Gb Available Physical Memory | 86.50% Memory free
19.21 Gb Paging File | 16.87 Gb Available in Paging File | 87.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.00 Gb Total Space | 2.94 Gb Free Space | 1.33% Space Free | Partition Type: NTFS
Drive D: | 14.41 Gb Total Space | 0.06 Gb Free Space | 0.41% Space Free | Partition Type: FAT32
Drive E: | 4.38 Gb Total Space | 1.55 Gb Free Space | 35.40% Space Free | Partition Type: UDF

Computer Name: HIROAKI | User Name: 【ユーザー名】 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FindArchive] -- C:\Program Files\Explzh\Explzh.exe /f %1 (pon software)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FindArchive] -- C:\Program Files\Explzh\Explzh.exe /f %1 (pon software)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05120F9C-4294-4A9C-A694-285DD8039738}" = lport=25565 | protocol=6 | dir=in | name=マイクラ |
"{0CAB00A7-BF52-471C-86C0-C4D529CC8F29}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0F94C4C6-7186-4804-9216-E44F68FD5A27}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{169CC467-E228-4592-B5FF-E3F71ED54F18}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{22EED162-BC13-488F-A083-7421197848D5}" = lport=445 | protocol=6 | dir=in | app=system |
"{2BB37C91-3680-45BB-A870-734A0CD3B5B5}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{33CE72F0-19AA-48C0-880B-8C121206EB89}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{4724B117-30BB-43DF-BC6B-0751543C2B18}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D6FDD7B-55A8-4C25-993F-EC03919795A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5355332F-A412-4E41-A599-281E802FADCC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5A860D90-A268-4BCD-BBA9-81B1978E6EE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C1545C1-AB79-43AE-8E2B-109C82F6D301}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6141DDFB-0AA3-408D-A293-B64CF32A5A4E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66BFEF55-026C-4C5E-8589-853116356886}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6DDA562A-A014-4DC4-84DA-8BE276A86F56}" = lport=138 | protocol=17 | dir=in | app=system |
"{71DCE833-937B-4FE1-8A3E-BC8971B61DF0}" = rport=25565 | protocol=6 | dir=out | name=マイクラ |
"{748D74C8-6239-4A3C-A9D5-81FE523B6D14}" = lport=2869 | protocol=6 | dir=in | app=system |
"{88B1B80A-C81B-4435-AA73-B98588A8CFE7}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8AFAE3DE-4A05-468F-9F15-7CEE1FD2B741}" = lport=54045 | protocol=17 | dir=in | app=c:\program files\logicool gaming software\lcore.exe |
"{93955909-D343-4517-9BA4-E5452DC8B76D}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{94C82B82-D3F2-47F3-A3B7-806D8CC1D0E9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99B190F7-BE94-4927-BEB7-7C0DF8325C89}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D98F494-82A0-4328-9778-DAF5D18226CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2A48818-65A1-4AB8-8BBF-D6C3423549C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8BA0353-60D5-4450-A407-8A1E2C0900FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{BD1F8706-653E-4A10-9171-54D73711D27A}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{BE46DC32-2E3C-420D-96B1-F78181FF7512}" = rport=137 | protocol=17 | dir=out | app=system |
"{CAF438B0-B234-4BCB-B9B1-25B0056D71B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{D1012E15-171B-41C8-9EF6-1B5ACFB2F7DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6914CC5-3BA9-42BD-A7A3-DA57D8C6DC39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E171A3EC-78E6-4344-A0D6-E7CD4096BD81}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{E53C108D-1006-4E1C-AD37-D8DB0372B8F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{E55D7F42-1C87-4BE6-8177-0ABD07248BF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E797EC39-5007-47C4-87BE-69D8AFD62D18}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F4B248EE-42D8-46BC-A1A2-A5D8DB319DE7}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA41B35E-9409-4E56-B167-9781C41E3497}" = lport=139 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0024C6B7-127F-466E-9F8A-1CBB0B5C4A3C}" = dir=out | name=windows_ie_ac_001 |
"{00799083-EF8C-4737-A47E-E01AA108A554}" = dir=in | name=skype |
"{01637113-6F8D-4DB4-93D2-26A2B855CD21}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{038F8A8B-4137-4C6F-B165-D6C6C6764B69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{06BBDA34-EE9B-4AAD-84BE-DE48FA27E536}" = dir=in | name=juniper networks junos pulse |
"{07008E73-C10E-41D6-9C52-EF75995D3DF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{0A7FEA28-6EA8-4492-A21F-4AC16B782EBE}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{0DB96E87-E81D-4E19-A1AC-7EC37F29B9C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{138DC44C-681A-4160-914C-4629794C1281}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{143B170E-2488-4AEF-81D1-80A03CCCEEED}" = dir=in | app=c:\program files\newtek\lightwave_2015.2j\bin\layout.exe |
"{149E7EAC-C8D9-428A-9F5F-9FB955285B78}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1672543B-5CF7-4FFD-AF6F-37D695F9CFDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D40C5E9-D5EB-45A3-8DA8-74B1A3C65F65}" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\javaw.exe |
"{1E3CF8DD-D800-43F9-84DC-8D6BFADF6750}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1F850443-5BD5-490A-A0D5-217766A115A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{218603A5-3D9E-4112-9FCB-8A07CB0AA7EF}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{25A2BAD0-816C-4B38-A41D-B6277B1051CC}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{271C0C1D-315B-4425-B858-2D952B8E7828}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{278CB9F7-2A43-4A5B-B3B5-D347C557926B}" = dir=out | name=line |
"{27E59B14-EEE7-4442-92E0-55A7795902BD}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{288126B3-AC8D-479E-9A30-6A9845B7C1A8}" = dir=in | name=onenote |
"{289EC437-1D07-455A-9735-D67B452E1494}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2961CE2C-46DA-441A-BE15-4302FE766DD1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2E4309DA-16C4-4FEA-8C39-B72707609FE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2F848B19-868F-464D-9F4E-021DFB137F72}" = protocol=17 | dir=in | app=c:\program files (x86)\elecom\common\ramediaserver.exe |
"{33C9CFF8-21AD-4AA5-90AA-1EDC19F63CFD}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{345E74C0-473A-4379-AB7C-78681D4D357A}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{3B3E2998-C7BF-48AD-9B19-235D507C9848}" = dir=out | name=@{microsoft.bingweather_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{3CD492D6-A467-48D5-A447-14C67665C744}" = dir=out | name=microsoft minesweeper |
"{3D5032F9-B89F-4FC5-A2FA-C13CB87E3A22}" = dir=out | name=クックパッド |
"{3F23FAC6-C2AF-450B-8A20-D0704A75E20E}" = dir=out | name=abilie |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{429C6312-9472-4D1F-B6AB-742F59A7062C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42A7D3CB-BE82-461F-B12B-BEE576F7843F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43C70065-96C6-429E-BA5F-76A188CB9796}" = dir=out | name=yahoo!オークション (mc) |
"{4424E24E-2FA8-44BE-A1B6-5C3595ABD7C5}" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\java.exe |
"{44256786-4C3D-4E6E-8B35-2B6F950D05CF}" = dir=out | name=ポンパレ |
"{4697E50C-FD6D-412A-B4D3-BF8B5B3D63E4}" = dir=in | name=@{microsoft.xboxcompanion_1.4.3.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{49755450-FF8A-4B01-B0EE-7B4EAE523FE3}" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\java.exe |
"{4A00522C-A844-416E-8728-5A98FA166C49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{4BF56DA0-E519-4C0A-85E5-FF2610CFCED5}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{4D86F31B-94FA-4490-8E96-82CAFD1D8B3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DB2CDE9-7461-42F1-A3CF-943A7F5BF828}" = dir=out | name=dragonball card game |
"{4DB51E82-5C88-48B1-AFD2-D86F022EDC7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50289503-5BFE-4FAD-92D1-87DCBE9C1421}" = dir=out | name=@{microsoft.zunevideo_2.6.441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{5532BE6F-F305-4749-BFC0-CAF9D9D69D48}" = dir=out | name=windows_ie_ac_001 |
"{55D5F2A5-32A8-4499-AD26-608EB4C827D2}" = dir=in | name=taptiles |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5B37E571-7347-41C0-AB50-1BC1989525D4}" = dir=out | name=じゃらん |
"{5DB9F3FB-CBE6-4A24-BEDF-F1E57393F76A}" = dir=in | name=microsoft solitaire collection |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5F75DCA3-8587-46A7-8B69-42F49155BABF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FADAA74-1917-4FEE-A560-6F9D312E6762}" = dir=out | name=check point vpn |
"{64DA381F-E104-4FA9-86CF-3B230C48AAD5}" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\java.exe |
"{69C72D58-6F66-467C-A696-487469912ED6}" = dir=out | name=canon inkjet print utility |
"{7083BE8A-6A93-4754-885A-F9202F75FA2E}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{72F5274A-F944-4112-93CB-A49E96B7AE18}" = dir=out | name=ムビチケ |
"{74368DFF-C3B0-4207-9CBC-3735E67740EF}" = protocol=6 | dir=in | app=c:\program files (x86)\elecom\common\ramediaserver.exe |
"{782D0AED-A928-4D39-9BBF-6246C38C79CF}" = protocol=6 | dir=out | app=system |
"{7994BE12-A0DD-4F2C-894D-2C7EF223AFD9}" = dir=out | name=onenote |
"{7A262742-07D6-4587-9432-0E05DFFEEF0B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{7AA4047A-104A-402D-9088-346344C107DC}" = protocol=6 | dir=in | app=c:\users\【ユーザー名】\desktop\ゲーム\マイクラ\新\runtime\jre-x64\1.8.0_25\bin\javaw.exe |
"{7D875BA0-59FC-436E-B6C8-615B98C3D946}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{7E50C52E-F4E1-447F-A82D-FF8F4BDD8F88}" = dir=out | name=microsoft solitaire collection |
"{7F502FDA-B16E-43B3-BDBF-DEB3B62CB70A}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{7F70320C-3E4D-4CC2-942D-114963185361}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8452B07A-6D20-46AD-B88D-C972F64A46C8}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{84CDD4FE-493C-4F0E-9AEE-E83FD749B070}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{8DC91E2B-E5D5-485B-99EB-596FEBE6B419}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{8F5855C4-99B3-400F-A6AB-2B12F98B1E91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{93EA4E43-924E-4845-8718-104D71D801B2}" = dir=out | name=@{microsoft.zunevideo_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{95955B47-8138-463D-9756-FBA6140E71E5}" = dir=out | name=juniper networks junos pulse |
"{966C7299-A75D-439E-8E89-5FD9F77DEA2C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{9D4AC9C4-738C-47B4-B155-DE58A84AB39E}" = dir=in | app=c:\program files\newtek\lightwave_2015.2j\bin\modeler.exe |
"{9E21074E-3E29-455D-9A5F-5638080954E5}" = dir=out | name=suumo |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9E57B459-AABC-47CA-A59F-B92D9832F457}" = dir=in | name=microsoft minesweeper |
"{A27570F0-603A-44AD-9A4C-E966EDE5B167}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{A3F7E577-43FD-402C-B509-8372D8CEE720}" = dir=out | name=@{microsoft.xboxcompanion_1.4.3.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{A53EE303-37B0-495E-9E6E-61C2804771CD}" = dir=out | name=navitime for mouse computer |
"{A54F7037-EFE1-45BC-931E-AB023E34E9AA}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{A60628CA-8737-443A-B878-CB9C19DBAC4C}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{A994A591-75C3-441B-82E1-52669E52E27F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A9B5CB49-1B27-41AE-8C28-D6F2BD1FDCE5}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{AAE3BA35-A8A1-4582-B339-54F34A68A454}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{ABAA1FBA-5774-48D9-9CF2-5893F6410D0E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{AECE11F1-A9BD-424D-A866-71BCE219C836}" = dir=out | name=skype |
"{B4F05F90-6D2B-47D7-BE2A-1123A23604C2}" = dir=out | name=taptiles |
"{B539EE61-41A6-4EDF-A547-A5E56604EE4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B67E0717-D377-4E29-8522-4CBF9AD96AAC}" = dir=in | name=sonicwall mobile connect |
"{B705BF5D-F615-45AA-A120-6D50F3F0B2E8}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{B84B7A03-4868-4B30-A259-EDCDA3E71B40}" = dir=out | name=f5 vpn |
"{B87A0B88-BB93-4342-A873-71CEC156797C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBC8DFA1-21F2-4A0A-A764-EFD92AA5EF4E}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{BE79E8AC-57F3-4C33-BADC-AD759E0611E3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{C0FE6025-B872-41CD-9477-05D2D9CAC64D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{C172A0AF-AFC9-4697-873F-0783DB1D6516}" = dir=out | name=hulu |
"{C190BA1F-6B35-4932-850E-589256551F28}" = dir=out | name=apricot |
"{C23567B4-CD58-429E-A1BB-3C203242013C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{C281F028-310E-45CC-9100-6452A9D13143}" = dir=in | app=c:\users\【ユーザー名】\appdata\roaming\copy\copyagent.exe |
"{C749961B-6658-4C83-AFBD-2443DBD27C40}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C74F5BA4-FD8C-4319-A121-56B9BEB3142C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFCFA1B0-CA85-406D-8FA9-9F1D57F285FC}" = dir=out | name=ホットペッパー グルメ |
"{D0C8DE2B-2F2E-4D18-AEC9-070F0C4D8414}" = dir=in | app=c:\program files\newtek\lightwave_2015.2j\bin\hub.exe |
"{D136E491-70F2-4323-8731-4BE637A438CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D580854B-1EEE-4B7E-BB3C-9AA0A8A6EB64}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D61A283F-0DBE-4DA5-9DA9-98FD3A070091}" = dir=in | name=microsoft mahjong |
"{D6248090-7B7A-4CC0-8776-49759A91E89C}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D79002EF-EE44-4770-95F6-304936B00540}" = dir=out | name=fresh paint |
"{D9DC2AB7-AB26-4870-951D-37EA243BF555}" = protocol=17 | dir=in | app=c:\users\【ユーザー名】\desktop\portchk_ps3_jp\portchk.exe |
"{DAFA4E3B-BE81-4CE4-AFEE-F13D6D441091}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DB803208-556A-421A-AD02-B8944433BBB6}" = dir=in | name=canon inkjet print utility |
"{DDED201A-1A52-4472-BCA5-321158AD0EDA}" = protocol=6 | dir=in | app=c:\users\【ユーザー名】\desktop\portchk_ps3_jp\portchk.exe |
"{E183C32C-26CF-46EE-B1D8-ECE3EAD8DCEA}" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\javaw.exe |
"{E3A69BA5-7EB9-499A-80E5-3823CE5A2603}" = dir=out | name=microsoft mahjong |
"{E467EDCC-2114-4EBA-A9C7-9ECA8E4D6FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{E4FC066B-EE29-4115-8DF6-4287CB492496}" = dir=out | name=@{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{E77BEE72-04D5-4D42-8F1C-552B5C852F38}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E826B65B-AEB2-4CA7-89B9-B5788AB3AA1E}" = dir=in | name=f5 vpn |
"{E848B8C6-BADD-4144-BDCF-2FDB42704425}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{E9FA0E5D-3A23-4BCD-832B-8D2CB2FC4ABB}" = dir=out | name=windows_ie_ac_001 |
"{EA0A428A-24F3-48A6-A946-F876B07AD47F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EB5E60DB-0AD9-47A2-81CA-A3348F6A44C0}" = dir=out | name=sonicwall mobile connect |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EC7C7A7A-94C6-44D0-9217-4D3F95EB5B23}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EEEE17CA-6D28-47B8-A3FA-3FB82A65FCA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF5F1C63-5E7A-4202-916D-08EF57FDF6E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFF299D2-A6ED-4D7B-A650-2F51082E3E5B}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{F06C5CA0-808B-4E19-BC10-10430A57ACE9}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{F4A83D93-7633-4C71-91CB-EFA667592193}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F58C5ABC-8A3F-4169-9202-A51EC49F14E4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F60D3254-9E98-4AF8-B452-6F212B20FF5C}" = protocol=17 | dir=in | app=c:\users\【ユーザー名】\desktop\ゲーム\マイクラ\新\runtime\jre-x64\1.8.0_25\bin\javaw.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F8E1F72F-445B-41AB-8CA3-B83EF855DDCD}" = dir=in | name=check point vpn |
"{FB03393D-C6A9-4E01-A9FD-BC23DCA40EB2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB8B4622-2E5E-492C-8BA6-4D161593958F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF45F28A-5AAD-4CE0-A62B-42A3007985CD}" = protocol=6 | dir=in | app=c:\program files\logicool gaming software\lcore.exe |
"{FFF6013B-324B-4E68-9E8A-99C5BE2FA0FA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"TCP Query User{157FCF10-8482-4646-AC25-70F582747A02}C:\users\【ユーザー名】\appdata\roaming\copy\copyagent.exe" = protocol=6 | dir=in | app=c:\users\【ユーザー名】\appdata\roaming\copy\copyagent.exe |
"TCP Query User{1F316194-D68A-4031-B765-5D03B27CAD11}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{23334AC5-E569-4058-8357-FC6F70DD908D}C:\users\【ユーザー名】\desktop\ゲーム\ads\ygopro.exe" = protocol=6 | dir=in | app=c:\users\【ユーザー名】\desktop\ゲーム\ads\ygopro.exe |
"TCP Query User{2FAF89FD-3B5E-49B4-BCD0-14381239BDCA}C:\program files\java\jre8\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe |
"TCP Query User{31896E4B-6DC9-4E24-A697-C89B9A21EE43}C:\program files\java\jre1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\javaw.exe |
"TCP Query User{31926CA3-DC36-4453-BE5A-6EE525291AF4}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
"TCP Query User{4E378BA0-2026-4237-8B37-5090EB77BDAD}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"TCP Query User{62E33F2C-8882-4CDF-972C-3829828F9A2C}C:\users\【ユーザー名】\downloads\bouyomichan\bouyomichan.exe" = protocol=6 | dir=in | app=c:\users\【ユーザー名】\downloads\bouyomichan\bouyomichan.exe |
"TCP Query User{6AC44DA0-6403-4F40-BEEE-9C9E260DCE11}C:\users\【ユーザー名】\downloads\bouyomichan\bouyomichan.exe" = protocol=6 | dir=in | app=c:\users\【ユーザー名】\downloads\bouyomichan\bouyomichan.exe |
"TCP Query User{7E215FAB-ADE7-4A85-819A-0023CB4C3410}C:\program files\java\jre1.8.0_25\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\java.exe |
"TCP Query User{ABA4139F-3715-4133-87FA-C215128AA67A}C:\program files (x86)\sony\content manager assistant\cma.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\content manager assistant\cma.exe |
"TCP Query User{C5FBD9FA-31FC-472B-80F7-F692D94EF87D}C:\users\【ユーザー名】\desktop\ゲーム\マイクラ\新\runtime\jre-x64\1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\【ユーザー名】\desktop\ゲーム\マイクラ\新\runtime\jre-x64\1.8.0_25\bin\javaw.exe |
"TCP Query User{E5C0E656-BBD2-4C57-9819-D3EDCED2E695}C:\users\【ユーザー名】\desktop\portchk_ps3_jp\portchk.exe" = protocol=6 | dir=in | app=c:\users\【ユーザー名】\desktop\portchk_ps3_jp\portchk.exe |
"TCP Query User{E5F82D08-C910-4E1D-9557-641C035FFCAD}C:\program files (x86)\sony\content manager assistant\cma.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\content manager assistant\cma.exe |
"UDP Query User{01E5A442-38B3-4A7A-8EB9-89B3AA6B3AD4}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{0FE952FF-6356-4C3F-B22B-BBD9EA10D573}C:\users\【ユーザー名】\desktop\ゲーム\マイクラ\新\runtime\jre-x64\1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\【ユーザー名】\desktop\ゲーム\マイクラ\新\runtime\jre-x64\1.8.0_25\bin\javaw.exe |
"UDP Query User{15241858-EDDD-4DA6-AF3E-76EBECD5074F}C:\users\【ユーザー名】\desktop\portchk_ps3_jp\portchk.exe" = protocol=17 | dir=in | app=c:\users\【ユーザー名】\desktop\portchk_ps3_jp\portchk.exe |
"UDP Query User{1B8071E1-64EE-490D-9D7B-6CA5E654E262}C:\users\【ユーザー名】\downloads\bouyomichan\bouyomichan.exe" = protocol=17 | dir=in | app=c:\users\【ユーザー名】\downloads\bouyomichan\bouyomichan.exe |
"UDP Query User{2C141882-CBCE-4AC5-BF01-BDCD08AEAA05}C:\program files (x86)\sony\content manager assistant\cma.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\content manager assistant\cma.exe |
"UDP Query User{3245435D-623C-4FF9-8953-2E2C47F5F6C3}C:\users\【ユーザー名】\downloads\bouyomichan\bouyomichan.exe" = protocol=17 | dir=in | app=c:\users\【ユーザー名】\downloads\bouyomichan\bouyomichan.exe |
"UDP Query User{430501BD-089B-4586-9728-256ACE7C0872}C:\program files\java\jre1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\javaw.exe |
"UDP Query User{55F83AD3-E170-4042-BD27-D22AEBFFDB26}C:\program files (x86)\sony\content manager assistant\cma.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\content manager assistant\cma.exe |
"UDP Query User{77AD452C-7AA7-4CCD-ADB1-985705E57113}C:\program files\java\jre1.8.0_25\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\java.exe |
"UDP Query User{A9F18156-D634-4866-BF45-E21B038EDEB6}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{CEAC557C-7098-4A62-B193-D23A0DB591B0}C:\users\【ユーザー名】\appdata\roaming\copy\copyagent.exe" = protocol=17 | dir=in | app=c:\users\【ユーザー名】\appdata\roaming\copy\copyagent.exe |
"UDP Query User{E4612AD1-1C73-4A18-B4C3-FCD3231880A8}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
"UDP Query User{E8BBDB3A-5808-49FD-A9CB-50DC722B88C5}C:\program files\java\jre8\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre8\bin\javaw.exe |
"UDP Query User{FCB5F6C0-05F3-4D30-B608-FA8033705F37}C:\users\【ユーザー名】\desktop\ゲーム\ads\ygopro.exe" = protocol=17 | dir=in | app=c:\users\【ユーザー名】\desktop\ゲーム\ads\ygopro.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C1DE303-E41B-44BA-8ABA-B7F09D857001}" = Oracle VM VirtualBox 4.2.12
"{1B2C85A0-2B9E-4291-8B37-468D57503E98}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0938-000001000000}" = 7-Zip 9.38 (x64 edition)
"{309768A4-A2BB-4930-A5A2-8169678C9B4C}" = iCloud
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4DF9BC73-D405-4C3B-A0EA-1E390A8AFC73}" = Update for Japanese Microsoft IME Standard Dictionary
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0180050}" = Java SE Development Kit 8 Update 5 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0180250}" = Java SE Development Kit 8 Update 25 (64-bit)
"{657FFEDF-A596-491F-985C-7F2090B8FEBB}" = AMV4 Video Codec
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1" = Genymotion version 2.3.1
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C327061-E39D-4696-84A8-E84533ADDD7D}" = ActivePerl 5.16.3 Build 1603 (64-bit)
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{93F2A022-6C37-48B8-B241-FFABD9F60C30}" = iTunes
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = ウイルスバスター クラウド
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision ドライバー 347.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA コントロール パネル 347.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA グラフィックス ドライバー 347.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.2.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision コントローラー ドライバー 347.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX システム ソフトウェア 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD オーディオ ドライバー 1.3.33.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio" = NVIDIA Miracast 仮想オーディオ 347.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 17.12.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27
"{C4123106-B685-48E6-B9BD-E4F911841EB4}" = Apple Mobile Device Support
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D2837730-4960-3B35-8088-201387FD3BDB}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN
"{D7B824DE-DA32-4772-9E5E-39C5158136A7}" = Apple Application Support(64 ビット)
"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}" = Copy
"{F3F11FF1-4EF7-4012-A0D7-BC89442FCA4F}" = Update for Japanese Microsoft IME Trending Words Dictionary
"4144-4862-0472-7103" = WorldPainter 1.10.4
"CCleaner" = CCleaner
"Explzh" = Explzh for Windows (64bit)
"Logitech Gaming Software" = Logicool ゲームソフトウェア 8.55
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語
"ProfessionalRetail - ja-jp" = Microsoft Office Professional 2013 - ja-jp

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E87699-A49D-413A-B75B-7C434FEF979C}" = Update for Japanese Microsoft IME Standard Extended Dictionary
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}" = Google Drive
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15015752-9990-4516-A2B1-93823281FB8E}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{1A84AA7C-DA80-C508-99DA-979F9BC54E83}" = clockmascotalice
"{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}" = Minecraft
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{26A24AE4-039D-4CA4-87B4-2F83218060F0}" = Java 8 Update 60
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 2.5 SE
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = WDC-433SU2M ドライバー
"{2B4B4082-8043-4646-8334-B0A29E641211}" = Adobe Illustrator CC 2014
"{2BF8F5E5-4F82-4D24-B113-224FAC56F765}_is1" = CJIJ_Launcher(1.0.0.5)
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32C46540-7693-49E1-A81E-121B09C8303B}" = コンテンツ管理アシスタント for PlayStation(R)
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3C886FA8-C569-43F7-A035-C964FED22D66}" = Photo Common
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4F81D311-FA20-4AB1-AF18-28B428731AAD}" = Windows Live Essentials
"{5C2DAB97-43D6-4EAF-A1BA-75B2351E3BE1}" = デザインドール
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{68C25867-EB7B-42EA-B341-AC29056970A1}" = MGSPlayer
"{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype(TM) 7.8
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6EA74C3B-9A6E-45A5-9BD4-ABDC6B07A577}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793C2BF7-A4FE-4608-91C9-9282C5801C21}" = Adobe Photoshop CC 2015
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}" = Adobe Lightroom
"{82458834-6226-4A34-AE96-6907354F9F36}_is1" = FFsplit version 0.7
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink Medi@Show 6
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0411-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{970F982A-E889-486B-BB26-B8598280D924}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1041-7B44-AB0000000001}" = Adobe Reader XI (11.0.12) - Japanese
"{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}" = Apple Application Support(32 ビット)
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2A0CF90-E30C-4C0E-89CB-CB6891EC7EDE}" = 777タウン.net
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C238971D-5059-4B2F-B760-BB237AF4206A}" = Sentinel Protection Installer 7.6.7
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CAF46B72-12E2-4FE7-A348-45999E69E1FE}" = フォト ギャラリー
"{D6F091D6-EB70-4BB0-84E2-2EF6F192CCD1}" = Driver_DC1150_v1.1.0.89_64bit
"{DB4D628B-A803-402A-9CC5-13C617EA4BB2}" = チルトシフトスタジオ
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode バージョン 3.1.7.4
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D1594B-8077-42C9-8541-B8438F52F283}" = Niconico Live Encoder
"{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}" = Update for Japanese Microsoft IME Standard Dictionary
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1" = MCSkin3D バージョン 1.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 18 PPAPI
"AmvVideoCodec" = AmvVideoCodec
"Android SDK Tools" = Android SDK Tools
"EveryonePiano_is1" = EveryonePiano 1.7
"giam209" = giam209
"Google Chrome" = Google Chrome
"http://pso2.jp/appid/release_is1" = PHANTASY STAR ONLINE 2
"Inkscape" = Inkscape 0.48.4
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"IObitUninstall" = IObit Uninstaller
"JAFBIOOGICOHICOKJAFGINKFJALGIKIIIBJFICKIJFMKICOKIJLHJAPCJHLHINHDIDFKIDGCIDGH" = 寝取られ新婚生活&お別れ温泉旅行セット
"Lhaca" = +Lhaca
"LightWave_2015.2J" = LightWave 2015.2 64bit 日本語版
"LilyCalendar_is1" = LilyCalendar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 40.0.3 (x86 ja)" = Mozilla Firefox 40.0.3 (x86 ja)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"net.soukyu.clockmascotalice" = clockmascotalice
"NifSkope" = NifSkope (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 31.0.1889.174" = Opera Stable 31.0.1889.174
"PhotoScape" = PhotoScape
"PictBear Second Edition_is1" = PictBear Version 2.04
"Pmang" = Pmangインストールマネージャー
"Pmang_BlackDesert_live" = Black Desert
"Pmang_common" = Common
"Rainlendar2" = Rainlendar2 (remove only)
"Rainmeter" = Rainmeter
"RCKP317" = リサイズ超簡単!Pro v3.17
"SoundEngine Free" = SoundEngine Free
"ST6UNST #1" = Deck Builder for Duel Masters
"ST6UNST #2" = 野田工房ランタイムVer.1.2.1のインストール
"Steam" = Steam
"Steam App 202480" = Creation Kit
"Steam App 550" = Left 4 Dead 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TechFun-Eclipse" = TechFun-Eclipse
"Tera Term_is1" = Tera Term 4.85
"TeraPad" = TeraPad
"UN900119" = BUFFALO クライアントマネージャV
"UN900119_is1" = BUFFALO クライアントマネージャV をアンインストール
"Unity" = Unity
"VideoPad" = VideoPad 動画編集ソフト
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"Yahoo!Jツールバー" = Yahoo!ツールバー
"カスタムメイド3D 2 Edit体験版" = カスタムメイド3D 2 Edit体験版
"やります!アンコちゃん" = やります!アンコちゃん 2.2.0.6
"抽選王_is1" = 抽選王

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1986508758-1585181776-1248126739-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"CopyTrans Suite" = CopyTrans Suite削除専用
"DesktopCal" = デスクトップカレンダー 2.2.1.3583
"hao123desk-jp" = 日本hao123ショートカット
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2015/09/07 3:48:17 | Computer Name = hiro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = 暗号化サービスで、システム ライター オブジェクトで OnIdentity() の呼び出しを処理中にエラーが発生しました。 Details:
AddLegacyDriverFiles:
Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System
Error: アクセスが拒否されました。 。

Error - 2015/09/07 11:47:19 | Computer Name = hiro | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 2015/09/07 11:47:20 | Computer Name = hiro | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 2015/09/07 13:20:48 | Computer Name = HIROAKI | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: jucheck.exe、バージョン: 2.8.60.27、タイム スタンプ: 0x55c116b1
障害が発生しているモジュール名:
jucheck.exe、バージョン: 2.8.60.27、タイム スタンプ: 0x55c116b1 例外コード: 0x40000015 障害オフセット: 0x00052d24
障害が発生しているプロセス
ID: 0xaa8 障害が発生しているアプリケーションの開始時刻: 0x01d0e9918299a0f3 障害が発生しているアプリケーション パス: C:\Program
Files (x86)\Common Files\Java\Java Update\jucheck.exe 障害が発生しているモジュール パス: C:\Program
Files (x86)\Common Files\Java\Java Update\jucheck.exe レポート ID: c775dcde-5584-11e5-bf36-902b34dcc202
障害が発生しているパッケージの完全な名前:
障害が発生しているパッケージに関連するアプリケーション ID:

Error - 2015/09/07 13:47:48 | Computer Name = HIROAKI | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 2015/09/07 13:47:49 | Computer Name = HIROAKI | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 2015/09/07 13:51:33 | Computer Name = HIROAKI | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: plugin-container.exe、バージョン: 40.0.3.5716、タイム スタンプ:
0x55ddb213 障害が発生しているモジュール名: mozglue.dll、バージョン: 40.0.3.5716、タイム スタンプ: 0x55dda062 例外コード:
0x80000003 障害オフセット: 0x0000e250 障害が発生しているプロセス ID: 0x1348 障害が発生しているアプリケーションの開始時刻: 0x01d0e995a58231df
障害が発生しているアプリケーション
パス: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 障害が発生しているモジュール パス:
C:\Program Files (x86)\Mozilla Firefox\mozglue.dll レポート ID: 12fe18a2-5589-11e5-bf36-902b34dcc202
障害が発生しているパッケージの完全な名前:
障害が発生しているパッケージに関連するアプリケーション ID:

Error - 2015/09/07 14:04:16 | Computer Name = HIROAKI | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 2015/09/07 14:04:16 | Computer Name = HIROAKI | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 2015/09/08 0:55:19 | Computer Name = HIROAKI | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = 暗号化サービスで、システム ライター オブジェクトで OnIdentity() の呼び出しを処理中にエラーが発生しました。 Details:
AddLegacyDriverFiles:
Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System
Error: アクセスが拒否されました。 。

[ OAlerts Events ]
Error - 2014/11/23 14:09:32 | Computer Name = hiro | Source = Microsoft Office 15 Alerts | ID = 300
Description = 新しい Office 用アプリ このアプリは Office ストアから入手したアプリです。信頼すると、このアプリが含まれたすべてのドキュメントの内容にこのアプリがアクセスできるようになります。詳細情報を表示します。
P1:
Apps for Office P2: 15.0.4665.1000 P3: 0x80042FAC P4:

[ System Events ]
Error - 2015/09/08 4:03:34 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: Microsoft.WindowsReadingList。

Error - 2015/09/08 4:03:34 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: Microsoft.Office.OneNote。

Error - 2015/09/08 7:30:59 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: Microsoft.Office.OneNote。

Error - 2015/09/08 7:30:59 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: 52139MasaakiKawata.Apricot。

Error - 2015/09/08 7:31:06 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: Microsoft.WindowsReadingList。

Error - 2015/09/08 7:31:06 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: Microsoft.Office.OneNote。

Error - 2015/09/08 7:49:22 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: Microsoft.Office.OneNote。

Error - 2015/09/08 7:49:22 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: 52139MasaakiKawata.Apricot。

Error - 2015/09/08 7:49:34 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: Microsoft.WindowsReadingList。

Error - 2015/09/08 7:49:34 | Computer Name = HIROAKI | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = インストールの失敗: エラー 0x80070002 で次の更新プログラムのインストールに失敗しました: Microsoft.Office.OneNote。


< End of report >
  • キツツキ
  • 2015/09/08 (Tue) 21:11:25
返信フォームへ 
Tempにおかしなものが多数食い込んでます
作業と報告、ご苦労様です。
OTLのスキャンログを見せていただきました。

Tempにかなりおかしなものが食い込んでるようですね。
これを含めて処置しましょうか。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

まずセーフモード状態でCドライブの下記フォルダを目視で開いてください。
C:\Users\【ユーザー名】\AppData\Local\Temp

そこでキーボードの「Ctrl」と「A」キーを同時押しです。
するとフォルダ内の全ファイルが選択されるので、そこで「Delete」キーを押して対象ファイルを削除です。
この時削除できないファイルがあればそれはスキップしていいです。

続いてセーフモード状態のままOTL起動してください。
起動したら、先に準備したはずのスクリプトを使ってOTLで処置します。

OTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。
ただし、【ユーザー名】の箇所は事前に本来のユーザー名に書き換えてから作業してください。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
MOD - [2015/09/08 02:54:04 | 001,176,576 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._core_.pyd
MOD - [2015/09/08 02:54:04 | 001,067,008 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._controls_.pyd
MOD - [2015/09/08 02:54:04 | 000,816,128 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._windows_.pyd
MOD - [2015/09/08 02:54:04 | 000,806,400 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._gdi_.pyd
MOD - [2015/09/08 02:54:04 | 000,733,184 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._misc_.pyd
MOD - [2015/09/08 02:54:04 | 000,686,080 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\unicodedata.pyd
MOD - [2015/09/08 02:54:04 | 000,682,496 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\pysqlite2._sqlite.pyd
MOD - [2015/09/08 02:54:04 | 000,525,640 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\windows._lib_cacheinvalidation.pyd
MOD - [2015/09/08 02:54:04 | 000,364,544 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\pythoncom27.dll
MOD - [2015/09/08 02:54:04 | 000,320,512 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32com.shell.shell.pyd
MOD - [2015/09/08 02:54:04 | 000,167,936 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32gui.pyd
MOD - [2015/09/08 02:54:04 | 000,127,488 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\pyexpat.pyd
MOD - [2015/09/08 02:54:04 | 000,123,392 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._wizard.pyd
MOD - [2015/09/08 02:54:04 | 000,119,808 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32file.pyd
MOD - [2015/09/08 02:54:04 | 000,108,544 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32security.pyd
MOD - [2015/09/08 02:54:04 | 000,098,816 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32api.pyd
MOD - [2015/09/08 02:54:04 | 000,078,848 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._animate.pyd
MOD - [2015/09/08 02:54:04 | 000,077,312 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\wx._html2.pyd
MOD - [2015/09/08 02:54:04 | 000,068,096 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\usb_ext.pyd
MOD - [2015/09/08 02:54:04 | 000,038,912 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32inet.pyd
MOD - [2015/09/08 02:54:04 | 000,035,840 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32process.pyd
MOD - [2015/09/08 02:54:04 | 000,025,600 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32pdh.pyd
MOD - [2015/09/08 02:54:04 | 000,024,064 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32pipe.pyd
MOD - [2015/09/08 02:54:04 | 000,022,528 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32ts.pyd
MOD - [2015/09/08 02:54:04 | 000,018,432 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32event.pyd
MOD - [2015/09/08 02:54:04 | 000,017,408 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32profile.pyd
MOD - [2015/09/08 02:54:04 | 000,011,264 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\win32crypt.pyd
MOD - [2015/09/08 02:54:04 | 000,010,240 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\select.pyd
MOD - [2015/09/08 02:54:03 | 001,161,216 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_ssl.pyd
MOD - [2015/09/08 02:54:03 | 000,713,216 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_hashlib.pyd
MOD - [2015/09/08 02:54:03 | 000,128,512 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_elementtree.pyd
MOD - [2015/09/08 02:54:03 | 000,110,080 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\pywintypes27.dll
MOD - [2015/09/08 02:54:03 | 000,087,552 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_ctypes.pyd
MOD - [2015/09/08 02:54:03 | 000,045,568 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_socket.pyd
MOD - [2015/09/08 02:54:03 | 000,036,864 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_psutil_windows.pyd
MOD - [2015/09/08 02:54:03 | 000,027,136 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_multiprocessing.pyd
MOD - [2015/09/08 02:54:03 | 000,020,480 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\_yappi.pyd
MOD - [2015/09/08 02:54:03 | 000,013,824 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\common.time34.pyd
MOD - [2015/09/08 02:54:03 | 000,007,168 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042\hashobjs_ext.pyd
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {818E0927-F026-4031-A592-4FEABD11A97E}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MANMJS
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\..\SearchScopes,DefaultScope = {818E0927-F026-4031-A592-4FEABD11A97E}
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\..\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MANMJS
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [Copy] C:\Users\【ユーザー名】\AppData\Roaming\Copy\CopyAgent.exe (Barracuda Networks, Inc.)

:Files
C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [Copy] C:\Users\【ユーザー名】\AppData\Roaming\Copy\CopyAgent.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
  • 悪代官
  • 2015/09/09 (Wed) 06:48:48
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{818E0927-F026-4031-A592-4FEABD11A97E}\ not found.
HKEY_USERS\S-1-5-21-1986508758-1585181776-1248126739-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1986508758-1585181776-1248126739-1001\Software\Microsoft\Internet Explorer\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{818E0927-F026-4031-A592-4FEABD11A97E}\ not found.
File C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data DEFAULT\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0 not found.
File C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data DEFAULT\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1 not found.
Registry value HKEY_USERS\S-1-5-21-1986508758-1585181776-1248126739-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Copy deleted successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Copy\CopyAgent.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data DEFAULT\Extensions\lccekmodgklaepjeofjdjpbminllajkg not found.
File\Folder CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh not found.
File\Folder O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [Copy] C:\Users\【ユーザー名】\AppData\Roaming\Copy\CopyAgent.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: 【ユーザー名】
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 30184202 bytes
->Java cache emptied: 1239322 bytes
->FireFox cache emptied: 16016142 bytes
->Google Chrome cache emptied: 250488698 bytes
->Flash cache emptied: 58569 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16925833 bytes
RecycleBin emptied: 399515562 bytes

Total Files Cleaned = 681.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 09092015_113047

Files\Folders moved on Reboot...
C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • キツツキ
  • 2015/09/09 (Wed) 20:22:21
返信フォームへ 
Re: DNS Unlockerに感染
PCの状態は、広告が出なくなりました。

始めに、スクリプトをメモ帳に貼り付け保存。その後、ワードを使い「【ユーザー名】」の部分を編集。編集したものを再びメモ帳に貼り付け保存。

その後、PCをセーフモードで再起動、C:\Users\【ユーザー名】\AppData\Local\Tempを目視で開き、Temp内のフォルダをすべて消去(消えない物はありませんでした。)

セーフモードのままOTLを起動。予め用意していただいたスクリプトを張り付け、「Run fix」をクリック。

その後、OTL側から再起動を命令されたので実行。

再起動後、ログを保存しました。
  • キツツキ
  • 2015/09/09 (Wed) 20:34:38
返信フォームへ 
問題フォルダの再確認後、各ログも見直します
作業と報告、ご苦労様です。

>PCの状態は、広告が出なくなりました

はいログも見せてもらいましたが、OTLで処置できるものはできたようですね。
しかしTempに潜り込む事例がやたら増えてますね。
一応目視で下記のフォルダの有無を見ておいてください。
C:\Users\【ユーザー名】\AppData\Local\Temp\_MEI64042

もしこれがまだ残っていたら、再度手動で削除してみてください。
既になくなっていればスルーでいいですが、もし見つかったのに削除できないときは無理に削除しなくていいので、次回レスでそれを教えてください。

上記フォルダと異常が消えていれば全体の再確認です。
またCCで各タブのログとインストール情報とHJTログを取り直して、それらをまた見せてください
  • 悪代官
  • 2015/09/09 (Wed) 21:05:26
返信フォームへ 
Re: DNS Unlockerに感染
今のところ異常無しです。

_MEI64042というフォルダはありませんでした。

ただ、_MEI62122というフォルダがあります。これは、大丈夫なのでしょうか?

  • キツツキ
  • 2015/09/09 (Wed) 21:27:01
返信フォームへ 
Re: DNS Unlockerに感染
取りあえず、ログです。

HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:22:32, on 2015/09/09
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.3 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\FolderSize\FolderSize.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\【ユーザー名】\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo!ツールバーフィッシング警告 - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - BHO: Yahoo!ツールバーヘルパー - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
O3 - Toolbar: Trend ツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Folder Size] C:\Program Files (x86)\FolderSize\FolderSize.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: LilyCalendar.lnk = C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: コンテンツ管理アシスタント for PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: CyberLink Product - 2013/02/22 15:02:51 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: CypherGuard cguard Service 32bit Edition - CypherTec Inc. - C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe
O23 - Service: CypherGuard cguard Service 64bit Edition - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe
O23 - Service: CypherGuard Info Service - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cthwsrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: インテル(R) ラピッド・ストレージ・テクノロジー (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\elecom\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\elecom\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15061 bytes
  • キツツキ
  • 2015/09/09 (Wed) 21:27:52
返信フォームへ 
Re: DNS Unlockerに感染
CC(インストール)

+Lhaca 2014/12/01
7-Zip 9.20 2014/12/01
7-Zip 9.38 (x64 edition) Igor Pavlov 2015/05/20 4.66 MB 9.38.00.0
777タウン.net Sammy NetWorks Co.,Ltd. 2013/12/29 3.0.0.65
ActivePerl 5.16.3 Build 1603 (64-bit) ActiveState 2013/10/18 83.3 MB 5.16.1603
Adobe AIR Adobe Systems Incorporated 2014/12/01 15.0.0.356
Adobe Creative Cloud Adobe Systems Incorporated 2015/08/07 287 MB 3.2.0.129
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 2015/08/13 8.85 MB 18.0.0.232
Adobe Flash Player 18 PPAPI Adobe Systems Incorporated 2015/08/13 18.3 MB 18.0.0.232
Adobe Illustrator CC 2014 Adobe Systems Incorporated 2015/01/16 907 MB 18.1.1
Adobe Lightroom Adobe Systems Incorporated 2015/08/08 1.42 GB 6.1.1
Adobe Photoshop CC 2015 Adobe Systems Incorporated 2015/08/07 1.90 GB 16.0.1
Adobe Reader XI (11.0.12) - Japanese Adobe Systems Incorporated 2015/09/07 247 MB 11.0.12
Amazon Kindle Amazon 2015/06/24
AMV4 Video Codec amaman 2015/02/21 3.73 MB 4.02
AmvVideoCodec 2014/12/01
Android SDK Tools Google Inc. 2014/12/01 1.16
Apple Application Support(32 ビット) Apple Inc. 2015/04/29 94.2 MB 3.1.3
Apple Application Support(64 ビット) Apple Inc. 2015/04/29 109 MB 3.1.3
Apple Mobile Device Support Apple Inc. 2015/04/29 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 2013/10/09 2.38 MB 2.1.3.127
Black Desert GameOn 2015/05/17 6
Bonjour Apple Inc. 2013/10/09 2.00 MB 3.0.0.10
BUFFALO クライアントマネージャV をアンインストール BUFFALO INC. 2014/07/19 10.2 MB 1.5.0
CCleaner Piriform 2014/12/01 4.15
CJIJ_Launcher(1.0.0.5) CJ Internet Japan, Inc. 2013/11/13 2.03 MB
clockmascotalice UNKNOWN 2014/12/01 1.0
Common GameOn 2015/05/16 13062208
Copy Barracuda Networks, Inc. 2014/11/08 97.5 MB 1.47.410.0
CopyTrans Suite削除専用 WindSolutions 2015/01/21 2.37
Creation Kit bgs.bethsoft.com 2014/12/01
CyberLink Media Suite 10 CyberLink Corp. 2014/12/01 1.05 GB 10.0
CyberLink PowerProducer 5.5 CyberLink Corp. 2013/02/22 168 MB 5.5.3.4118
Deck Builder for Duel Masters 2014/12/01
DMM電子書籍ビューア x64 Edition 2014/05/28
Driver_DC1150_v1.1.0.89_64bit 会社名 2013/11/06 1.79 MB 1.1.0.89
EveryonePiano 1.7 EveryonePiano.com 2015/05/13 1.7.1.12
Explzh for Windows (64bit) pon software 2015/01/15 7.2.4.0
FFsplit version 0.7 FFsplit Team 2015/05/20 12.2 MB 0.7
Folder Size Brio 2015/05/16 426 KB 2.6
Genymotion version 2.3.1 Genymobile 2014/12/03 187 MB 2.3.1
giam209 2014/12/01
Google Chrome Google Inc. 2015/09/05 45.0.2454.85
Google Drive Google, Inc. 2015/08/17 34.1 MB 1.24.9931.5480
honestech VHS to DVD 2.5 SE honestech 2013/12/04 2.5
iCloud Apple Inc. 2015/04/29 89.5 MB 4.0.6.28
Inkscape 0.48.4 2014/12/01 0.48.4
Intel(R) Rapid Storage Technology Intel Corporation 2013/10/06 11.7.0.1013
IObit Uninstaller IObit 2015/06/24 4.3.0.118
iTunes Apple Inc. 2015/04/29 233 MB 12.1.2.27
Java 8 Update 60 Oracle Corporation 2015/09/07 20.6 MB 8.0.600.27
Java SE Development Kit 8 Update 25 (64-bit) Oracle Corporation 2014/11/22 311 MB 8.0.250.18
Java SE Development Kit 8 Update 5 (64-bit) Oracle Corporation 2014/04/26 248 MB 8.0.50
Left 4 Dead 2 Valve 2014/12/01
LightWave 2015.2 64bit 日本語版 D-STORM, Inc. 2015/08/07 2015.2
LilyCalendar SakuraApps 2015/07/11 8.37 MB
Logicool ゲームソフトウェア 8.55 Logicool 2014/12/01 85.3 MB 8.55.137
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2015/09/07 19.3 MB 1.75.0.1300
MCSkin3D バージョン 1.3 Altered Softworks & MCSkin3D Development Team 2015/03/13 6.04 MB 1.3
MGSPlayer Media Global Stage Co.Ltd. 2014/04/19 3.07 MB 1.2.2
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2015/03/16 2.93 MB 4.0.40804.0
Microsoft Office Professional 2013 - ja-jp Microsoft Corporation 2015/08/23 15.0.4745.1002
Microsoft OneDrive Microsoft Corporation 2015/08/20 36.1 MB 17.3.5930.0814
Microsoft Silverlight Microsoft Corporation 2015/08/13 199 MB 5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/02/22 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/02/22 4.84 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 2014/12/03 7.51 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2014/03/09 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2014/03/09 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2013/02/22 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2013/12/01 8.05 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2013/10/07 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2015/02/13 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/04/22 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/04/22 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/04/22 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2015/08/07 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2015/08/07 17.1 MB 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2015/02/13 10.0.50903
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 2015/02/13 10.0.50903
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 2014/04/10 9.44 MB 4.0.20823.0
Minecraft Mojang 2015/05/11 1.22 MB 1.0.3.0
Mozilla Firefox 40.0.3 (x86 ja) Mozilla 2015/09/02 85.0 MB 40.0.3
Mozilla Maintenance Service Mozilla 2015/09/02 379 KB 40.0.3.5716
Niconico Live Encoder niwango, inc. 2014/12/25 2.0.4
NifSkope (remove only) 2014/12/01
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/13 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/13 347.52
NVIDIA GeForce Experience 2.2.2 NVIDIA Corporation 2015/03/13 2.2.2
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/13 1.3.33.0
NVIDIA Miracast 仮想オーディオ 347.52 NVIDIA Corporation 2015/03/13 347.52
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2015/03/13 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/13 347.52
Opera Stable 31.0.1889.174 Opera Software 2015/08/19 31.0.1889.174
Oracle VM VirtualBox 4.2.12 Oracle Corporation 2014/12/03 134 MB 4.2.12
PHANTASY STAR ONLINE 2 SEGA 2013/12/06 7.51 MB
PhotoScape 2014/12/01
PictBear Version 2.04 Fenrir Inc. 2014/12/03 7.67 MB
Pmangインストールマネージャー GameOn,Pmang 2015/05/16 1.0.1.1
Rainlendar2 (remove only) 2015/07/11
Rainmeter 2015/07/12 3.2.1 r2386
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/12/01 6.0.1.6662
Sentinel Protection Installer 7.6.7 SafeNet, Inc. 2015/08/07 5.92 MB 7.6.7
Skype(TM) 7.8 Skype Technologies S.A. 2015/09/07 71.1 MB 7.8.102
SoundEngine Free Coderium 2013/11/02 5.1.0.5
Steam Valve Corporation 2014/12/01
TechFun-Eclipse Tech Fun corp. 2014/12/01 3.7.1
Tera Term 4.85 2014/12/17 11.0 MB
TeraPad 2014/12/01
The Elder Scrolls V: Skyrim Bethesda Game Studios 2014/12/01
Unity Unity Technologies ApS 2014/12/01
Unity Web Player Unity Technologies ApS 2014/12/01 12.0 MB
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/12/03 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2015/09/07 41.7 MB 16.0.1404.1
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2015/09/07 11.6 MB 15.0.2013
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2015/05/29 9.00 KB 16.0.1515.1
VideoPad 動画編集ソフト NCH Software 2014/12/01 3.38
VLC media player VideoLAN 2015/09/07 2.2.1
WDC-433SU2M ドライバー elecom 2014/08/03 1.5.28.0.4
Windows Live Essentials Microsoft Corporation 2013/02/22 16.4.3505.0912
WorldPainter 1.10.4 pepsoft.org 2015/01/29 1.10.4
XMedia Recode バージョン 3.1.7.4 XMedia Recode 2013/12/01 20.6 MB 3.1.7.4
Yahoo!ツールバー Yahoo! JAPAN. 2014/12/01 2.77 MB 7.3.0.18
やります!アンコちゃん 2.2.0.6 居酒屋「めがね」 2015/08/12 2.2.0.6
ウイルスバスター クラウド トレンドマイクロ株式会社 2014/10/11 450 MB 7.0
カスタムメイド3D 2 Edit体験版 KISS 2015/08/02 1.03 GB
コンテンツ管理アシスタント for PlayStation(R) Sony Computer Entertainment Inc. 2013/12/01 6.33 MB 3.00.7187.47
チルトシフトスタジオ GRAFFICIA 2013/10/23 19.4 MB 1.10.0
デザインドール Terawell 2014/04/10 42.2 MB 5.6
デスクトップカレンダー 2.2.1.3583 DesktopCal, Inc. 2015/07/11 2.2.1.3583
リサイズ超簡単!Pro v3.17 2014/12/01
寝取られ新婚生活&お別れ温泉旅行セット 2015/07/11
抽選王 古川 明人 2014/06/08 4.87 MB 0.61.1
日本hao123ショートカット hao123 2015/08/19 1.0.0.1111
野田工房ランタイムVer.1.2.1のインストール 2014/12/01
  • キツツキ
  • 2015/09/09 (Wed) 21:28:55
返信フォームへ 
Re: DNS Unlockerに感染
CC(Windows)

有効 HKCU:Run ApplePhotoStreams Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
有効 HKCU:Run Folder Size Brio C:\Program Files (x86)\FolderSize\FolderSize.exe
有効 HKCU:Run GoogleDriveSync Google "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
有効 HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
有効 HKCU:Run OneDrive Microsoft Corporation "C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
無効 HKCU:Run Rainlendar2 Rainy C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
有効 HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
有効 HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
有効 HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run IAStorIcon Intel Corporation C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run Launch LCore Logitech Inc. C:\Program Files\Logicool Gaming Software\LCore.exe /minimized
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
有効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
有効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
無効 Startup Common LilyCalendar.lnk sakura apps C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
有効 Startup Common クライアントマネージャV.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup Common コンテンツ管理アシスタント for PlayStation(R).lnk Sony Computer Entertainment Inc. C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
無効 Startup User Rainmeter.lnk Open Source Developer, Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe
  • キツツキ
  • 2015/09/09 (Wed) 21:30:30
返信フォームへ 
Re: DNS Unlockerに感染
CC(IE)

無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
有効 Extension Skype for Business Click to Call Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
無効 Helper Microsoft SkyDrive Pro Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
有効 Helper Skype for Business Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll
無効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
無効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
無効 Helper Yahoo!ツールバーフィッシング警告 Yahoo Japan Corporation. C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
無効 Helper Yahoo!ツールバーヘルパー Yahoo! JAPAN C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
無効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
無効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
無効 Toolbar Yahoo!ツールバー Yahoo! JAPAN C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
  • キツツキ
  • 2015/09/09 (Wed) 21:31:24
返信フォームへ 
Re: DNS Unlockerに感染
CC(FireFox)

無効 Extension Trend Micro Osprey Firefox Extension 1.6.0.1102 Trend Micro default Firefox 40.0.3 C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 7.0.0.1243 Trend Micro default Firefox 40.0.3 C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
有効 Plugin Adobe Acrobat 11.0.12.18 Adobe Systems Inc. default Firefox 40.0.3 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin AdobeAAMDetect 3.0.0.0 Adobe Systems default Firefox 40.0.3 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
有効 Plugin CJIJ Launcher plugin 1.0.0.5 1.0.0.5 CJ Internet Japan default Firefox 40.0.3 C:\Program Files (x86)\CJIJ\npCJIJLauncher.dll
有効 Plugin Google Update 1.3.28.13 Google Inc. default Firefox 40.0.3 C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default Firefox 40.0.3 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Java Deployment Toolkit 8.0.600.27 11.60.2.27 Oracle Corporation default Firefox 40.0.3 C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll
有効 Plugin Java(TM) Platform SE 8 U60 11.60.2.27 Oracle Corporation default Firefox 40.0.3 C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll
有効 Plugin Microsoft Office 2013 15.0.4514.1000 Microsoft Corporation default Firefox 40.0.3 C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
有効 Plugin NVIDIA 3D Vision 7.17.13.4752 NVIDIA Corporation default Firefox 40.0.3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
有効 Plugin NVIDIA 3D VISION 7.17.13.4752 NVIDIA Corporation default Firefox 40.0.3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
有効 Plugin Photo Gallery 16.4.3505.912 Microsoft Corporation default Firefox 40.0.3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin pmangdiagnostic 1.0.0.1 gameon default Firefox 40.0.3 C:\GameOn\Common files\nppmangdiagnostic.dll
有効 Plugin pmangsupport 1.0.0.1 gameon default Firefox 40.0.3 C:\GameOn\Common files\nppmangsupport.dll
有効 Plugin Shockwave Flash 18.0.0.232 Adobe Systems Incorporated default Firefox 40.0.3 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
有効 Plugin Silverlight Plug-In 5.1.40728.0 Microsoft Corporation default Firefox 40.0.3 c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
有効 Plugin Unity Player 4.3.5.32006 Unity Technologies ApS default Firefox 40.0.3 C:\Users\【ユーザー名】\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
有効 Plugin VLC Web Plugin 2.2.1.0 VideoLAN default Firefox 40.0.3 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
  • キツツキ
  • 2015/09/09 (Wed) 21:32:36
返信フォームへ 
Re: DNS Unlockerに感染
CC(コンテキスト)

有効 Directory 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 Directory GDContextMenu Google C:\Program Files (x86)\Google\Drive\contextmenu64.dll
有効 Directory IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Directory ShExplzh pon software C:\WINDOWS\SysWOW64\ShExplzh.dll
有効 Directory ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Directory VLCメディアプレイヤーで再生 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 Directory 書庫内検索(I)... pon software C:\Program Files\Explzh\Explzh.exe /f %1
有効 Drive ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Drive 書庫内検索(I)... pon software C:\Program Files\Explzh\Explzh.exe /f %1
有効 File 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 File AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 File CopyShExt Barracuda Networks, Inc. C:\Users\【ユーザー名】\AppData\Roaming\Copy\overlay\CopyShExt.dll
有効 File GDContextMenu Google C:\Program Files (x86)\Google\Drive\contextmenu64.dll
有効 File IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 File MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
有効 File ShExplzh pon software C:\WINDOWS\SysWOW64\ShExplzh.dll
有効 File ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 Folder AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 Folder CopyShExt Barracuda Networks, Inc. C:\Users\【ユーザー名】\AppData\Roaming\Copy\overlay\CopyShExt.dll
有効 Folder IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Folder MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 Folder ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll
  • キツツキ
  • 2015/09/09 (Wed) 21:33:36
返信フォームへ 
Re: DNS Unlockerに感染
CC(スケジュール)

有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -check pepperplugin
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task AdobeAAMUpdater-1.0-hiro-【ユーザー名】 Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
有効 Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Microsoft OneDrive Auto Update Task-S-1-5-21-1986508758-1585181776-1248126739-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDrive.exe
有効 Task Opera scheduled Autoupdate 1423651649 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate
無効 Task Optimize Start Menu Cache Files-S-1-5-21-1986508758-1585181776-1248126739-1001
有効 Task Titanium BTC Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe -btc
有効 Task Uninstaller_SkipUac_【ユーザー名】 IObit C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
有効 Task {3015A55F-6F87-4C55-946D-7BCB23334334} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\【ユーザー名】\Downloads\ShukuSen150.exe -d C:\Users\【ユーザー名】\Downloads
有効 Task {7DE26901-5AA7-426A-A4FE-27F9B3F2ECDB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\【ユーザー名】\Downloads\forge-1.7.10-10.13.1.1222-installer-win.exe -d C:\Users\【ユーザー名】\Downloads
有効 Task {9A763C48-1541-4E08-A714-ED2C87D21793} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.9.0.106/ja/abandoninstall?source=lightinstaller&page=tsInstall
  • キツツキ
  • 2015/09/09 (Wed) 21:34:41
返信フォームへ 
フォルダの日時も教えてください
作業と報告、ご苦労様です。
各ログを見せていただきました。

>_MEI64042というフォルダはありませんでした。

>ただ、_MEI62122というフォルダがあります。

はい、ではそのフォルダを右クリックして「プロパティ」から「作成日時」と「更新日時」を見て、それを次回レスで教えてください。

下記が現在最新になってないので、使うなら更新するか、使わないならアンインストールしてください。
>Skype(TM) 7.8 Skype Technologies S.A. 2015/09/07 71.1 MB 7.8.102

それと下記もアンインストール推奨です。
>日本hao123ショートカット hao123 2015/08/19 1.0.0.1111

削除したくてもできないときはそれも教えてください。

上記の確認できたら、その結果と内容の報告をレスください
  • 悪代官
  • 2015/09/10 (Thu) 07:46:23
返信フォームへ 
Re: DNS Unlockerに感染
_MEI62122というフォルダも現在では消えていて、今あるのは_MEI138882というフォルダです。

このフォルダの作成日時は「‎2015‎年‎9‎月‎10‎日、‏‎9:49:59」で更新日時は「‎2015‎年‎9‎月‎10‎日、‏‎9:50」です。
(Temp内のキャプチャ画像貼っときます。)


 >下記が現在最新になってないので、使うなら更新するか、使わないならアンインストールしてください。
  >Skype(TM) 7.8 Skype Technologies S.A. 2015/09/07 71.1 MB 7.8.102

との事だったのですが、確認したら最新verでした。CCの方には「7.8.102」とあるのですが、Skype本体には「7.8.64.102」と書いてあり、アップデートの確認を押しても「ご利用のSkypeは最新版です」と出ます。

アンインストール推薦されていた物は、アンインストールしました。
  • キツツキ
  • 2015/09/10 (Thu) 10:11:01
返信フォームへ 
Re: DNS Unlockerに感染
画像です。
  • キツツキ
  • 2015/09/10 (Thu) 10:11:54
返信フォームへ 
OTLで再スキャンを
また遅くなってごめんなさい。
画像も見せていただきました。
どうやらまだ片付いてはいないようですね。
Tempに新たなフォルダを作られるところを見ても何か残っているようです。

ではまた以下の確認と作業をお願いします。

まずSkypeですが、これのは最新版の7.10が出たようなので、再度更新を再試行してみてください。
一度GUでアンインストールしてからディスククリーンアップのあと、最新版を入れなおしてみてください。

haoは削除できたとのことなのでいいでしょう。

お手数ですが、先の要領でまたOTLを使って「Run scan」してください。
下記をOTL画面にコピペで貼り付けてから作業です。
スキャンできたらそのログをまたレスください

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT
  • 悪代官
  • 2015/09/10 (Thu) 21:07:38
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

OTL logfile created on: 2015/09/10 22:56:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\【ユーザー名】\Downloads
64bit- Professional (Version = 6.3.9600) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18036)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.92 Gb Total Physical Memory | 15.02 Gb Available Physical Memory | 94.33% Memory free
19.01 Gb Paging File | 18.18 Gb Available in Paging File | 95.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.00 Gb Total Space | 3.18 Gb Free Space | 1.43% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 4.79 Gb Free Space | 64.74% Space Free | Partition Type: FAT32

Computer Name: HIROAKI | User Name: 【ユーザー名】 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/09/08 20:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\【ユーザー名】\Downloads\OTL.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:[b]64bit:[/b] - [2015/07/22 22:52:08 | 001,633,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/07/14 03:32:44 | 002,765,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,366,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2015/05/31 04:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2015/05/12 22:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2015/05/08 00:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2015/02/21 08:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 021,833,360 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:[b]64bit:[/b] - [2014/12/01 00:21:23 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/29 13:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:[b]64bit:[/b] - [2014/10/29 12:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/10/29 12:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/10/29 11:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/10/29 11:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2014/10/29 11:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/10/29 10:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/10/29 10:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2014/10/29 09:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/10/29 09:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2011/11/29 19:48:06 | 000,131,000 | ---- | M] (CypherTec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\CypherTec\cthwsrv64.exe -- (CypherGuard Info Service)
SRV:[b]64bit:[/b] - [2011/11/29 19:26:28 | 000,127,416 | ---- | M] (CypherTec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe -- (CypherGuard cguard Service 64bit Edition)
SRV - [2015/09/02 04:08:44 | 000,149,160 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/08/20 05:39:00 | 000,838,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/08/13 02:53:11 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/07/31 03:18:57 | 002,909,472 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/07/22 15:33:12 | 000,680,112 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2015/07/09 13:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/05/08 00:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2015/02/06 06:01:44 | 001,706,128 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/02/06 02:57:45 | 000,410,952 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/10/29 12:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/29 10:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/29 10:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/04/08 07:06:08 | 001,259,808 | ---- | M] (SafeNet, Inc) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2014/04/08 01:03:04 | 000,383,264 | ---- | M] (SafeNet, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2014/04/07 13:38:00 | 000,139,104 | ---- | M] (BUFFALO INC.) [Auto | Stopped] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2013/11/07 07:12:11 | 005,204,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/07/11 17:06:40 | 000,452,912 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Program Files (x86)\elecom\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2013/07/11 17:05:40 | 001,863,680 | ---- | M] (Ralink) [Auto | Stopped] -- C:\Program Files (x86)\elecom\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2013/02/13 00:36:46 | 000,114,688 | ---- | M] (Brio) [Auto | Stopped] -- C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2013/01/09 01:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2012/11/19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/05/09 16:03:26 | 000,242,664 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/11/29 19:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe -- (CypherGuard cguard Service 32bit Edition)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/09/05 03:07:16 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:[b]64bit:[/b] - [2015/07/07 18:40:12 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2015/07/07 18:40:05 | 000,270,168 | ---- | M] (Microsoft Corporation) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2015/07/07 18:40:05 | 000,114,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2015/04/16 15:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2015/03/30 15:28:52 | 000,044,296 | -H-- | M] (LogMeIn Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Hamdrv.sys -- (Hamachi)
DRV:[b]64bit:[/b] - [2015/03/20 10:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2015/03/18 02:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2015/03/13 13:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2015/03/09 11:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2015/03/09 11:02:45 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2015/03/04 19:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:[b]64bit:[/b] - [2014/12/01 00:22:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/12/01 00:22:04 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/10/29 12:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/10/29 12:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/10/29 12:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/10/29 12:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/10/15 17:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/10/07 15:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/10/07 15:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/09/24 17:01:27 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:[b]64bit:[/b] - [2014/09/24 16:29:37 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:20 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:06 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:37 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/15 09:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/02/02 16:17:40 | 000,124,192 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cymon.sys -- (Cymon)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:14 | 000,117,312 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:10 | 000,085,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:04 | 000,283,160 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 21:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 21:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 17:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 08:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/10 09:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/31 03:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 04:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2013/07/11 11:39:06 | 000,037,904 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\tmel.sys -- (tmel)
DRV:[b]64bit:[/b] - [2013/07/08 12:16:30 | 000,103,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tmusa.sys -- (tmusa)
DRV:[b]64bit:[/b] - [2013/06/28 13:44:32 | 002,441,392 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2013/06/18 23:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:[b]64bit:[/b] - [2013/06/13 15:35:10 | 000,100,640 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:[b]64bit:[/b] - [2013/05/31 00:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:[b]64bit:[/b] - [2013/05/05 16:32:46 | 000,039,168 | ---- | M] (Scarlet.Crush Productions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScpVBus.sys -- (ScpVBus)
DRV:[b]64bit:[/b] - [2013/04/12 11:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2012/11/19 12:10:38 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/07/13 11:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2012/02/23 12:20:36 | 000,317,744 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:[b]64bit:[/b] - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2011/07/14 22:00:50 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV:[b]64bit:[/b] - [2010/02/04 13:49:02 | 000,740,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC1150.X64.SYS -- (DC1150.X64)
DRV:[b]64bit:[/b] - [2009/11/24 09:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/24 09:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:[b]64bit:[/b] - [2009/09/03 05:00:19 | 000,045,616 | R--- | M] (I-O DATA DEVICE, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IOSPD5.SYS -- (IOSPD5)
DRV - [2013/02/22 18:24:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {818E0927-F026-4031-A592-4FEABD11A97E}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MANMJS
IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oem.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cjinternet.jp/application/cjij-launcher-plugin,version=1.0.0.5: C:\Program Files (x86)\CJIJ\npCJIJLauncher.dll (CJ Internet Japan)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll (gameon)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\Common files\nppmangsupport.dll (gameon)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\【ユーザー名】\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\8.0.1173\8.0.1173\FIREFOXEXTENSION
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014/10/11 22:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}: C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ [2014/11/05 23:56:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/08/03 21:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\【ユーザー名】\AppData\Roaming\mozilla\Extensions
[2015/08/20 21:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\【ユーザー名】\AppData\Roaming\mozilla\Firefox\Profiles\uzuugfdb.default\extensions
[2015/09/02 04:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/09/02 04:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2015/09/09 11:30:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (no name) - {613c18c1-08f1-4a62-9015-afeb9515af51} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Yahoo!ツールバーフィッシング警告) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll (Yahoo Japan Corporation. )
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yahoo!ツールバーヘルパー) - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logicool Gaming Software\LCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Folder Size] C:\Program Files (x86)\FolderSize\FolderSize.exe (Brio)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [OneDrive] C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Users\【ユーザー名】\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab (DMM Downloader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FBD7DF6-0ABE-4555-871F-1A39827E9AB0}: DhcpNameServer = 192.168.10.1
O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmbp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtbim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {78E345F7-E976-3595-9C30-2458D6A8EC32} - .NET Framework
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\WINDOWS\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EC43E638-09F0-38CC-A585-72FCCDDF035C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/09/10 22:33:02 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Skype
[2015/09/10 22:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/09/10 22:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/09/10 22:32:56 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/09/10 22:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2015/09/10 22:19:44 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (41)
[2015/09/10 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\新しいフォルダー
[2015/09/09 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro Installer
[2015/09/09 11:30:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/09/09 11:20:48 | 002,240,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015/09/09 11:20:48 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015/09/09 11:20:47 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015/09/09 11:20:47 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015/09/09 11:20:47 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015/09/09 11:20:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015/09/09 11:20:47 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015/09/09 11:20:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015/09/09 11:20:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015/09/09 11:20:47 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015/09/09 11:20:47 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015/09/09 11:20:04 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InkEd.dll
[2015/09/09 11:20:04 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InkEd.dll
[2015/09/09 11:20:03 | 000,118,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\consent.exe
[2015/09/09 11:20:02 | 001,633,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2015/09/09 11:20:02 | 000,951,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdh.dll
[2015/09/09 11:20:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UtcResources.dll
[2015/09/09 11:20:01 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdh.dll
[2015/09/09 11:19:53 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/09/09 11:19:53 | 002,126,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/09/09 11:19:53 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/09/09 11:19:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/09/09 11:19:53 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/09/09 11:19:53 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/09/09 11:19:53 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/09/09 11:19:52 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/09/09 11:19:52 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/09/09 11:19:52 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/09/09 11:19:49 | 002,819,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2015/09/09 11:19:49 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskeng.exe
[2015/09/09 11:19:49 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\schtasks.exe
[2015/09/09 11:19:49 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\schtasks.exe
[2015/09/09 11:19:47 | 002,775,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/09/09 11:19:47 | 001,728,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2015/09/09 11:19:47 | 001,546,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2015/09/09 11:19:47 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2015/09/09 11:19:46 | 002,461,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/09/09 11:19:46 | 001,380,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2015/09/09 11:19:46 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2015/09/09 11:19:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shacct.dll
[2015/09/09 11:19:46 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\shacct.dll
[2015/09/09 11:19:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tzsync.exe
[2015/09/09 11:19:43 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/09/09 11:19:43 | 000,301,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/09/09 11:19:43 | 000,074,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appidapi.dll
[2015/09/09 11:19:43 | 000,065,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appidapi.dll
[2015/09/09 11:19:43 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/09/09 11:19:43 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/09/09 01:02:28 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (40)
[2015/09/08 02:30:14 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\TempTaskUpdateDetection015F7561-B231-440F-9E6B-0EE2D25C9F20
  • キツツキ
  • 2015/09/10 (Thu) 23:21:38
返信フォームへ 
Re: DNS Unlockerに感染
[2015/09/07 21:30:55 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes
[2015/09/07 21:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/09/07 21:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/09/07 21:30:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/09/07 21:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/09/07 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (36)
[2015/09/07 13:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/09/07 13:55:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Sun
[2015/09/07 13:55:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\.oracle_jre_usage
[2015/09/07 13:16:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Geek Uninstaller
[2015/09/07 13:16:21 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\geek (1)
[2015/09/07 00:48:11 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (29)
[2015/09/05 23:19:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (27)
[2015/09/05 23:15:56 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (17)
[2015/09/05 03:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/09/05 03:14:09 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (39)
[2015/09/05 02:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/09/05 02:30:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/09/04 01:40:53 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (38)
[2015/09/03 03:44:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (37)
[2015/09/02 04:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/08/30 11:16:56 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\documents-export-2015-08-29
[2015/08/25 23:19:15 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (33)
[2015/08/25 22:48:43 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (35)
[2015/08/25 21:34:33 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\透けマイクロビキニ(仮)
[2015/08/25 14:41:08 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (34)
[2015/08/24 23:10:43 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\CEF
[2015/08/22 20:59:20 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (32)
[2015/08/18 13:44:34 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (31)
[2015/08/18 11:21:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (30)
[2015/08/18 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (25)
[2015/08/18 01:06:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (24)
[2015/08/18 00:53:29 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\goo
[2015/08/17 23:47:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (23)
[2015/08/17 23:39:55 | 000,000,000 | R--D | C] -- C:\Users\【ユーザー名】\Google ドライブ
[2015/08/17 23:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2015/08/17 23:21:17 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\Macromedia
[2015/08/17 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (21)
[2015/08/17 23:17:48 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\Mozilla
[2015/08/17 00:44:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (18)
[2015/08/16 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (15)
[2015/08/13 11:44:08 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/08/13 11:44:08 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/08/12 23:08:57 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\SharpHeaderCookie
[2015/08/12 23:08:24 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Documents\やりますアンコちゃん
[2015/08/12 23:07:39 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\NicoViewer2_2_0_6setup
[2015/08/12 15:07:49 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/08/12 15:07:48 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/08/12 15:07:48 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2015/08/12 15:07:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2015/08/12 15:07:47 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2015/08/12 15:07:47 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015/08/12 15:07:43 | 018,823,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2015/08/12 15:07:43 | 007,458,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015/08/12 15:07:43 | 001,735,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/08/12 15:07:42 | 015,159,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2015/08/12 15:07:41 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2015/08/12 15:07:41 | 001,116,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2015/08/12 15:07:41 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2015/08/12 15:07:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2015/08/12 15:07:41 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2015/08/12 15:07:41 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\davclnt.dll
[2015/08/12 15:07:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2015/08/12 15:07:41 | 000,025,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2015/08/12 15:07:40 | 000,270,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2015/08/12 15:07:40 | 000,114,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys
[2015/08/12 15:07:40 | 000,044,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2015/08/12 15:07:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\csrsrv.dll
[2015/08/12 15:07:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\basesrv.dll
[2015/08/12 15:07:15 | 000,487,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2015/08/12 15:07:15 | 000,393,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2015/08/12 15:07:09 | 007,032,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2015/08/12 15:07:09 | 006,213,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2015/08/12 15:07:09 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdvidcrl.dll
[2015/08/12 15:07:09 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdvidcrl.dll
[2015/08/12 15:07:09 | 000,536,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mcupdate_GenuineIntel.dll
[2015/08/12 15:07:08 | 001,994,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2015/08/12 15:07:08 | 000,428,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2015/08/12 15:07:08 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2015/08/12 11:19:16 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (26)
[2 C:\Users\【ユーザー名】\AppData\Local\*.tmp files -> C:\Users\【ユーザー名】\AppData\Local\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/09/10 22:55:56 | 001,499,946 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/09/10 22:55:56 | 000,723,316 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/09/10 22:55:56 | 000,500,688 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2015/09/10 22:55:56 | 000,135,994 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2015/09/10 22:55:56 | 000,135,930 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/09/10 22:53:49 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/09/10 22:51:48 | 791,961,597 | -HS- | M] () -- C:\hiberfil.sys
[2015/09/10 22:51:48 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2015/09/10 22:32:57 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/09/10 22:15:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/09/10 21:53:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/09/10 09:49:46 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/10 09:48:17 | 000,760,560 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/09/09 22:48:58 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\ウイルスバスター クラウドのインストーラ.lnk
[2015/09/09 11:30:49 | 000,000,098 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2015/09/07 21:56:35 | 000,000,000 | ---- | M] () -- C:\Users\【ユーザー名】\AppData\Local\{69CB2F78-C431-465B-8D06-80232F4730C8}
[2015/09/07 21:30:51 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/07 14:11:55 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2015/09/07 13:54:56 | 000,097,888 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2015/09/06 18:31:30 | 000,125,763 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\5.jpg
[2015/09/05 22:34:02 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2015/09/05 03:27:47 | 000,002,289 | ---- | M] () -- C:\Users\【ユーザー名】\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/09/05 03:18:18 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/09/05 03:07:16 | 000,043,664 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2015/09/05 03:05:40 | 000,005,586 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2015/09/02 11:55:31 | 000,358,912 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/09/02 11:50:54 | 000,044,032 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/09/02 11:17:36 | 000,301,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/09/02 11:13:29 | 000,035,840 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/08/27 11:48:44 | 000,136,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015/08/27 09:55:05 | 000,115,677 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\CL5pDkgUcAAONiY.jpg
[2015/08/27 03:00:58 | 000,721,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015/08/27 03:00:14 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015/08/27 03:00:14 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015/08/27 03:00:14 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015/08/26 23:29:10 | 002,240,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015/08/26 23:27:36 | 000,891,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015/08/26 23:27:02 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015/08/26 23:26:38 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015/08/26 23:26:37 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015/08/26 23:26:37 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015/08/25 17:28:56 | 000,020,340 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\aitemu.jpg
[2015/08/23 02:34:16 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/08/23 02:21:20 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/08/23 02:20:20 | 005,923,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/08/23 01:45:18 | 000,665,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/08/23 01:41:49 | 000,720,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/08/23 01:41:05 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/08/23 01:39:28 | 002,126,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/08/23 01:18:25 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/08/23 01:01:54 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/08/23 00:55:04 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/08/19 09:07:14 | 001,347,265 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\CL7KS6dUMAAOert.png
[2015/08/17 23:40:02 | 000,001,676 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\Google ドライブ.lnk
[2015/08/17 23:17:42 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/08/17 11:43:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_【ユーザー名】.job
[2015/08/15 00:26:24 | 000,001,157 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\Adobe Lightroom.lnk
[2015/08/14 23:26:37 | 002,496,190 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\51954286_p0.png
[2015/08/14 01:54:46 | 000,528,087 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\23-2.jpg
[2015/08/14 01:54:43 | 000,535,123 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\23-1.jpg
[2015/08/12 23:08:24 | 000,000,929 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\やります!アンコちゃん.lnk
[2 C:\Users\【ユーザー名】\AppData\Local\*.tmp files -> C:\Users\【ユーザー名】\AppData\Local\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/09/10 22:32:57 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/09/09 22:48:58 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\ウイルスバスター クラウドのインストーラ.lnk
[2015/09/09 11:19:47 | 000,411,455 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/09/07 21:56:35 | 000,000,000 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\{69CB2F78-C431-465B-8D06-80232F4730C8}
[2015/09/07 21:30:51 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/06 18:31:30 | 000,125,763 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\5.jpg
[2015/09/05 03:18:18 | 000,002,289 | ---- | C] () -- C:\Users\【ユーザー名】\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/09/05 03:18:18 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/09/05 03:05:40 | 000,005,586 | ---- | C] () -- C:\WINDOWS\SysNative\.crusader
[2015/09/05 02:48:10 | 000,043,664 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2015/08/27 09:55:05 | 000,115,677 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\CL5pDkgUcAAONiY.jpg
[2015/08/25 17:28:56 | 000,020,340 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\aitemu.jpg
[2015/08/19 09:07:14 | 001,347,265 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\CL7KS6dUMAAOert.png
[2015/08/17 23:40:02 | 000,001,676 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\Google ドライブ.lnk
[2015/08/17 23:17:42 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/08/17 23:17:42 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/08/14 23:26:37 | 002,496,190 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\51954286_p0.png
[2015/08/14 01:54:46 | 000,528,087 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\23-2.jpg
[2015/08/14 01:54:43 | 000,535,123 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\23-1.jpg
[2015/08/12 23:08:24 | 000,000,929 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\やります!アンコちゃん.lnk
[2015/08/07 22:47:09 | 000,000,000 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\{C53A12FC-5C8E-4E24-BE56-FB1B3FC9CEA2}
[2015/06/10 12:16:08 | 000,000,024 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\appdataFr25.bin
[2015/06/10 00:31:58 | 000,000,020 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\appdataFr2.bin
[2015/05/19 23:22:10 | 017,452,880 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop.wav
[2015/03/06 18:07:01 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2015/03/06 18:05:57 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/01/16 19:20:39 | 000,000,034 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\AdobeWLCMCache.dat
[2015/01/14 19:28:02 | 000,524,288 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2015/01/14 19:28:02 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\Lagarith.dll
[2015/01/14 19:28:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2014/12/03 10:55:45 | 000,053,430 | ---- | C] () -- C:\Users\【ユーザー名】\genymotion-log.zip
[2014/12/01 00:36:36 | 000,000,354 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/29 23:00:21 | 000,017,964 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\recently-used.xbel
[2014/11/17 01:31:48 | 000,001,245 | ---- | C] () -- C:\Users\【ユーザー名】\DigitalClock2.class
[2014/11/17 01:25:45 | 000,003,158 | ---- | C] () -- C:\Users\【ユーザー名】\Clock1.class
[2014/11/16 20:25:22 | 000,001,657 | ---- | C] () -- C:\Users\【ユーザー名】\Tokei.class
[2014/11/16 20:25:22 | 000,000,337 | ---- | C] () -- C:\Users\【ユーザー名】\Ada.class
[2014/11/16 20:19:03 | 000,000,879 | ---- | C] () -- C:\Users\【ユーザー名】\DigitalClock2.java
[2014/11/15 20:30:10 | 000,000,094 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/11/02 11:25:10 | 000,021,528 | ---- | C] () -- C:\WINDOWS\DCEBoot64.exe
[2014/10/11 22:50:01 | 000,000,036 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\housecall.guid.cache
[2014/09/29 03:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AI6WIN.INI
[2014/09/24 15:59:40 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/09/20 04:37:04 | 000,200,231 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\VideoPad.dmp
[2014/08/03 16:41:20 | 000,013,973 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCoInst.dat
[2014/08/03 16:41:18 | 000,792,416 | ---- | C] () -- C:\WINDOWS\SysWow64\DiagFunc.dll
[2014/08/03 16:41:18 | 000,000,451 | ---- | C] () -- C:\WINDOWS\SysWow64\DiagFunc.ini
[2014/07/19 20:36:31 | 000,000,993 | ---- | C] () -- C:\WINDOWS\UN900119.INI
[2014/06/20 15:41:04 | 000,007,637 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\Resmon.ResmonCfg
[2014/06/15 01:56:29 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Lhaca.ini
[2013/12/29 19:21:15 | 000,002,304 | ---- | C] () -- C:\WINDOWS\SysWow64\HtsysmNT.sys
[2013/12/07 11:02:13 | 000,231,960 | ---- | C] () -- C:\WINDOWS\RegBootClean64.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2015/03/13 15:07:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/05/08 02:50:50 | 022,292,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/05/08 01:53:12 | 019,734,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 10:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 09:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 10:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2014/10/16 19:49:30 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp
[2015/09/10 22:32:54 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk
[2014/10/17 09:31:05 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp\S-1-5-21-1986508758-1585181776-1248126739-1001
[2015/05/21 01:26:09 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw32\msys\home\x86\ffmpeg\.git
[2015/05/21 01:21:32 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw32\msys\home\x86\polarssl\.git
[2015/05/21 01:21:53 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw32\msys\home\x86\rtmpdump\.git
[2015/05/21 01:24:19 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw32\msys\home\x86\x264\.git
[2015/05/21 00:50:48 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw64\msys\home\x64\ffmpeg\.git
[2015/05/21 00:46:17 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw64\msys\home\x64\polarssl\.git
[2015/05/21 00:46:37 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw64\msys\home\x64\rtmpdump\.git
[2015/05/21 00:49:00 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw64\msys\home\x64\x264\.git
[2015/03/15 12:00:19 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2015/08/07 22:46:36 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\IObit\LiveUpdate\update
[2015/09/10 17:56:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsApps
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2014/10/17 19:24:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\tks
[2014/10/17 19:24:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\vid
[2015/04/29 01:53:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\Apple Computer\iTunes\SC Info
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows
[2014/10/06 12:21:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MG3500 series Printer
[2013/02/22 15:11:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\BDNAV
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater
[2015/08/18 01:56:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2014/09/08 22:45:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_PowerDVD_Downloader.exe
[2014/09/08 22:43:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2013/11/09 21:29:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDVD\10.0
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerStarter\10.0
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\LABELPRINT\2.5
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MediaEspresso\6.5
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MediaShow\6.0
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWER2GO\7.0
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERBACKUP\2.50
[2013/11/09 21:29:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerDVD\10.0
[2014/09/08 22:45:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerDVD\11.0\UNO
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERPRODUCER\5.5
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerStarter\10.0
[2014/12/01 00:30:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2015/03/21 00:01:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2014/09/24 15:29:47 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/07/26 17:12:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\2014-10-11-14-08-46
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR\2014-10-11-14-08-46
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\4f494d44
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\4f494d44\2014-10-11-14-08-46
[2014/12/01 00:34:28 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2014/10/17 19:24:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\tks
[2014/10/17 19:24:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\vid
[2015/04/29 01:53:06 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Apple Computer\iTunes\SC Info
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows
[2014/10/06 12:21:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MG3500 series Printer
[2013/02/22 15:11:11 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\BDNAV
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater
[2015/08/18 01:56:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2014/09/08 22:45:07 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_PowerDVD_Downloader.exe
[2014/09/08 22:43:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2013/11/09 21:29:54 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDVD\10.0
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerStarter\10.0
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\LABELPRINT\2.5
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MediaEspresso\6.5
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MediaShow\6.0
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWER2GO\7.0
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERBACKUP\2.50
[2013/11/09 21:29:53 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerDVD\10.0
[2014/09/08 22:45:27 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerDVD\11.0\UNO
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERPRODUCER\5.5
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerStarter\10.0
[2014/12/01 00:30:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2015/03/21 00:01:54 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2014/09/24 15:29:47 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/07/26 17:12:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2013/08/23 00:36:30 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2015/04/07 01:44:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\AccountPictures
[2015/09/10 22:32:57 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2014/12/04 01:04:19 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\7.0
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{4230527D-88E1-4fb5-9EDD-606F3AD2B389}\Version\2.5
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{63E98B26-4583-4418-958D-B6BD95DFE5C9}\Version\2.50
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455}\Version\10.0
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{748DB920-B5DD-4cdb-9EC4-5A3B61A21936}\Version\10.0
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{79B38061-BE11-4614-B048-0D6E669B12B3}\Version\5.5
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{7AD1ACC7-6558-427a-8564-76F67706C366}\Version\6.5
[2014/12/01 00:28:32 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser\AppData
[2015/06/24 09:46:03 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData
[2014/12/01 19:13:51 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2014/12/01 01:25:06 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2014/12/01 00:36:39 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\PrivacIE
[2014/12/01 00:36:48 | 000,000,000 | RH-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\Burn\Burn
[2015/09/10 03:01:15 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\Content.MSO
[2015/09/10 03:01:15 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\Content.Word
[2014/12/01 00:36:39 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\PrivacIE\Low
[2015/03/13 12:05:12 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\NVIDIA Corporation\Shield Apps\StreamingAssets
[2014/12/06 23:05:36 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\VirtualStore\Program Files (x86)\Fenrir Inc\PictBear Second Edition\tmp\~undo
[2014/12/29 21:25:23 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Roaming\Adobe\CoreSync\plugins\livetype\c
[2014/12/29 21:25:23 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Roaming\Adobe\CoreSync\plugins\livetype\e
[2014/12/29 21:25:23 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Roaming\Adobe\CoreSync\plugins\livetype\r
[2014/12/01 00:32:44 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2015/07/12 00:09:11 | 000,004,608 | -H-- | M] () -- C:\Users\【ユーザー名】\AppData\Roaming\Rainmeter\Rainmeter.exe
[2015/05/19 23:43:46 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\Desktop\Freemake_do_not_remove_this_folder
[2014/04/13 11:37:28 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\Documents\New Unity Project\Assets\MMDLoader\.svn
[2014/04/13 11:37:28 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\Documents\New Unity Project\Assets\MMDLoader\Private\.svn
[2014/04/13 11:37:28 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\Documents\New Unity Project\Assets\Resources\.svn
[2014/10/11 22:53:05 | 000,000,000 | -H-D | M] -- C:\Windows\ELAMBKUP
[2014/12/01 00:30:33 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2015/09/05 01:19:02 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2014/12/01 00:28:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\SysNative\GroupPolicy

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2015/09/05 22:34:02 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2015/09/10 21:53:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/09/10 09:49:46 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/10 22:15:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/08/17 11:43:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_【ユーザー名】.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Samsung SSD 840 Series
Partitions: 5
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Generic Storage Device USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 300.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 260.00MB
Starting Offset: 315621376
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 222.00GB
Starting Offset: 722468864
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 457.00MB
Starting Offset: 239094202368
Hidden sectors: 0


DeviceID: Disk #0, Partition #4
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 10.00GB
Starting Offset: 239573401600
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 4194304
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2014/10/29 11:42:20 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:33 | 000,110,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2014/10/29 10:21:02 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:34 | 000,933,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:40 | 000,845,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2014/10/29 10:01:27 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:28 | 000,516,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2014/10/29 09:55:10 | 000,367,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:50 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:24 | 000,131,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:06 | 000,365,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/10/29 10:05:58 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:41 | 000,252,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2014/10/29 10:14:35 | 000,110,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:23 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2014/10/29 10:59:46 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:07:58 | 000,452,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2014/10/29 10:08:58 | 000,397,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2014/10/29 10:01:45 | 000,706,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2014/10/29 09:51:03 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 10:41:58 | 000,391,680 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:16 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2014/10/29 11:45:24 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2014/10/29 09:54:15 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2014/10/29 11:34:42 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2014/10/29 09:59:21 | 000,542,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2014/10/29 12:51:48 | 000,047,024 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2014/10/29 09:56:06 | 000,146,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:18:49 | 000,329,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2014/10/29 10:04:06 | 000,640,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2014/10/29 09:49:09 | 000,576,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/01 12:38:35 | 001,265,152 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2014/10/29 11:12:14 | 000,313,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2014/10/29 10:34:59 | 000,254,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:29 | 000,059,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2015/07/10 01:14:45 | 000,228,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:59:28 | 001,454,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/05/31 04:35:47 | 000,911,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2015/05/31 04:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2015/03/06 11:47:37 | 001,696,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2014/10/29 10:02:44 | 000,880,640 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:59:24 | 000,670,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2015/06/16 07:41:04 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2015/06/16 06:16:41 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2014/10/29 10:18:13 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2015/08/26 23:46:13 | 003,705,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:53:17 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2014/10/29 10:03:56 | 001,547,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:29 | 000,289,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< End of report >
  • キツツキ
  • 2015/09/10 (Thu) 23:25:53
返信フォームへ 
Re: DNS Unlockerに感染
Skypeは再インストールしました。

OTLのログですが、今回「Extras.txt」は出ませんでした。

Temp内についてですが、現在「_MEI138882」も消え「_MEI63322」になっています。Temp内のフォルダもいくつか増えているようです。

この「_MEI」が頭につくフォルダはどうやらPCを再起動したり、シャットダウンから立ち上げたりした際にフォルダ名を変えるようです。

一応、Temp内の画像をまた貼っておきます。
  • キツツキ
  • 2015/09/10 (Thu) 23:39:26
返信フォームへ 
OTLで大掃除を
こんばんは、IVNOと申します。
現在悪代官さんが諸事情によりこちらに顔を出せない状況であるため、引き継がせていただきます。
ただ私も頻繁に顔を出せるほどに暇ではありませんので、仕事の合間を縫って回答いたします。
そのためレスが遅れ遅れになる可能性がありますが、なにとぞご容赦ください。

今回のOTLでの処置が正常に完了すれば、各ディレイクトリ内にあるTempフォルダの中身に関しては例外なく一掃されます。
問題が継続するか否かは、まずは一掃してから考えることとしましょう。

メモ帳を起動させ、以下をコピペしてください。
なお、:OTL、:Files、:Commands等はOTLでの処理方法を決める命令文です。
削除なされないようご注意ください。

------コピペこの下より------
:OTL
DRV:[b]64bit:[/b] - [2015/09/05 03:07:16 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3
CHR - Extension: No name found = %UserProfile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = %UserProfile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = %UserProfile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab (DMM Downloader)
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[2015/09/08 02:30:14 | 000,000,000 | ---D | C] -- %UserProfile%\AppData\Local\TempTaskUpdateDetection015F7561-B231-440F-9E6B-0EE2D25C9F20
[2015/09/07 21:30:55 | 000,000,000 | ---D | C] -- %UserProfile%\AppData\Roaming\Malwarebytes
[2015/09/07 21:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/09/07 21:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/09/07 21:30:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/09/07 21:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/09/05 02:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/09/05 02:30:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/09/07 21:56:35 | 000,000,000 | ---- | M] () -- %UserProfile%\AppData\Local\{69CB2F78-C431-465B-8D06-80232F4730C8}
[2015/09/05 03:07:16 | 000,043,664 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2015/09/09 11:19:47 | 000,411,455 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[emptytemp]
[createrestorepoint]
[reboot]
------コピペこの上まで------

コピペが完了しましたら、分かりやすいお名前をつけて保存してください。
その後、PCをセーフモードで起動させてください。
再度OTLを起動させ、Custom Scan/Fixesの項目内に上記で保存した内容をコピペしてください。
今回は駆除作業のため、その他のチェック項目はありません。
赤い文字の[Run Fix]をクリックして処置を開始してください。
OTLの処置に従って進めてゆき、通常モードで再起動を行う前後いずれかに処置ログが表示されますので、
そちらのログを貼り付けてご連絡ください。
  • IVNO
  • MAIL
  • 2015/09/11 (Fri) 02:33:08
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

All processes killed
========== OTL ==========
Service hitmanpro37 stopped successfully!
Service hitmanpro37 deleted successfully!
C:\Windows\SysNative\drivers\hitmanpro37.sys moved successfully.
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3 removed from extensions.enabledAddons
File %UserProfile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0 not found.
File %UserProfile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0 not found.
File %UserProfile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1 not found.
Starting removal of ActiveX control {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7}
C:\Windows\Downloaded Program Files\DMM Downloader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0725D9DE-4CB8-4BC3-8219-3E74C0D544F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0725D9DE-4CB8-4BC3-8219-3E74C0D544F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0725D9DE-4CB8-4BC3-8219-3E74C0D544F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0725D9DE-4CB8-4BC3-8219-3E74C0D544F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630b1da0-b465-11d1-9948-00c04f98bbc9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630b1da0-b465-11d1-9948-00c04f98bbc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ not found.
C:\Users\【ユーザー名】\AppData\Local\TempTaskUpdateDetection015F7561-B231-440F-9E6B-0EE2D25C9F20 folder moved successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
C:\Windows\SysNative\drivers\mbam.sys moved successfully.
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages folder moved successfully.
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon folder moved successfully.
C:\Program Files (x86)\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\HitmanPro\Quarantine folder moved successfully.
C:\ProgramData\HitmanPro\Logs folder moved successfully.
C:\ProgramData\HitmanPro folder moved successfully.
C:\AdwCleaner\Quarantine\C\WINDOWS\Sysnative folder moved successfully.
C:\AdwCleaner\Quarantine\C\WINDOWS folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\Desktop\Save folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\Desktop folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Roaming\Microsoft folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Roaming folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google\Chrome folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.5.0.0 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\FileViewPro folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\{cb6aa725-997f-8f87-cb6a-aa7259979c96} folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\{36809982-85e6-28de-3680-0998285e660a} folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\{19dc80b2-f236-99ae-19dc-c80b2f2302cb} folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\3377122877330317964 folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uunisoaoles folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uunIsales folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DNS Unlocker folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AlllCheapPrIIce folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCheauPPrice folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCheaapPrice folder moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86) folder moved successfully.
C:\AdwCleaner\Quarantine\C folder moved successfully.
C:\AdwCleaner\Quarantine folder moved successfully.
C:\AdwCleaner folder moved successfully.
C:\Users\【ユーザー名】\AppData\Local\{69CB2F78-C431-465B-8D06-80232F4730C8} moved successfully.
File C:\WINDOWS\SysNative\drivers\hitmanpro37.sys not found.
File move failed. C:\Windows\SysNative\ApnDatabase.xml scheduled to be moved on reboot.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: 【ユーザー名】
->Temp folder emptied: 109637320 bytes
->Temporary Internet Files folder emptied: 2695211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 232800868 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19567093 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 348.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 09112015_105552

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\ApnDatabase.xml scheduled to be moved on reboot.
C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • キツツキ
  • 2015/09/11 (Fri) 12:24:09
返信フォームへ 
Re: DNS Unlockerに感染
「C:\Users\【ユーザー名】\AppData\Local\Temp」の「Temp」内にあった「_MEI」が頭につくフォルダですが、どうやらこれは、「Googleドライブ」による物だったようです。たまたま、「Googleドライブ」をGUでアンインストールした所「Temp」内から消えました。

一応また、「Temp」内の画像貼っておきます。
  • キツツキ
  • 2015/09/11 (Fri) 12:31:45
返信フォームへ 
HPでスキャンを
OTLでの処置は一部を除き正常に終了した模様です。
OTLは元々駆除に対してむらっけがあるので、それはまた次回に削除することとしましょう。
Tempフォルダ内のファイルについては、今のところ不審なものはありません。

以下のソフトウェアをご用意ください。

HerdProtect(通称:HP)
http://www.herdprotect.com/downloads.aspx
インストール版でもポータブル版でも構いません。
インストール版の場合、アンインストールの際は、セーフモードでGeekを利用してアンインストールされてください。
また、トレンドマイクロのウイルスバスターとの相性が悪いとの報告も受けております。
相性の問題でスキャンが正常にできないときは、その旨をご報告ください。
さらに、本ソフトウェアにより検出されたものすべてがマルウェアと言うわけではありません。
HPは駆除機能もありますが、誤検出率8割以上を誇る諸刃の剣ですので、駆除はOTLを用います。

準備ができましたら、まずゲームのインストーラーなど、極端に重たいファイルがある場合は、
そちらの不要ファイルを事前にPC内から手動削除し、ごみ箱からも消しておいてください。
これらをHPが不審プログラムとして拾うと、1日や2日は平気でスキャンにかかってしまいます。
PCが通常モードで起動していることを確認し、HerdProtectを起動させます。
ソフトウェアの特性として、ファイルのスキャンにインターネット回線を利用します。
インターネット回線がご利用できないセーフモード時では正常に動作しませんので、
セーフモードで起動中の場合は通常モードに切り替えてください。
Scanボタンがありますので、こちらを押してスキャンを行ってください。
スキャンに必要な情報を収集したり、発見された不審なソフトウェアを
各種セキュリティソフトで調査している間は、スキャン作業が停止します。
スキャンが進行しないからと言ってフリーズしたわけではありませんので、
スキャンが完了するまで今しばらくお待ちください。
スキャンが完了しましたらスキャン結果が表示されますので、
画面右上にあるSave resultsという文字をクリックしてログを出力してください。
出力されたログを貼り付けてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/11 (Fri) 16:52:20
返信フォームへ 
Re: DNS Unlockerに感染
ログです。
HPログ

Saved date: 2015/09/11 17:40:41
Files detected: 240
Files scanned: 10,681
Processes scanned: 143
Modules scanned: 949
ASEPs scanned: 548
Downloads scanned: 5
Deep analysis: 108/49
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\program files (x86)\iobit\liveupdate\liveupdate.exe
Publisher: IObit
Signer: IObit Information Technology
MD5: 337fa50ffded5e2bc94b36bf625ab681
SHA-1: 9df219ce99a62ed2715573e8fc7a7bbf1e3f443d
Created: 2015/06/24 9:46:03
Detections: 3
Determination: Inconclusive
- Trend Micro House Call as Suspicious_GEN.F47V0430 (Undefined)
- Dr.Web as riskware program Program.Unwanted.276 (Undefined)
- G Data as Win32.Adware.iObit (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\otl.exe
Publisher: OldTimer Tools
MD5: 4adcfee16ee9978f06157634669d36fb
SHA-1: 30b37076552e49276836d02dd73d038c27dbbee9
Created: 2015/09/08 20:42:34
Detections: 2
Determination: Ignore detections (false positive)
- Agnitum Outpost as Packed/PECompact
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\adwcleaner.exe
Publisher:
MD5: 25f1c57579f22b425a8d29dfb680c592
SHA-1: dddce9a85dc46578c4c5ed379203c77bf1290fa3
Created: 2015/09/07 21:16:08
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAtITA (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\hijackthis.exe
Publisher: Trend Micro Inc.
MD5: 47811d50390a86a17102d7496e6eabb9
SHA-1: 2623749cdb27887f6746acdee7e8065475f8b541
Created: 2015/09/05 15:16:19
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined)
- Rising Antivirus as PE:Trojan.VBInject!1.6546 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\7z920.exe
Publisher:
MD5: b3fdf6e7b0aecd48ca7e4921773fb606
SHA-1: 55283ad59439134673fc32fc097bdd9ae920fbc6
Created: 2013/12/07 11:27:55
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.Clod966.Trojan (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\adwcleaner-5-001-multi-win (1).exe
Publisher:
MD5: b2b2795e3b8afb600d0db286d7529f76
SHA-1: 9a2ec2f4776b106d691d3e39fdac38293c34bb45
Created: 2015/09/05 2:42:07
Detections: 1
Determination: Ignore detections (false positive)
- Baidu Antivirus as Adware.Win32.Solimba (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\adwcleaner-5-001-multi-win.exe
Publisher:
MD5: b2b2795e3b8afb600d0db286d7529f76
SHA-1: 9a2ec2f4776b106d691d3e39fdac38293c34bb45
Created: 2015/09/05 2:29:54
Detections: 1
Determination: Ignore detections (false positive)
- Baidu Antivirus as Adware.Win32.Solimba (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\balkonweapons (1).exe
Publisher: Minecraft Projects
Signer: Download Free (Fried Cookie Ltd.)
MD5: 109ccc6c2753f3730cc9f38d1ee89473
SHA-1: 4142511abbdd3f489929633b8a32e5c2c4be534a
Created: 2015/02/03 14:23:40
Detections: 17
Determination: Adware
- K7 Gateway Antivirus as Unwanted-Program (Adware)
- K7 AntiVirus as Unwanted-Program (Adware)
- Trend Micro House Call as TROJ_GEN.R047C0OBI15 (Undefined)
- Comodo Security as Application.Win32.FriedCookie.CIRK (Adware)
- Dr.Web as Trojan.InstallCore.19 (Adware)
- VIPRE Antivirus as InstallCore (Adware)
- McAfee Web Gateway as Artemis (Undefined)
- Sophos as Generic PUA EB (Undefined)
- Avira AntiVirus as ADWARE/InstallCore.Gen4 (Adware)
- G Data as Win32.Application.InstallCore.DI (Adware)
- McAfee as Artemis!109CCC6C2753 (Undefined)
- Baidu Antivirus as Adware.Win32.InstallCore (Adware)
- ESET NOD32 as Win32/InstallCore.UN potentially unwanted (variant) (Adware)
- Fortinet FortiGate as Riskware/InstallCore (Adware)
- AVG as Generic (Undefined)
- Qihoo 360 Security as Win32/Virus.Adware.8e6 (Adware)
- Reason Heuristics as PUP.InstallCore.Installer.Installer (M) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\bdcamsetup_jpn (1).exe
Publisher: Bandisoft
Signer: Bandisoft
MD5: f61cc88fa10fc684343d3f9648dd8fc0
SHA-1: f418d0d25416191065a6dfa645596d8fec585cea
Created: 2014/07/16 12:05:28
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\cbsidlm-cbsi183-vector_clocks-bp-75322976.exe
Publisher: CNET Download.com
Signer: CBS Interactive
MD5: 609b83259466f78ec2014119b22100f8
SHA-1: 23b050563a81a1c57daba7805b1e3e6b4c874f2b
Created: 2014/03/09 11:18:05
Detections: 7
Determination: Adware
- McAfee as Artemis!609B83259466 (Undefined)
- Trend Micro House Call as TROJ_GEN.F47V0220 (Undefined)
- VIPRE Antivirus as Opencandy (Adware)
- McAfee Web Gateway as Artemis!609B83259466 (Undefined)
- AhnLab V3 Security as PUP/Win32.Downloader (Adware)
- ESET NOD32 as Win32/CNETInstaller (variant) (Undefined)
- Reason Heuristics as Bundler.PPI.CBSInteractive.e (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\diy00340569823.exe
Publisher: flvcd.com
MD5: 4c50afc98620cc1b4139bea97b4efc78
SHA-1: 250ce53f64d1a2f13cec5b55a702338ad125b25f
Created: 2014/10/16 22:48:32
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Hoax.Win32.BadJoke.ScreenFlicker!O

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\everyonepiano1.7.1.12_setup.exe
Publisher: EveryonePiano.com
Signer: ALIKET SOFTWARE CO., LTD.
MD5: 0fe77574eb6f3cb199e5cb09291787ef
SHA-1: 2069902334d721eb9e0d1e29b83660f834664f19
Created: 2015/05/13 1:49:27
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.Optional.Installer (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\ffsplit-07025-full.exe
Publisher: FFsplit Team
MD5: e110c2ca87220e8febabe365c9e93d4c
SHA-1: da65186c1bdd85eb3a4ae226685ff9b63dd0c030
Created: 2015/05/20 21:18:02
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan[:HEUR]/Win32.Unknown (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\fileviewpro_2014.exe
Publisher:
Signer: Installer Wizard
MD5: 65295bfeac7f8d27fc637c6f2e03dcfb
SHA-1: 9ddaa76f22d48068bdbb96c283b3707f13f41f64
Created: 2014/06/16 19:38:20
Detections: 1
Determination: Inconclusive
- Reason Heuristics as PUP.Solvusoft.Installer.Meta (L) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\gifan071.exe
Publisher:
MD5: 175a4a7a13c01869c083bf19d845ce82
SHA-1: 688bb2c7261f7e3682483ed4d3afc5f04a6aef6a
Created: 2014/02/05 10:52:44
Detections: 3
Determination: Inconclusive
- Quick Heal as (Suspicious) - DNAScan
- Norman as Suspicious_Gen4.CMWGA
- VIPRE Antivirus as Trojan.FakeAlert (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\junkware-removal-tool-6-4-2-en-win (1).exe
Publisher:
MD5: af6e966d1f38287ef4d33b246ccc3a33
SHA-1: 2a8dc8c652cee1691b165428c6fc14080f9176b5
Created: 2015/09/05 2:13:51
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as virus.bat.danger.m (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\junkware-removal-tool-6-4-2-en-win.exe
Publisher:
MD5: af6e966d1f38287ef4d33b246ccc3a33
SHA-1: 2a8dc8c652cee1691b165428c6fc14080f9176b5
Created: 2015/09/05 1:59:03
Detections: 1
Determination: Ignore detections (false positive)
- Qihoo 360 Security as virus.bat.danger.m (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\liteloader-installer-1.7.10-00.exe
Publisher:
MD5: 8695bf071392fdff4fb368bcf811115d
SHA-1: 7aa8b6fbdd8c7c1051d5f1c3c73a5a5906eb9074
Created: 2015/03/11 20:12:24
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanDropper.Dorifel.aerf (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\liteloader-installer-1.7.10-04.exe
Publisher:
MD5: c4e927a4c29e3c16686f7d5de6f14e9d
SHA-1: 84135b42d56a9eab35bab20dcd80e7f4bd1ea09b
Created: 2015/03/11 19:11:16
Detections: 2
Determination: Ignore detections (false positive)
- NANO AntiVirus as Trojan.Win32.Agent.dhbpge (Undefined)
- Jiangmin as TrojanDropper.Dorifel.aerf (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\liteloader-installer-1.8.0-00-snapshot.exe
Publisher:
MD5: fd53bb713f694bf8e7b95c055ec08c81
SHA-1: 56df6f2b057344af07688c1a9679bba0d363e137
Created: 2015/02/07 1:19:56
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as TrojanDropper.Dorifel.aerf (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\lpls159.exe
Publisher:
MD5: c32d41f732157a8802c9215789623551
SHA-1: e7a3240a750fd0e7f1f174bf1743e21ceca81c36
Created: 2013/10/22 17:36:35
Detections: 1
Determination: Ignore detections (false positive)
- Vba32 AntiVirus as suspected of Trojan.StartPage.7 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\mcskin3d_1_3.exe
Publisher: Altered Softworks & MCSkin3D Development Team
MD5: c2a649932df60eb662896d9b62393d02
SHA-1: b2be91c10e01b8e13e2e0a477d43e2ff4f791c69
Created: 2015/03/13 15:07:17
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as VCS/Environment.DigitalFN

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\minecraft_server.1.7.2.exe
Publisher:
MD5: 13347886ace7e0f06b3266bbd3f54826
SHA-1: 07ae7cdcff6199735eb0f40da5d5c0763558a678
Created: 2015/01/29 11:03:16
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Menti (Undefined)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\mod organizer v1_2_1 installer-1334-1-2-1.exe
Publisher:
MD5: 869c254ead1d1fcda59b5522477789a0
SHA-1: 774745761e4f13eab185dbad63ae94f159de6e8f
Created: 2014/06/14 23:21:17
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan[Exploit]/JS.ama (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\pcsdvdu2g-111b.exe
Publisher: MicSoft
MD5: 21407c6db856bdf349c9d589b9c318be
SHA-1: 7c8320cc68a7c7b104fda0e36c05507f3194db47
Created: 2013/11/06 9:09:06
Detections: 1
Determination: Ignore detections (false positive)
- Zillya! Antivirus as Trojan.FakeAV.Win32.304779 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\rainmeter-3.0.2.exe
Publisher:
Signer: Rainmeter
MD5: 839505aae0645ae4b2709dfc140038c8
SHA-1: a0b561a4ea2432537160885eef38c890fc35623c
Created: 2015/07/12 0:12:42
Detections: 1
Determination: Ignore detections (false positive)
- Vba32 AntiVirus as Heur.Trojan.Hlux (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\rainmeter-3.2.1.exe
Publisher:
Signer: Rainmeter
MD5: 4492e25208a34c1f42066ca2d4d1548c
SHA-1: db61042f9ae88f4e5c78545c69b43e22bb307109
Created: 2015/07/12 0:08:40
Detections: 1
Determination: Ignore detections (false positive)
- Vba32 AntiVirus as Heur.Trojan.Hlux (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\rckp317 (1).exe
Publisher:
MD5: b8a112533a0733930fe20db6e9720d73
SHA-1: a3f30df2e35acd3ba5a73ad0a1802874d910c0b8
Created: 2013/11/01 7:40:02
Detections: 3
Determination: Inconclusive
- The Hacker as Trojan/Menti.nakr (Undefined)
- ViRobot as Trojan.Win32.A.Menti.311296.T (Undefined)
- ByteHero BDV as Trojan.Exception.gen.101 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\rckp317.exe
Publisher:
MD5: b8a112533a0733930fe20db6e9720d73
SHA-1: a3f30df2e35acd3ba5a73ad0a1802874d910c0b8
Created: 2013/11/01 1:27:48
Detections: 3
Determination: Inconclusive
- The Hacker as Trojan/Menti.nakr (Undefined)
- ViRobot as Trojan.Win32.A.Menti.311296.T (Undefined)
- ByteHero BDV as Trojan.Exception.gen.101 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\runtime121.exe
Publisher:
MD5: e5d5c51c020ec7a305a3c79b22c1d509
SHA-1: 508d3036f036d8f900af2f7b101ba8d8df037dbe
Created: 2014/11/14 20:02:22
Detections: 1
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.Malware.Heur_Generic.A.(kcloud) (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\vlc-2.1.0-win32.exe
Publisher:
MD5: 8beb1a5bc7ef0e2a2d7eb44b74a2ade7
SHA-1: 8f45a84e7ddccc5503bbec6417789f164b00ff83
Created: 2013/10/20 5:20:30
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.Zbot!6.103C (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\服装:whitesharkrobes.7z.exe
Publisher: SPC LLC
Signer: New IT Limited
MD5: 76e8ded2f8795968e4e25b4ee62bd3f7
SHA-1: eabe6c0881d42c4de3db1f4acfdf64f6ef360388
Created: 2014/06/15 21:30:44
Detections: 1
Determination: Adware
- Reason Heuristics as PUP.New IT Limited.NewIT (M) (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\未確認 457344.crdownload
Publisher:
MD5: a2c6d5425cec1a215d0283ec10b3a39e
SHA-1: 87b5ef6ccc6c3fd7ce45a07179c14557d06dadfb
Created: 2014/12/04 0:28:12
Detections: 6
Determination: UndefinedMalware
- McAfee as Artemis!A2C6D5425CEC (Undefined)
- Trend Micro House Call as Suspicious_GEN.F47V0825 (Undefined)
- VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
- McAfee Web Gateway as BehavesLike.Win32.Downloader.lc (Undefined)
- Kingsoft AntiVirus as Win32.Troj.Generic.a.(kcloud) (Undefined)
- Vba32 AntiVirus as suspected of Trojan.Downloader.gen.h (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\0x1331-20140813-nopics\ikpmp3.dll
Publisher:
MD5: 9a6541fea7dc1ad016d92a890daf3d01
SHA-1: 472d88d4a2825f4d48b68d653481a94610ec46de
Created: 2012/05/31 11:55:18
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\bouyomichan\samplesrc\socket通信で読み上げ指示を送る(ネット経由可・.net版)\bouyomichansample.exe
Publisher:
MD5: a093e7207e99750abea5fea6a6e53a9e
SHA-1: 2357159eb35cf91f9a4bc71798b95bfe2e9fed9d
Created: 2010/06/07 20:15:56
Detections: 1
Determination: Ignore detections (false positive)
- IKARUS anti.virus as Win32.SuspectCrc (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\ppdinstaller_x64\ppdinstaller(x64)\data\ppd\skins\microsoft.practices.servicelocation.dll
Publisher: Microsoft
Signer: Microsoft Corporation
MD5: 6df78bb163d443d95b21f58808320af7
SHA-1: a0263ec61435d1ee4c18a92a06ac3ea2c42eb730
Created: 2013/09/20 1:28:18
Detections: 1
Determination: Inconclusive
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\downloads\wint\wint.exe
Publisher:
MD5: ee3cff922653daaaa9269f63a81e139c
SHA-1: e1ac9fb7b7318cba668505fb245a72df7135200e
Created: 2013/10/08 0:26:11
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious.H

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\amarectv310\live_setup300.exe
Publisher:
MD5: fb824c501456ce3a522eb5b1f9bdfcc0
SHA-1: 40360972c5d766c4e39cc71d95aaca83e7337153
Created: 2015/02/21 9:49:01
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\bz2.pyd
Publisher:
MD5: 2309952a1136740f3871869cc13ab620
SHA-1: 7d9eb3ef678537c0026dc06e36f4d42b96b2627f
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\python27.dll
Publisher: Python Software Foundation
MD5: fb9ecb14a14328711eef9aace1686614
SHA-1: bd76a10cd66ff833bc24b6008cd502c4d2eabc1a
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\select.pyd
Publisher:
MD5: 3449bbfac55bfa14cdfd83e2d90f3d7e
SHA-1: 6bd778f81d672453b06e09dd405bd45e22062a70
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\sqlite3.dll
Publisher:
MD5: cf2fb22554b51181867efa2fadbf0059
SHA-1: a96515be43041c243a939ca142175a805c827837
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\_ctypes.pyd
Publisher:
MD5: f9982f8b1176597b81ed1285d1616ce7
SHA-1: 7cf74cce8b20adeeff83e29eacc028bdf2d7c18a
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\_hashlib.pyd
Publisher:
MD5: 199bde23ef347dbccc6bf5a112b43c93
SHA-1: ba98ef27c64eb858ac7c3ae6ff1dece53094e753
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\_socket.pyd
Publisher:
MD5: 07789a8c23bcebe32f8bfd4ce4af5ffb
SHA-1: 132d7ad9d2a7c3ff51b246fd14f0a4f738d68e10
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\_sqlite3.pyd
Publisher:
MD5: 8af159910fa00e5d5ec5e3b0823dbc76
SHA-1: 6b59fe4cda77c8f884629c1cbf6e08c55025509b
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\new folder\mcp811\runtime\bin\python\_ssl.pyd
Publisher:
MD5: 12fb0bcc8b79ecadd52ba8d97e08bfed
SHA-1: b52b26e16841d3b03f36792df7ed1825aa95ee54
Created: 2015/02/03 13:49:03
Detections: 1
Determination: Ignore detections (false positive)
- XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ゲーム\ads\ikpmp3.dll
Publisher:
MD5: 9a6541fea7dc1ad016d92a890daf3d01
SHA-1: 472d88d4a2825f4d48b68d653481a94610ec46de
Created: 2014/08/16 8:32:11
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ゲーム\スチームゲーム\skyrim\binkw32.dll
Publisher: RAD Game Tools, Inc.
MD5: 6c16d545b0717830773fb1ba4a195778
SHA-1: 4d205ef5ab7664f2e2b1de7b951824afa769ed61
Created: 2013/12/15 16:47:13
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Patched.gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ゲーム\スチームゲーム\skyrim\d3d9.dll
Publisher: ENB
MD5: 4f3277dcce171fd8a5d505675d6bf029
SHA-1: c55e024f0a026491e9aba3c44de7bb4c7c6c31cc
Created: 2013/12/15 16:47:13
Detections: 2
Determination: Inconclusive
- Bkav FE as HW32.CDB (Undefined)
- Quick Heal as (Suspicious) - DNAScan

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ゲーム\スチームゲーム\skyrim\skyrimlauncher.exe
Publisher: Bethesda Softworks
Signer: Bethesda Softworks
MD5: 148e4438043405574f139f55a89c4299
SHA-1: 70ed28006c460d4ec1222c12dae4a1c6e4503316
Created: 2013/12/15 16:47:13
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ゲーム\スチームゲーム\skyrim\steam_api.dll
Publisher: Valve Corporation
Signer: Valve
MD5: fecbbf6833ac8e82175790df1124c7a2
SHA-1: d04a6af645e14f69c79a963f14d8bf3e1e09de3c
Created: 2013/12/15 16:47:13
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as HV_ZYX_CA25031C.TOMC (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ゲーム\スチームゲーム\skyrim\tesv.exe
Publisher: Bethesda Softworks
Signer: Bethesda Softworks
MD5: 034b175599a2396343900850d4ef21a9
SHA-1: f39aecebf6e332616c4c518617073f6e8250e0f8
Created: 2013/12/15 16:47:13
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ニコ生\uwsc503\recuws.dll
Publisher:
MD5: 425310cdf297787912a3ee8f06306021
SHA-1: dd1df6811b4bd17dbfde5af055a89111a3beb8c4
Created: 2014/10/01 15:30:09
Detections: 1
Determination: Ignore detections (false positive)
- Comodo Security as Heur.Packed.Unknown

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ニコ生\旧バージョン\amarectv300c\amarectv300c\live_setup300.exe
Publisher:
MD5: fb824c501456ce3a522eb5b1f9bdfcc0
SHA-1: 40360972c5d766c4e39cc71d95aaca83e7337153
Created: 2013/08/29 15:22:52
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\ニコ生\旧バージョン\aviutl100\aviutl.exe
Publisher:
MD5: de77065ce0fde0f0f8231cfe47a49c66
SHA-1: b83bd94f594a5b2ac585aba86931a8083415f36e
Created: 2013/10/31 0:27:44
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\一時退避ファイル\wng300u103.exe
Publisher:
MD5: 687f8bcd740c57825fc7d9cd4ad0f81d
SHA-1: 94759d709b2c6f7e09365a3490464f8db5202fd5
Created: 2014/07/27 18:07:43
Detections: 3
Determination: Inconclusive
- Zillya! Antivirus as Trojan.Qhost.Win32.15544 (Undefined)
- ViRobot as Worm.Win32.A.WBNA.40187084[h] (Undefined)
- AegisLab AV Signature as Troj.W32.Gen (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\制作関係\エンブレム作成\feewhee.exe
Publisher:
MD5: c908272103f0110f2c872b4a0f5f6ac2
SHA-1: 3e4dd1e896cf8866b308662e77f27098ca0fc939
Created: 2014/01/05 21:37:46
Detections: 2
Determination: Ignore detections (false positive)
- Kingsoft AntiVirus as Win32.Malware.Heur_Generic.A.(kcloud) (Undefined)
- Fortinet FortiGate as W32/Zbot.gen!tr (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\制作関係\エンブレム作成\pause_103\pause.exe
Publisher:
MD5: 2f175aa463e458ae034ff2cbd426d55d
SHA-1: bbc9f355da8ebba9efca85346a73a59955602010
Created: 2014/07/05 8:58:30
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\制作関係\キャラメイク\character_03.07\character.exe
Publisher:
MD5: 265f08e086dca66a6cc89207d6edf5f7
SHA-1: 02534d1fdc7a9c84568199290d7cb5226e60bf9e
Created: 2014/11/24 3:13:22
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Gen:Variant.Strictor.34346 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\制作関係\ゲーム制作\デスクトップ改造計画\新しいフォルダー\data\ssph.exe
Publisher: SSP BUGTRAQ
MD5: acc346aeb53d26ea17ea4eb4280cc69e
SHA-1: 755bdf16e1e0f778442d2a6219046e06359de205
Created: 2014/10/17 5:00:34
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\制作関係\ゲーム制作\デスクトップ改造計画\新しいフォルダー\plugin\saknife\saknife.dll
Publisher: SSP BUGTRAQ
MD5: 38bd592104488f39310a0076dd0b793f
SHA-1: 4b9b62f543056a88cbdf4c6573f655d316d150aa
Created: 2004/06/13 22:43:00
Detections: 1
Determination: Ignore detections (false positive)
- eSafe as Suspicious File

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\忘れたフォルダ\rj062375_trial\rj062375_trial.exe
Publisher:
MD5: b3a09098057aaa7b78db99d0e70e11f5
SHA-1: 03177dab0498b3d7f33c4ef7899c0cdec7998b7b
Created: 2014/07/31 0:14:06
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Menti.ohvl (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\忘れたフォルダ\wdc-433su2m_5.1.12.0\setup.exe
Publisher: Macrovision Corporation
MD5: dc4a4bc5f20d40b75196955a39e925f9
SHA-1: 34558d1959b2d6d9d893c939226836a26e39ab63
Created: 2014/08/03 16:38:28
Detections: 1
Determination: Ignore detections (false positive)
- AVG as Mediatek Inc. (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (33)\マインクラフト\.minecraft\新しいフォルダー\minecraft_server.1.7.2.exe
Publisher:
MD5: 13347886ace7e0f06b3266bbd3f54826
SHA-1: 07ae7cdcff6199735eb0f40da5d5c0763558a678
Created: 2015/08/25 23:00:50
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Trojan/Win32.Menti (Undefined)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\aohghmighlieiainnegkcijnfilokake\0.7_0\manifest.json
Publisher:
MD5: 14fd8b222a996bc5d2233516cd78a20c
SHA-1: 3819378d9055c65fab8ddcd1fbfab28a89844980
Created: 2014/06/27 23:23:07
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\apdfllckaahabafndbhieahigkjlhalf\6.4_0\manifest.json
Publisher:
MD5: 93e34b017b195ac98aba32e64eede9f2
SHA-1: bfa2f63a3c2189cdb8696422f2fd9d4be2f2dbe5
Created: 2015/02/04 9:52:04
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\dfdobmhlmkdmiokclbhgmiiehioogbbi\2.7_0\manifest.json
Publisher:
MD5: 61851188e98870c097290b8d2941b418
SHA-1: 897d09c364b8b48172f1f30d8b857057395d7977
Created: 2014/09/01 23:28:57
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json
Publisher:
MD5: 2d922aa30def0a058f85601f8acb5ce5
SHA-1: 62f069a274a987013c2c75ad46a4487355b0dea2
Created: 2014/05/18 1:05:05
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\新しいフォルダー\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\manifest.json
Publisher:
MD5: cd485b986f1e8e2ec47a73f977318cf3
SHA-1: 913f12c26e183998c73f58c239fe0c8f5512f9e9
Created: 2014/12/17 16:14:39
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\新しいフォルダー\aohghmighlieiainnegkcijnfilokake\0.7_0\manifest.json
Publisher:
MD5: 14fd8b222a996bc5d2233516cd78a20c
SHA-1: 3819378d9055c65fab8ddcd1fbfab28a89844980
Created: 2014/12/17 16:14:36
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\新しいフォルダー\apdfllckaahabafndbhieahigkjlhalf\6.4_0\manifest.json
Publisher:
MD5: 93e34b017b195ac98aba32e64eede9f2
SHA-1: bfa2f63a3c2189cdb8696422f2fd9d4be2f2dbe5
Created: 2015/02/13 15:00:06
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\新しいフォルダー\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\manifest.json
Publisher:
MD5: 312e8137eb354f895b1ae9b39b4fc9d2
SHA-1: 1e9856bf0c89e436460cd92b10d9ab2d689cbab0
Created: 2014/12/17 16:14:38
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\新しいフォルダー\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json
Publisher:
MD5: 2d922aa30def0a058f85601f8acb5ce5
SHA-1: 62f069a274a987013c2c75ad46a4487355b0dea2
Created: 2014/12/17 16:14:34
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\疑わしきフォルダー類\新しいフォルダー\apdfllckaahabafndbhieahigkjlhalf\6.4_0\manifest.json
Publisher:
MD5: 93e34b017b195ac98aba32e64eede9f2
SHA-1: bfa2f63a3c2189cdb8696422f2fd9d4be2f2dbe5
Created: 2015/02/04 9:52:04
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\疑わしきフォルダー類\新しいフォルダー\apdfllckaahabafndbhieahigkjlhalf\fhlmoffoggikiefmphhkgjeocbfmcojf\238\manifest.json
Publisher:
MD5: 00b203f250760d4bbc6d25d6e4b79248
SHA-1: 43f29c19b7caa4ff659b0f5616bf224c1bfd8397
Created: 2015/06/10 12:15:23
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\疑わしきフォルダー類\新しいフォルダー\apdfllckaahabafndbhieahigkjlhalf\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\manifest.json
Publisher:
MD5: 5936157faab43c107772255709cc59dd
SHA-1: 8a0b72bc9e5fcee6baefa977859d4da6ff9dc0a3
Created: 2014/04/19 0:30:36
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\疑わしきフォルダー類\新しいフォルダー\apdfllckaahabafndbhieahigkjlhalf\icpgjfneehieebagbmdbhnlpiopdcmna\3.1.4_0\manifest.json
Publisher:
MD5: 619882a58d43ec3ba200d6d169875aba
SHA-1: b92885e1a4c53a5b11ca3135fb1da7b8fb248c75
Created: 2014/11/17 19:17:03
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\疑わしきフォルダー類\新しいフォルダー\apdfllckaahabafndbhieahigkjlhalf\nienhbdhmbdekjljlllimklmlgmdpkbd\1.0_0\manifest.json
Publisher:
MD5: 62641af8854af268aa096c7276d6f4e9
SHA-1: 04d262ff4cf1bb42e43ecc313cf4257fbea068fe
Created: 2014/05/05 11:45:17
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\疑わしきフォルダー類\新しいフォルダー\apdfllckaahabafndbhieahigkjlhalf\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json
Publisher:
MD5: 2d922aa30def0a058f85601f8acb5ce5
SHA-1: 62f069a274a987013c2c75ad46a4487355b0dea2
Created: 2014/02/19 11:05:51
Detections: 1
Determination: Adware
- Reason as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path: c:\windows\system32\maxxaudioaposhell64.dll
Publisher: Waves Audio Ltd.
Signer: US Waves inc
MD5: a543f21f7ad2c1105f8e36872f934b56
SHA-1: f3a734b363772023fa2da28f4ca151eb6cbbe5e9
Created: 2012/10/29 16:37:07
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Win32.Packer.PrivateExeProte-7

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\ext-ms-win-cluster-clusapi-l1-1-1.dll
Publisher: Microsoft Corporation
MD5: 6f5557e3f97cb2a957da5dcdaf1e22c1
SHA-1: c2a27e776fbfc3666642425dcc5f2b34bb41cb10
Created: 2013/08/22 13:14:14
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Backdoor/Bifrose.fxu (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\kbdcherp.dll
Publisher: Microsoft Corporation
MD5: f992fe1d923f59f806442449f3ea557b
SHA-1: d216f5bc5d466c1c9d94aa57a28c5226b214bdbc
Created: 2013/08/22 13:15:06
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Kryptik.ahcy (Undefined)

---------------------------------------------------------------------------------

File path: c:\windows\syswow64\vb6jp.dll
Publisher: Microsoft Corporation
MD5: ed7e561b635aaeaf38691646aa433c1d
SHA-1: 405882adb2ec2e5e82d7ed532dc852bb76f44dfa
Created: 2000/11/22 11:15:12
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Stranfom (Undefined)

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\1042\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\11227\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\11296\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\1158\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\11985\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\12165\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\12293\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\13246\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\13251\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\13301\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\13475\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\13649\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\13980\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\14164\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\14581\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\14730\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\1498\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\15172\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\15243\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\15553\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\16082\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\1628\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\18145\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\18629\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\1912\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\19159\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\1982\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\20128\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\20135\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\20480\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\20874\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\20996\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\21002\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------
  • キツツキ
  • 2015/09/11 (Fri) 17:47:55
返信フォームへ 
Re: DNS Unlockerに感染
続きです。

File path: c:\programdata\adobe\arm\reader_11.0.00\21008\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\2167\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\21754\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\2179\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\22142\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\22525\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\238\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\24368\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\24719\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\25919\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\25931\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\26184\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\26696\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\27252\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\27526\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\27808\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\2829\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\29173\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\29680\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\2973\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\29739\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\30121\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\30151\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\30161\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\30386\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\30520\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\30973\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\31829\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\32052\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\4000\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\4396\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\4996\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\5345\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\589\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\620\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\6542\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\8001\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\8080\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\8406\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\8995\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\9516\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\971\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\adobe\arm\reader_11.0.00\999\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\1042\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\11227\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\11296\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\1158\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\11985\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\12165\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\12293\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\13246\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\13251\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\13301\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\13475\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\13649\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\13980\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\14164\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\14581\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\14730\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\1498\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\15172\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\15243\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\15553\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\16082\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\1628\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\18145\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\18629\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\1912\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\19159\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\1982\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\20128\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\20135\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\20480\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\20874\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\20996\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\21002\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\21008\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\2167\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\21754\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\2179\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\22142\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\22525\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\238\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\24368\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\24719\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\25919\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\25931\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\26184\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\26696\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\27252\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\27526\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\27808\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\2829\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\29173\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\29680\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\2973\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\29739\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\30121\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\30151\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\30161\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\30386\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\30520\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\30973\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\31829\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\32052\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\4000\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\4396\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\4996\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\5345\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\589\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\620\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\6542\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\8001\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\8080\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------
  • キツツキ
  • 2015/09/11 (Fri) 17:49:30
返信フォームへ 
Re: DNS Unlockerに感染
File path: c:\programdata\application data\adobe\arm\reader_11.0.00\8406\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\8995\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\9516\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\971\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\programdata\application data\adobe\arm\reader_11.0.00\999\adobearm.exe
Publisher: Adobe Systems Incorporated
Signer: Adobe Systems, Incorporated
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4
SHA-1: 84d9a67a700a87c8c5ddd6b7dfc5eef70fa98020
Created: 2013/04/05 6:06:36
Detections: 2
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Backdoor/Win32.Swrort (Undefined)
- Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\clbhciphnicciddafaikhnolpkckonfc\2.3_0\scripts\bootstrap.js
Publisher:
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Created: 2015/06/24 13:53:56
Detections: 3
Determination: Ignore detections (false positive)
- Avira AntiVirus as W32/Renamer.A (Undefined)
- Microsoft Security Essentials as Virus:Win32/Parite.B (Undefined)
- F-Prot as W32/Parite.B (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\coimbocehblalffckgdlpmlhhnnihhek\1.8_0\scripts\document_start.js
Publisher:
MD5: 9f9f8549cfe2a1c7c982e0bfdf8afecc
SHA-1: 02c508cde22d53c299100d77e9e7d30433074eeb
Created: 2015/06/24 14:01:06
Detections: 1
Determination: Inconclusive
- Avira AntiVirus as W32/Sality.AT (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\dfdobmhlmkdmiokclbhgmiiehioogbbi\2.7_0\scripts\background.js
Publisher:
MD5: cacac2d31568cc6bfa1d69021b03ab2b
SHA-1: 37b7c86e795b43e55f8412001a7c30c27fedfe09
Created: 2014/09/01 23:28:57
Detections: 1
Determination: Inconclusive
- F-Secure as Trojan:JS/Kilim.L (Undefined)

---------------------------------------------------------------------------------

File path: c:\users\【ユーザー名】\desktop\新しいフォルダー (39)\mmdoimdghkdfbockfhigkohhfjokikmj\2.5_0\scripts\bootstrap.js
Publisher:
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Created: 2015/08/08 9:37:38
Detections: 3
Determination: Ignore detections (false positive)
- Avira AntiVirus as W32/Renamer.A (Undefined)
- Microsoft Security Essentials as Virus:Win32/Parite.B (Undefined)
- F-Prot as W32/Parite.B (Undefined)
  • キツツキ
  • 2015/09/11 (Fri) 17:54:47
返信フォームへ 
ログが途切れています
HPのログを確認いたしましたが、一番最後から9つだけ文字数上限により削除されています。
こちらを貼りなおしてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/11 (Fri) 17:56:04
返信フォームへ 
Re: DNS Unlockerに感染
すみません、すれ違いになったみたいですね。残りの9つは既に、貼っております。

  • キツツキ
  • 2015/09/11 (Fri) 19:16:20
返信フォームへ 
OTLで今一度処置を
過去にダウンロードしたインストールファイルがほとんどとなっていますが、
とりあえず処置しましょう。

HPは不要ですので、導入時の指示に従って削除なされてください。

メモ帳を起動させ、以下をコピペしてください。
なお、:OTL、:Files、:Commands等はOTLでの処理方法を決める命令文です。
削除なされないようご注意ください。

------コピペこの下より------
:Files
%userprofile%\downloads\7z920.exe
%userprofile%\downloads\adwcleaner-5-001-multi-win (1).exe
%userprofile%\downloads\adwcleaner-5-001-multi-win.exe
%userprofile%\downloads\balkonweapons (1).exe
%userprofile%\downloads\bdcamsetup_jpn (1).exe
%userprofile%\downloads\cbsidlm-cbsi183-vector_clocks-bp-75322976.exe
%userprofile%\downloads\diy00340569823.exe
%userprofile%\downloads\fileviewpro_2014.exe
%userprofile%\downloads\junkware-removal-tool-6-4-2-en-win (1).exe
%userprofile%\downloads\junkware-removal-tool-6-4-2-en-win.exe
%userprofile%\downloads\liteloader-installer-1.7.10-00.exe
%userprofile%\downloads\lpls159.exe
%userprofile%\downloads\rainmeter-3.0.2.exe
%userprofile%\downloads\rckp317 (1).exe
%userprofile%\downloads\vlc-2.1.0-win32.exe
%userprofile%\downloads\未確認 457344.crdownload
%userprofile%\downloads\wint\wint.exe
%userprofile%\desktop\新しいフォルダー (39)\clbhciphnicciddafaikhnolpkckonfc
%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[emptytemp]
[createrestorepoint]
[reboot]
------コピペこの上まで------

コピペが完了しましたら、分かりやすいお名前をつけて保存してください。
その後、PCをセーフモードで起動させてください。
再度OTLを起動させ、Custom Scan/Fixesの項目内に上記で保存した内容をコピペしてください。
今回は駆除作業のため、その他のチェック項目はありません。
赤い文字の[Run Fix]をクリックして処置を開始してください。
OTLの処置に従って進めてゆき、通常モードで再起動を行う前後いずれかに処置ログが表示されますので、
そちらのログを貼り付けてご連絡ください。
またその際に状況報告もお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/11 (Fri) 19:50:26
返信フォームへ 
Re: DNS Unlockerに感染
ログです。
OTLログ

All processes killed
========== FILES ==========
C:\Users\【ユーザー名】\downloads\7z920.exe moved successfully.
C:\Users\【ユーザー名】\downloads\adwcleaner-5-001-multi-win (1).exe moved successfully.
C:\Users\【ユーザー名】\downloads\adwcleaner-5-001-multi-win.exe moved successfully.
C:\Users\【ユーザー名】\downloads\balkonweapons (1).exe moved successfully.
C:\Users\【ユーザー名】\downloads\BDCAMSETUP_JPN (1).EXE moved successfully.
C:\Users\【ユーザー名】\downloads\cbsidlm-cbsi183-Vector_Clocks-BP-75322976.exe moved successfully.
C:\Users\【ユーザー名】\downloads\diy00340569823.exe moved successfully.
C:\Users\【ユーザー名】\downloads\FileViewPro_2014.exe moved successfully.
C:\Users\【ユーザー名】\downloads\junkware-removal-tool-6-4-2-en-win (1).exe moved successfully.
C:\Users\【ユーザー名】\downloads\junkware-removal-tool-6-4-2-en-win.exe moved successfully.
C:\Users\【ユーザー名】\downloads\liteloader-installer-1.7.10-00.exe moved successfully.
C:\Users\【ユーザー名】\downloads\lpls159.exe moved successfully.
C:\Users\【ユーザー名】\downloads\Rainmeter-3.0.2.exe moved successfully.
C:\Users\【ユーザー名】\downloads\RCKP317 (1).exe moved successfully.
C:\Users\【ユーザー名】\downloads\vlc-2.1.0-win32.exe moved successfully.
C:\Users\【ユーザー名】\downloads\未確認 457344.crdownload moved successfully.
C:\Users\【ユーザー名】\downloads\wint\WinT.exe moved successfully.
C:\Users\【ユーザー名】\desktop\新しいフォルダー (39)\clbhciphnicciddafaikhnolpkckonfc\2.3_0\scripts folder moved successfully.
C:\Users\【ユーザー名】\desktop\新しいフォルダー (39)\clbhciphnicciddafaikhnolpkckonfc\2.3_0\js folder moved successfully.
C:\Users\【ユーザー名】\desktop\新しいフォルダー (39)\clbhciphnicciddafaikhnolpkckonfc\2.3_0\img folder moved successfully.
C:\Users\【ユーザー名】\desktop\新しいフォルダー (39)\clbhciphnicciddafaikhnolpkckonfc\2.3_0\css folder moved successfully.
C:\Users\【ユーザー名】\desktop\新しいフォルダー (39)\clbhciphnicciddafaikhnolpkckonfc\2.3_0 folder moved successfully.
C:\Users\【ユーザー名】\desktop\新しいフォルダー (39)\clbhciphnicciddafaikhnolpkckonfc folder moved successfully.
C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\_metadata folder moved successfully.
C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1\images folder moved successfully.
C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_1 folder moved successfully.
C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: 【ユーザー名】
->Temp folder emptied: 10448388 bytes
->Temporary Internet Files folder emptied: 10060801 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 229659327 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1240829 bytes
RecycleBin emptied: 658867524 bytes

Total Files Cleaned = 868.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 09112015_205132

Files\Folders moved on Reboot...
C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • キツツキ
  • 2015/09/11 (Fri) 20:56:15
返信フォームへ 
数時間の様子見後に結果報告を
OTLでの処置は正常に完了した模様です。
それではここで数時間程度の様子見を行い、
様子見の結果をお知らせください。
  • IVNO
  • MAIL
  • 2015/09/11 (Fri) 22:40:28
返信フォームへ 
Re: DNS Unlockerに感染
遅くなってすみません。

約10時間程の様子見の結果、特に異変は起きておりません。広告も出ていません。
  • キツツキ
  • 2015/09/12 (Sat) 07:00:27
返信フォームへ 
もう少々処置を
現状では異常は出ていないと言うことですね。
それではこれからの作業が今後どうなるかを分ける作業となりそうです。

以下のソフトウェアをご用意ください。

Malwarebytes Junkware Removal tool(通称:JRT)
http://downloads.malwarebytes.org/file/jrt
クリックするとファイルがダウンロードされますので、わかりやすい場所に保存なされてください。
削除時は本体ごとゴミ箱に入れて削除してください。

準備ができたら作業を開始いたします。
今回の作業は通常モードのままで結構です。
JRTを起動させてください。
エンターキーなどのキーを押してスキャンを開始します。
検出された場合は再起動するかと問われますが、Nキーを押して再起動はキャンセルしてください。
すべての検出が終わると結果が表示されますので、わかりやすい場所に保存してください。
保存が完了しましたら、一度PCを再起動させてください。
再起動が完了しましたら、JRTのログを貼り付けてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/12 (Sat) 18:37:31
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

JRTログ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 8.1 Pro x64
Ran by 【ユーザー名】 on 2015/09/12 at 19:17:05.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Uninstaller_SkipUac_【ユーザー名】
Successfully deleted: [Task] C:\WINDOWS\Tasks\Uninstaller_SkipUac_【ユーザー名】.job



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\【ユーザー名】\AppData\Roaming\appdataFr2.bin
Successfully deleted: [File] C:\Users\【ユーザー名】\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\【ユーザー名】\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\【ユーザー名】\AppData\Roaming\productdata



~~~ Chrome


[C:\Users\【ユーザー名】\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\【ユーザー名】\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\【ユーザー名】\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\【ユーザー名】\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015/09/12 at 19:19:27.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • キツツキ
  • 2015/09/12 (Sat) 19:28:16
返信フォームへ 
JRTは削除しACでスキャンを
JRTではいくつかの駆除が確認できます。
やはり沈静化はしていてもまだ内部には残っている模様です。
今一度ACでスキャンを行いましょう。

以下のソフトウェアをご用意ください。

「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンクです。アクセスしてファイルを分かりやすい場所に保存しておいてください。
ソフトウェアを一度起動させることにより自動的にアップデートが始まります。
アップデートが完了しましたら今は何もせずに終了させてください。
本ソフトウェアの削除指示があった際は起動後に「アンインストール」ボタンを押せば自動で削除されます。

準備できたら作業を開始しましょう。

PCをセーフモードで起動させてください。
ACを起動させ、Scanまたはスキャンをクリックします。
スキャンが終了しましたら、Cleaningまたは削除をクリックして掃除を行います。
掃除が完了すると再起動を求められますので、指示に従って通常モードで再起動を行ってください。
これでセーフモードから通常モードに移行します。
再起動前後いずれかにACのログが表示さますので、そちらを貼り付けてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/12 (Sat) 21:22:19
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

ACログ

# AdwCleaner v5.006 - ログファイルの作成日 12/09/2015 作成時間 21:53:13
# 更新日 06/09/2015 作成元 Xplode
# データベース : 2015-08-31.2 [ローカル]
# オペレーティングシステム : Windows 8.1 Pro (x64)
# ユーザー名 : 【ユーザー名】 - HIROAKI
# 実行場所 : C:\Users\【ユーザー名】\Downloads\AdwCleaner.exe
# オプション : 削除
# サポート : http://toolslib.net/forum

***** [ サービス ] *****


***** [ フォルダ ] *****


***** [ ファイル ] *****

[-] ファイル 削除済み項目 : C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] ファイル 削除済み項目 : C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal

***** [ ショートカット ] *****


***** [ スケジュールタスク ] *****


***** [ レジストリ ] *****


***** [ Webブラウザ ] *****


*************************

:: Winsock設定を初期化しました

*************************

C:\AdwCleaner[C1].txt - [5708 バイト] - [05/09/2015 02:39:19]
C:\AdwCleaner[S1].txt - [23534 バイト] - [05/09/2015 02:30:28]
C:\AdwCleaner[S2].txt - [1442 バイト] - [05/09/2015 03:35:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1167 バイト] ##########
  • キツツキ
  • 2015/09/12 (Sat) 21:57:19
返信フォームへ 
ACは削除し今一度OTLでスキャンを
ACでは微妙に駆除されていますね。
ACは不要となりますので、ACを起動させてアンインストールボタンを押して削除なされてください。

今一度OTLでスキャンを行いましょう。
改めて手順を記述いたします。

以下のソフトウェアをご準備ください。

OldTimer Listit(通称:OTL)
http://oldtimer.geekstogo.com/OTL.exe
直リンクです。デスクトップ等、分かりやすい場所に保存してください。
削除する際は起動後に「Cleanup」ボタンを押すことにより、自動的に削除されます。

OTLを起動させる前にブラウザを含め、可能な限りのソフトウェアを終了させてください。
ソフトウェアの終了が完了しましたら、OTLを起動させてください。
表示画面上部中央にあるScan All Usersにチェックを入れてください。
設定が完了しましたら、Custom Scan/Fixesの項目内に以下をコピペしてください。

------コピペこの下より------
SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT
------コピペこの上まで------

コピペが完了しましたら、Run Scanをクリックしてスキャンを行ってください。
スキャン完了まで数分程度かかりますので、今しばらくお待ちください。
スキャンが完了しましたら、OTLを保存した場所と同じところに、
OTL.txtとExtras.txtが出力されますので、そちらを貼り付けてご連絡ください。
なお、OTLはその特性上、非常に長文となります。
こちらの掲示板の文字数上限がひらがな換算で約3万文字、英数字換算で約6万文字です。
確実に文字数オーバーとなりますので、余裕を見て5万5千文字程度になるように、
以下のURLの文字数カウンター等で確認しつつ、ログを分割されてご連絡ください。
http://www2u.biglobe.ne.jp/~yuichi/rest/strcount.html
  • IVNO
  • MAIL
  • 2015/09/12 (Sat) 22:37:08
返信フォームへ 
Re: DNS Unlockerに感染
ログです

OTLログ

OTL logfile created on: 2015/09/12 23:10:03 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\【ユーザー名】\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18036)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.92 Gb Total Physical Memory | 13.83 Gb Available Physical Memory | 86.83% Memory free
17.83 Gb Paging File | 15.66 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.00 Gb Total Space | 1.82 Gb Free Space | 0.82% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 4.79 Gb Free Space | 64.74% Space Free | Partition Type: FAT32
Drive E: | 4.38 Gb Total Space | 0.50 Gb Free Space | 11.35% Space Free | Partition Type: UDF

Computer Name: HIROAKI | User Name: 【ユーザー名】 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/09/08 20:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\【ユーザー名】\Downloads\OTL.exe
PRC - [2015/07/31 03:18:57 | 002,909,472 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2015/07/23 05:16:32 | 002,266,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
PRC - [2015/07/23 05:16:24 | 002,303,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2015/07/22 17:02:46 | 000,156,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
PRC - [2015/07/22 15:33:42 | 000,174,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
PRC - [2015/07/22 15:33:12 | 000,680,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
PRC - [2015/07/22 01:02:22 | 031,535,264 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2015/07/16 18:39:26 | 005,521,792 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
PRC - [2015/07/15 19:57:58 | 001,011,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/03/20 18:12:26 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2015/02/06 06:01:44 | 002,585,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/02/06 06:01:44 | 001,706,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/02/06 02:57:45 | 000,410,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2015/01/08 10:05:16 | 000,060,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2014/11/21 13:20:52 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/04/08 07:06:08 | 001,259,808 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2014/04/08 01:03:04 | 000,383,264 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2014/04/07 13:38:00 | 000,139,104 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
PRC - [2014/03/31 14:12:36 | 000,211,808 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
PRC - [2013/10/15 17:30:30 | 000,525,448 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2013/10/15 17:30:28 | 003,526,776 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2013/02/13 00:36:48 | 000,126,976 | ---- | M] (Brio) -- C:\Program Files (x86)\FolderSize\FolderSize.exe
PRC - [2013/02/13 00:36:46 | 000,114,688 | ---- | M] (Brio) -- C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
PRC - [2013/01/09 01:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2012/11/19 12:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/11/19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/05/09 16:03:28 | 000,078,312 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012/03/28 19:34:28 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/29 19:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe
PRC - [2011/03/09 14:21:54 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/09/09 14:04:21 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\20d04b3ee5ff89c8afdbf93c74268566\IAStorUtil.ni.dll
MOD - [2015/09/09 13:00:44 | 012,898,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\09785c0df09bdf24e579cceaa2428fad\System.Windows.Forms.ni.dll
MOD - [2015/09/09 13:00:34 | 001,639,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\7449ed83cff59f33ab4875d4b771fe70\System.Drawing.ni.dll
MOD - [2015/08/15 05:39:32 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2015/08/15 05:39:28 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll
MOD - [2015/08/14 22:44:28 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\662aae610c401a254416904a4861b189\System.ServiceModel.ni.dll
MOD - [2015/08/14 22:44:11 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll
MOD - [2015/08/14 22:43:55 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\814dd462b742d7c16c620e79397b2463\System.Configuration.ni.dll
MOD - [2015/08/14 22:43:26 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\67bdc09fa286920c1f42f2a98c400f95\System.Core.ni.dll
MOD - [2015/08/14 22:43:07 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2015/07/22 15:32:36 | 036,732,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
MOD - [2015/07/22 01:02:22 | 031,535,264 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2015/07/16 18:39:24 | 000,121,856 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
MOD - [2015/07/16 18:39:22 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
MOD - [2015/07/16 18:39:22 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
MOD - [2015/07/16 18:39:22 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
MOD - [2015/07/16 18:39:22 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
MOD - [2015/07/16 18:39:22 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
MOD - [2015/07/16 18:39:20 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
MOD - [2015/05/14 17:51:21 | 002,964,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fc3b086418e8d8807cfb6b88ccae1c64\System.IdentityModel.ni.dll
MOD - [2015/03/20 18:12:42 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/12/10 05:37:31 | 000,026,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\e8ad82cba0e31a5f24d1c14a6ff6088b\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/12/10 05:37:13 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll
MOD - [2014/12/10 05:37:13 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll
MOD - [2014/12/03 11:19:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\6b32db57e0a4d65caa47d67dfea865e8\IAStorCommon.ni.dll
MOD - [2014/09/24 15:59:52 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2011/03/09 14:21:56 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2011/03/09 14:21:48 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:[b]64bit:[/b] - [2015/07/22 22:52:08 | 001,633,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/07/14 03:32:44 | 002,765,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,366,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2015/05/31 04:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2015/05/12 22:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2015/05/08 00:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2015/02/21 08:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 021,833,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 001,148,560 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:[b]64bit:[/b] - [2014/12/01 00:21:23 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/29 13:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:[b]64bit:[/b] - [2014/10/29 12:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/10/29 12:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/10/29 11:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/10/29 11:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2014/10/29 11:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/10/29 10:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/10/29 10:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2014/10/29 09:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/10/29 09:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2011/11/29 19:48:06 | 000,131,000 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cthwsrv64.exe -- (CypherGuard Info Service)
SRV:[b]64bit:[/b] - [2011/11/29 19:26:28 | 000,127,416 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe -- (CypherGuard cguard Service 64bit Edition)
SRV - [2015/09/02 04:08:44 | 000,149,160 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/08/20 05:39:00 | 000,838,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/08/13 02:53:11 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/07/31 03:18:57 | 002,909,472 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/07/22 15:33:12 | 000,680,112 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2015/07/09 13:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/05/08 00:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2015/02/06 06:01:44 | 001,706,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/02/06 02:57:45 | 000,410,952 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/10/29 12:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/29 10:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/29 10:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/04/08 07:06:08 | 001,259,808 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2014/04/08 01:03:04 | 000,383,264 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2014/04/07 13:38:00 | 000,139,104 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2013/11/07 07:12:11 | 005,204,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/07/11 17:06:40 | 000,452,912 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\elecom\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2013/07/11 17:05:40 | 001,863,680 | ---- | M] (Ralink) [Auto | Stopped] -- C:\Program Files (x86)\elecom\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2013/02/13 00:36:46 | 000,114,688 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2013/01/09 01:00:02 | 000,293,216 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2012/11/19 12:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/05/09 16:03:26 | 000,242,664 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/11/29 19:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe -- (CypherGuard cguard Service 32bit Edition)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/07/07 18:40:12 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2015/07/07 18:40:05 | 000,270,168 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2015/07/07 18:40:05 | 000,114,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2015/04/16 15:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2015/03/30 15:28:52 | 000,044,296 | -H-- | M] (LogMeIn Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Hamdrv.sys -- (Hamachi)
DRV:[b]64bit:[/b] - [2015/03/20 10:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2015/03/18 02:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2015/03/13 13:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2015/03/09 11:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2015/03/09 11:02:45 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2015/03/04 19:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,195,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,038,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2015/02/06 06:01:44 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:[b]64bit:[/b] - [2014/12/01 00:22:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/12/01 00:22:04 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/10/29 12:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/10/29 12:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/10/29 12:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/10/29 12:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/10/15 17:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/10/07 15:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/10/07 15:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/09/24 17:01:27 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:[b]64bit:[/b] - [2014/09/24 16:29:37 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:20 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:06 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2014/09/24 15:59:05 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:37 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2014/09/24 15:29:30 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/15 09:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/02/02 16:17:40 | 000,124,192 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cymon.sys -- (Cymon)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:14 | 000,117,312 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:10 | 000,085,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:[b]64bit:[/b] - [2013/12/03 17:57:04 | 000,283,160 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation)
[Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 21:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 21:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 17:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 08:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/10 09:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/31 03:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 04:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2013/07/11 11:39:06 | 000,037,904 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\tmel.sys -- (tmel)
DRV:[b]64bit:[/b] - [2013/07/08 12:16:30 | 000,103,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmusa.sys -- (tmusa)
DRV:[b]64bit:[/b] - [2013/06/28 13:44:32 | 002,441,392 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2013/06/18 23:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:[b]64bit:[/b] - [2013/06/13 15:35:10 | 000,100,640 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:[b]64bit:[/b] - [2013/05/31 00:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:[b]64bit:[/b] - [2013/05/05 16:32:46 | 000,039,168 | ---- | M] (Scarlet.Crush Productions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScpVBus.sys -- (ScpVBus)
DRV:[b]64bit:[/b] - [2013/04/12 11:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2012/11/19 12:10:38 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/07/13 11:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2012/02/23 12:20:36 | 000,317,744 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:[b]64bit:[/b] - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2011/07/14 22:00:50 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV:[b]64bit:[/b] - [2010/02/04 13:49:02 | 000,740,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC1150.X64.SYS -- (DC1150.X64)
DRV:[b]64bit:[/b] - [2009/11/24 09:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/24 09:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:[b]64bit:[/b] - [2009/09/03 05:00:19 | 000,045,616 | R--- | M] (I-O DATA DEVICE, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IOSPD5.SYS -- (IOSPD5)
DRV - [2013/02/22 18:24:39 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {818E0927-F026-4031-A592-4FEABD11A97E}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{818E0927-F026-4031-A592-4FEABD11A97E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MANMJS
IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://oem.msn.com/
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\..\SearchScopes,DefaultScope = {818E0927-F026-4031-A592-4FEABD11A97E}
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll File not found
FF:[b]64bit:[/b] -
HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cjinternet.jp/application/cjij-launcher-plugin,version=1.0.0.5: C:\Program Files (x86)\CJIJ\npCJIJLauncher.dll (CJ Internet Japan)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:
  • キツツキ
  • 2015/09/12 (Sat) 23:51:56
返信フォームへ 
Re: DNS Unlockerに感染
続きです

C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll (gameon)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\Common files\nppmangsupport.dll (gameon)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\【ユーザー名】\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\8.0.1173\8.0.1173\FIREFOXEXTENSION
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014/10/11 22:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}: C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ [2014/11/05 23:56:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 40.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/08/03 21:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\【ユーザー名】\AppData\Roaming\mozilla\Extensions
[2015/09/12 22:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\【ユーザー名】\AppData\Roaming\mozilla\Firefox\Profiles\uzuugfdb.default\extensions
[2015/09/02 04:08:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/09/02 04:08:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2015/09/11 20:51:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (no name) - {613c18c1-08f1-4a62-9015-afeb9515af51} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Yahoo!ツールバーフィッシング警告) - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll (Yahoo Japan Corporation. )
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yahoo!ツールバーヘルパー) - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Yahoo!ツールバー) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (Yahoo! JAPAN)
O3 - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logicool Gaming Software\LCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [Folder Size] C:\Program Files (x86)\FolderSize\FolderSize.exe (Brio)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [OneDrive] C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1986508758-1585181776-1248126739-1001..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Users\【ユーザー名】\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FBD7DF6-0ABE-4555-871F-1A39827E9AB0}: DhcpNameServer = 192.168.10.1
O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmbp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtbim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {78E345F7-E976-3595-9C30-2458D6A8EC32} - .NET Framework
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\WINDOWS\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EC43E638-09F0-38CC-A585-72FCCDDF035C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/09/12 22:21:31 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (10)
[2015/09/12 21:52:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/09/12 19:25:30 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\ProductData
[2015/09/12 02:43:14 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (42)
[2015/09/12 02:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\AGMDecoder
[2015/09/11 17:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Reason
[2015/09/11 11:46:09 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes
[2015/09/11 11:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/09/11 11:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/09/11 11:46:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/09/11 11:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/09/10 22:33:02 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Skype
[2015/09/10 22:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/09/10 22:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/09/10 22:32:56 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/09/10 22:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2015/09/10 22:19:44 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (41)
[2015/09/10 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\新しいフォルダー
[2015/09/09 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro Installer
[2015/09/09 11:30:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2015/09/09 11:20:48 | 002,240,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015/09/09 11:20:48 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015/09/09 11:20:47 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015/09/09 11:20:47 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015/09/09 11:20:47 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015/09/09 11:20:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015/09/09 11:20:47 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015/09/09 11:20:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015/09/09 11:20:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015/09/09 11:20:47 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015/09/09 11:20:47 | 000,029,696 | ---- | C] (Microsoft Corporation) --
C:\WINDOWS\SysWow64\wuapp.exe
[2015/09/09 11:20:04 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InkEd.dll
[2015/09/09 11:20:04 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InkEd.dll
[2015/09/09 11:20:03 | 000,118,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\consent.exe
[2015/09/09 11:20:02 | 001,633,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2015/09/09 11:20:02 | 000,951,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdh.dll
[2015/09/09 11:20:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UtcResources.dll
[2015/09/09 11:20:01 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdh.dll
[2015/09/09 11:19:53 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/09/09 11:19:53 | 002,126,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/09/09 11:19:53 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/09/09 11:19:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/09/09 11:19:53 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/09/09 11:19:53 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/09/09 11:19:53 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/09/09 11:19:52 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/09/09 11:19:52 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/09/09 11:19:52 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/09/09 11:19:49 | 002,819,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2015/09/09 11:19:49 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskeng.exe
[2015/09/09 11:19:49 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\schtasks.exe
[2015/09/09 11:19:49 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\schtasks.exe
[2015/09/09 11:19:47 | 002,775,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2015/09/09 11:19:47 | 001,728,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2015/09/09 11:19:47 | 001,546,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2015/09/09 11:19:47 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2015/09/09 11:19:46 | 002,461,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2015/09/09 11:19:46 | 001,380,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll
[2015/09/09 11:19:46 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2015/09/09 11:19:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shacct.dll
[2015/09/09 11:19:46 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\shacct.dll
[2015/09/09 11:19:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tzsync.exe
[2015/09/09 11:19:43 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/09/09 11:19:43 | 000,301,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/09/09 11:19:43 | 000,074,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appidapi.dll
[2015/09/09 11:19:43 | 000,065,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appidapi.dll
[2015/09/09 11:19:43 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/09/09 11:19:43 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/09/09 01:02:28 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (40)
[2015/09/07 21:12:10 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (36)
[2015/09/07 13:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/09/07 13:55:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Sun
[2015/09/07 13:55:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\.oracle_jre_usage
[2015/09/07 13:16:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Roaming\Geek Uninstaller
[2015/09/07 13:16:21 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\geek (1)
[2015/09/07 00:48:11 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (29)
[2015/09/05 23:19:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (27)
[2015/09/05 23:15:56 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (17)
[2015/09/05 03:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/09/05 03:14:09 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (39)
[2015/09/04 01:40:53 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (38)
[2015/09/03 03:44:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (37)
[2015/09/02 04:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/08/30 11:16:56 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\documents-export-2015-08-29
[2015/08/25 22:48:43 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (35)
[2015/08/25 21:34:33 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\透けマイクロビキニ(仮)
[2015/08/25 14:41:08 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (34)
[2015/08/24 23:10:43 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\CEF
[2015/08/22 20:59:20 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (32)
[2015/08/18 13:44:34 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (31)
[2015/08/18 11:21:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (30)
[2015/08/18 01:48:26 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (25)
[2015/08/18 01:06:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (24)
[2015/08/18 00:53:29 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\goo
[2015/08/17 23:47:13 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (23)
[2015/08/17 23:39:55 | 000,000,000 | R--D | C] -- C:\Users\【ユーザー名】\Google ドライブ
[2015/08/17 23:21:17 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\Macromedia
[2015/08/17 23:19:22 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (21)
[2015/08/17 23:17:48 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\AppData\Local\Mozilla
[2015/08/17 00:44:00 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (18)
[2015/08/16 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\【ユーザー名】\Desktop\新しいフォルダー (15)
[2 C:\Users\【ユーザー名】\AppData\Local\*.tmp files -> C:\Users\【ユーザー名】\AppData\Local\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/09/12 22:53:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/09/12 22:34:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2015/09/12 22:31:35 | 011,000,170 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_223114.agm
[2015/09/12 22:31:09 | 035,763,934 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_223007.agm
[2015/09/12 22:29:04 | 021,830,096 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_222824.agm
[2015/09/12 22:23:27 | 022,253,352 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_222246.agm
[2015/09/12 22:22:27 | 001,088,020 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_222222.agm
[2015/09/12 22:22:14 | 001,144,248 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_222209.agm
[2015/09/12 22:20:27 | 032,019,584 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\AGDRec.agm
[2015/09/12 22:15:51 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/09/12 22:00:17 | 001,499,946 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/09/12 22:00:17 | 000,723,316 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/09/12 22:00:17 | 000,500,688 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2015/09/12 22:00:17 | 000,135,994 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2015/09/12 22:00:17 | 000,135,930 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/09/12 21:55:42 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/09/12 21:53:55 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/12 21:53:45 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2015/09/12 21:53:40 | 791,961,597 | -HS- | M] () -- C:\hiberfil.sys
[2015/09/12 02:29:22 | 012,793,344 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\AGDRec.avi
[2015/09/11 20:51:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2015/09/11 11:46:06 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/10 22:32:57 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/09/10 09:48:17 | 000,760,560 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/09/09 22:48:58 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\ウイルスバスター クラウドのインストーラ.lnk
[2015/09/07 14:11:55 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2015/09/07 13:54:56 | 000,097,888 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2015/09/06 18:31:30 | 000,125,763 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\5.jpg
[2015/09/05 03:27:47 | 000,002,289 | ---- | M] () -- C:\Users\【ユーザー名】\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/09/05 03:18:18 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/09/05 03:05:40 | 000,005,586 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2015/09/02 11:55:31 | 000,358,912 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2015/09/02 11:50:54 | 000,044,032 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2015/09/02 11:17:36 | 000,301,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2015/09/02 11:13:29 | 000,035,840 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2015/08/27 11:48:44 | 000,136,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2015/08/27 09:55:05 | 000,115,677 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\CL5pDkgUcAAONiY.jpg
[2015/08/27 03:00:58 | 000,721,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2015/08/27 03:00:14 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2015/08/27 03:00:14 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2015/08/27 03:00:14 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2015/08/26 23:29:10 | 002,240,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2015/08/26 23:27:36 | 000,891,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2015/08/26 23:27:02 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2015/08/26 23:26:38 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2015/08/26 23:26:37 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2015/08/26 23:26:37 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2015/08/25 17:28:56 | 000,020,340 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\aitemu.jpg
[2015/08/23 02:34:16 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/08/23 02:21:20 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/08/23 02:20:20 | 005,923,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/08/23 01:45:18 | 000,665,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/08/23 01:41:49 | 000,720,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/08/23 01:41:05 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/08/23 01:39:28 | 002,126,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/08/23 01:18:25 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/08/23 01:01:54 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/08/23 00:55:04 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/08/19 09:07:14 | 001,347,265 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\CL7KS6dUMAAOert.png
[2015/08/17 23:40:02 | 000,001,676 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\Google ドライブ.lnk
[2015/08/17 23:17:42 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/08/15 00:26:24 | 000,001,157 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\Adobe Lightroom.lnk
[2015/08/14 23:26:37 | 002,496,190 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\51954286_p0.png
[2015/08/14 01:54:46 | 000,528,087 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\23-2.jpg
[2015/08/14 01:54:43 | 000,535,123 | ---- | M] () -- C:\Users\【ユーザー名】\Desktop\23-1.jpg
[2 C:\Users\【ユーザー名】\AppData\Local\*.tmp files -> C:\Users\【ユーザー名】\AppData\Local\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/09/12 22:31:14 | 011,000,170 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_223114.agm
[2015/09/12 22:30:07 | 035,763,934 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_223007.agm
[2015/09/12 22:28:24 | 021,830,096 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_222824.agm
[2015/09/12 22:22:46 | 022,253,352 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_222246.agm
[2015/09/12 22:22:22 | 001,088,020 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_222222.agm
[2015/09/12 22:22:09 | 001,144,248 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\AGDRec_20150912_222209.agm
[2015/09/12 02:29:08 | 012,793,344 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\AGDRec.avi
[2015/09/12 02:15:25 | 032,019,584 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\AGDRec.agm
[2015/09/10 22:32:57 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/09/09 22:48:58 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\ウイルスバスター クラウドのインストーラ.lnk
[2015/09/09 11:19:47 | 000,411,455 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/09/07 21:30:51 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/09/06 18:31:30 | 000,125,763 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\5.jpg
[2015/09/05 03:18:18 | 000,002,289 | ---- | C] () -- C:\Users\【ユーザー名】\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/09/05 03:18:18 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/09/05 03:05:40 | 000,005,586 | ---- | C] () -- C:\WINDOWS\SysNative\.crusader
[2015/08/27 09:55:05 | 000,115,677 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\CL5pDkgUcAAONiY.jpg
[2015/08/25 17:28:56 | 000,020,340 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\aitemu.jpg
[2015/08/19 09:07:14 | 001,347,265 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\CL7KS6dUMAAOert.png
[2015/08/17 23:40:02 | 000,001,676 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\Google ドライブ.lnk
[2015/08/17 23:17:42 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/08/17 23:17:42 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/08/14 23:26:37 | 002,496,190 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\51954286_p0.png
[2015/08/14 01:54:46 | 000,528,087 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\23-2.jpg
[2015/08/14 01:54:43 | 000,535,123 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop\23-1.jpg
[2015/08/07 22:47:09 | 000,000,000 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\{C53A12FC-5C8E-4E24-BE56-FB1B3FC9CEA2}
[2015/05/19 23:22:10 | 017,452,880 | ---- | C] () -- C:\Users\【ユーザー名】\Desktop.wav
[2015/03/06 18:07:01 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2015/03/06 18:05:57 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015/01/16 19:20:39 | 000,000,034 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\AdobeWLCMCache.dat
[2015/01/14 19:28:02 | 000,524,288 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2015/01/14 19:28:02 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\Lagarith.dll
[2015/01/14 19:28:02 | 000,139,264 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2014/12/03 10:55:45 | 000,053,430 | ---- | C] () -- C:\Users\【ユーザー名】\genymotion-log.zip
[2014/11/29 23:00:21 | 000,017,964 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\recently-used.xbel
[2014/11/17 01:31:48 | 000,001,245 | ---- | C] () -- C:\Users\【ユーザー名】\DigitalClock2.class
[2014/11/17 01:25:45 | 000,003,158 | ---- | C] () -- C:\Users\【ユーザー名】\Clock1.class
[2014/11/16 20:25:22 | 000,001,657 | ---- | C] () -- C:\Users\【ユーザー名】\Tokei.class
[2014/11/16 20:25:22 | 000,000,337 | ---- | C] () -- C:\Users\【ユーザー名】\Ada.class
[2014/11/16 20:19:03 | 000,000,879 | ---- | C] () -- C:\Users\【ユーザー名】\DigitalClock2.java
[2014/11/15 20:30:10 | 000,000,094 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/11/02 11:25:10 | 000,021,528 | ---- | C] () -- C:\WINDOWS\DCEBoot64.exe
[2014/10/11 22:50:01 | 000,000,036 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\housecall.guid.cache
[2014/09/29 03:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AI6WIN.INI
[2014/09/24 15:59:40 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
  • キツツキ
  • 2015/09/12 (Sat) 23:52:59
返信フォームへ 
Re: DNS Unlockerに感染
続きです

[2014/09/20 04:37:04 | 000,200,231 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Roaming\VideoPad.dmp
[2014/08/03 16:41:20 | 000,013,973 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCoInst.dat
[2014/08/03 16:41:18 | 000,792,416 | ---- | C] () -- C:\WINDOWS\SysWow64\DiagFunc.dll
[2014/08/03 16:41:18 | 000,000,451 | ---- | C] () -- C:\WINDOWS\SysWow64\DiagFunc.ini
[2014/07/19 20:36:31 | 000,000,993 | ---- | C] () -- C:\WINDOWS\UN900119.INI
[2014/06/20 15:41:04 | 000,007,637 | ---- | C] () -- C:\Users\【ユーザー名】\AppData\Local\Resmon.ResmonCfg
[2014/06/15 01:56:29 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Lhaca.ini
[2013/12/29 19:21:15 | 000,002,304 | ---- | C] () -- C:\WINDOWS\SysWow64\HtsysmNT.sys
[2013/12/07 11:02:13 | 000,231,960 | ---- | C] () -- C:\WINDOWS\RegBootClean64.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2015/03/13 15:07:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/05/08 02:50:50 | 022,292,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/05/08 01:53:12 | 019,734,960 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 10:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 09:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 10:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2014/10/16 19:49:30 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp
[2015/09/12 19:17:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk
[2014/10/17 09:31:05 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp\S-1-5-21-1986508758-1585181776-1248126739-1001
[2015/05/21 01:26:09 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw32\msys\home\x86\ffmpeg\.git
[2015/05/21 01:21:32 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw32\msys\home\x86\polarssl\.git
[2015/05/21 01:21:53 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw32\msys\home\x86\rtmpdump\.git
[2015/05/21 01:24:19 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw32\msys\home\x86\x264\.git
[2015/05/21 00:50:48 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw64\msys\home\x64\ffmpeg\.git
[2015/05/21 00:46:17 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw64\msys\home\x64\polarssl\.git
[2015/05/21 00:46:37 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw64\msys\home\x64\rtmpdump\.git
[2015/05/21 00:49:00 | 000,000,000 | -H-D | M] -- C:\oreBuild\mingw64\msys\home\x64\x264\.git
[2015/03/15 12:00:19 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2015/08/07 22:46:36 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\IObit\LiveUpdate\update
[2015/09/10 17:56:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsApps
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2014/10/17 19:24:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\tks
[2014/10/17 19:24:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\vid
[2015/04/29 01:53:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\Apple Computer\iTunes\SC Info
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows
[2014/10/06 12:21:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon MG3500 series Printer
[2013/02/22 15:11:11 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\BDNAV
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater
[2015/08/18 01:56:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2014/09/08 22:45:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_PowerDVD_Downloader.exe
[2014/09/08 22:43:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2013/11/09 21:29:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDVD\10.0
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerStarter\10.0
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\LABELPRINT\2.5
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MediaEspresso\6.5
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MediaShow\6.0
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWER2GO\7.0
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERBACKUP\2.50
[2013/11/09 21:29:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerDVD\10.0
[2014/09/08 22:45:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerDVD\11.0\UNO
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERPRODUCER\5.5
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerStarter\10.0
[2014/12/01 00:30:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2015/03/21 00:01:54 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2014/09/24 15:29:47 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/07/26 17:12:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\2014-10-11-14-08-46
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR\2014-10-11-14-08-46
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\4f494d44
[2014/10/11 23:08:46 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\4f494d44\2014-10-11-14-08-46
[2014/12/01 00:34:28 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2014/10/17 19:24:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\tks
[2014/10/17 19:24:10 | 000,000,000 | -H-D | M] -- C:\Users\All Users\vid
[2015/04/29 01:53:06 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Apple Computer\iTunes\SC Info
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter
[2014/03/30 15:46:09 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows
[2014/10/06 12:21:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWindows\Canon MG3500 series Printer
[2013/02/22 15:11:11 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\BDNAV
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater
[2015/08/18 01:56:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2014/09/08 22:45:07 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_PowerDVD_Downloader.exe
[2014/09/08 22:43:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2013/11/09 21:29:54 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDVD\10.0
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerStarter\10.0
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\LABELPRINT\2.5
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MediaEspresso\6.5
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MediaShow\6.0
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWER2GO\7.0
[2013/12/19 04:07:44 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERBACKUP\2.50
[2013/11/09 21:29:53 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerDVD\10.0
[2014/09/08 22:45:27 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerDVD\11.0\UNO
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERPRODUCER\5.5
[2013/12/19 04:07:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerStarter\10.0
[2014/12/01 00:30:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2015/03/21 00:01:54 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2014/09/24 15:29:47 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/07/26 17:12:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2013/08/23 00:36:30 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2015/04/07 01:44:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\AccountPictures
[2015/09/11 11:46:06 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2014/12/04 01:04:19 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\7.0
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{4230527D-88E1-4fb5-9EDD-606F3AD2B389}\Version\2.5
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{63E98B26-4583-4418-958D-B6BD95DFE5C9}\Version\2.50
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455}\Version\10.0
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{748DB920-B5DD-4cdb-9EC4-5A3B61A21936}\Version\10.0
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{79B38061-BE11-4614-B048-0D6E669B12B3}\Version\5.5
[2013/02/22 17:53:38 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{7AD1ACC7-6558-427a-8564-76F67706C366}\Version\6.5
[2014/12/01 00:28:32 | 000,000,000 | -H-D | M] -- C:\Users\UpdatusUser\AppData
[2015/06/24 09:46:03 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData
[2014/12/01 19:13:51 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2014/12/01 01:25:06 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2014/12/01 00:36:39 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\PrivacIE
[2014/12/01 00:36:48 | 000,000,000 | RH-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\Burn\Burn
[2015/09/12 21:55:58 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\Content.Word
[2014/12/01 00:36:39 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\PrivacIE\Low
[2015/03/13 12:05:12 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\NVIDIA Corporation\Shield Apps\StreamingAssets
[2014/12/06 23:05:36 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Local\VirtualStore\Program Files (x86)\Fenrir Inc\PictBear Second Edition\tmp\~undo
[2014/12/29 21:25:23 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Roaming\Adobe\CoreSync\plugins\livetype\c
[2014/12/29 21:25:23 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Roaming\Adobe\CoreSync\plugins\livetype\e
[2014/12/29 21:25:23 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Roaming\Adobe\CoreSync\plugins\livetype\r
[2014/12/01 00:32:44 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2015/07/12 00:09:11 | 000,004,608 | -H-- | M] () -- C:\Users\【ユーザー名】\AppData\Roaming\Rainmeter\Rainmeter.exe
[2015/05/19 23:43:46 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\Desktop\Freemake_do_not_remove_this_folder
[2014/04/13 11:37:28 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\Documents\New Unity Project\Assets\MMDLoader\.svn
[2014/04/13 11:37:28 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\Documents\New Unity Project\Assets\MMDLoader\Private\.svn
[2014/04/13 11:37:28 | 000,000,000 | -H-D | M] -- C:\Users\【ユーザー名】\Documents\New Unity Project\Assets\Resources\.svn
[2014/10/11 22:53:05 | 000,000,000 | -H-D | M] -- C:\Windows\ELAMBKUP
[2014/12/01 00:30:33 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2015/09/05 01:19:02 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2014/12/01 00:28:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\SysNative\GroupPolicy

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2015/09/12 22:34:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2015/09/12 22:53:00 | 000,000,626 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/09/12 21:53:55 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/09/12 23:15:00 | 000,000,708 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Samsung SSD 840 Series
Partitions: 5
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Generic Storage Device USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 300.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 260.00MB
Starting Offset: 315621376
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 222.00GB
Starting Offset: 722468864
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 457.00MB
Starting Offset: 239094202368
Hidden sectors: 0


DeviceID: Disk #0, Partition #4
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 10.00GB
Starting Offset: 239573401600
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 4194304
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2014/10/29 11:42:20 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:33 | 000,110,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2014/10/29 10:21:02 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:34 | 000,933,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:40 | 000,845,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2014/10/29 10:01:27 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:28 | 000,516,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2014/10/29 09:55:10 | 000,367,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:50 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:24 | 000,131,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:06 | 000,365,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/10/29 10:05:58 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:41 | 000,252,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2014/10/29 10:14:35 | 000,110,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:23 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2014/10/29 10:59:46 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:07:58 | 000,452,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2014/10/29 10:08:58 | 000,397,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2014/10/29 10:01:45 | 000,706,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2014/10/29 09:51:03 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 10:41:58 | 000,391,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:16 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2014/10/29 11:45:24 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2014/10/29 09:54:15 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2014/10/29 11:34:42 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2014/10/29 09:59:21 | 000,542,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2014/10/29 12:51:48 | 000,047,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2014/10/29 09:56:06 | 000,146,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:18:49 | 000,329,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2014/10/29 10:04:06 | 000,640,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2014/10/29 09:49:09 | 000,576,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/01 12:38:35 | 001,265,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2014/10/29 11:12:14 | 000,313,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2014/10/29 10:34:59 | 000,254,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:29 | 000,059,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2015/07/10 01:14:45 | 000,228,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:59:28 | 001,454,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/05/31 04:35:47 | 000,911,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2015/05/31 04:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:[b]64bit:[/b] - [2015/07/07 18:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2015/03/06 11:47:37 | 001,696,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2014/10/29 10:02:44 | 000,880,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:59:24 | 000,670,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2015/06/16 07:41:04 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2015/06/16 06:16:41 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2014/10/29 10:18:13 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2015/08/26 23:46:13 | 003,705,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:53:17 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2014/10/29 10:03:56 | 001,547,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:29 | 000,289,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< End of report >
  • キツツキ
  • 2015/09/12 (Sat) 23:53:40
返信フォームへ 
OTLで今一度処置を
OTLの解析が終わりました。
怪しい点が3箇所ほどですか。
この中に潜んでいる各章はありませんが、
いずれもいておかしくない部分です。

メモ帳を起動させ、以下をコピペしてください。
なお、:OTL、:Files、:Commands等はOTLでの処理方法を決める命令文です。
削除なされないようご注意ください。

------コピペこの下より------
:Files
[2015/09/12 21:52:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/09/11 11:46:09 | 000,000,000 | ---D | C] -- %userprofile%\AppData\Roaming\Malwarebytes
[2015/09/11 11:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/09/11 11:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/09/11 11:46:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/09/11 11:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/09/07 21:30:51 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/08/07 22:47:09 | 000,000,000 | ---- | C] () -- %userprofile%\AppData\Local\{C53A12FC-5C8E-4E24-BE56-FB1B3FC9CEA2}
[2014/10/17 09:31:05 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp\S-1-5-21-1986508758-1585181776-1248126739-1001
[2015/05/19 23:43:46 | 000,000,000 | -H-D | M] -- %userprofile%\Desktop\Freemake_do_not_remove_this_folder
:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[emptytemp]
[createrestorepoint]
[reboot]
------コピペこの上まで------

コピペが完了しましたら、分かりやすいお名前をつけて保存してください。
その後、PCをセーフモードで起動させてください。
再度OTLを起動させ、Custom Scan/Fixesの項目内に上記で保存した内容をコピペしてください。
今回は駆除作業のため、その他のチェック項目はありません。
赤い文字の[Run Fix]をクリックして処置を開始してください。
OTLの処置に従って進めてゆき、通常モードで再起動を行う前後いずれかに処置ログが表示されますので、
そちらのログを貼り付けてご連絡ください。
  • IVNO
  • MAIL
  • 2015/09/13 (Sun) 00:22:30
返信フォームへ 
Re: DNS Unlockerに感染
ログです
OTLログ

All processes killed
========== FILES ==========
Invalid Switch: 12 21:52:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
Invalid Switch: 11 11:46:09 | 000,000,000 | ---D | C] -- %userprofile%\AppData\Roaming\Malwarebytes
Invalid Switch: 11 11:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
Invalid Switch: 11 11:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
Invalid Switch: 11 11:46:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
Invalid Switch: 11 11:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
Invalid Switch: 07 21:30:51 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
Invalid Switch: 07 22:47:09 | 000,000,000 | ---- | C] () -- %userprofile%\AppData\Local\{C53A12FC-5C8E-4E24-BE56-FB1B3FC9CEA2}
Invalid Switch: 17 09:31:05 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp\S-1-5-21-1986508758-1585181776-1248126739-1001
Invalid Switch: 19 23:43:46 | 000,000,000 | -H-D | M] -- %userprofile%\Desktop\Freemake_do_not_remove_this_folder
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Flash cache emptied: 972 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: Public

User: UpdatusUser

User: All processes killed
========== FILES ==========
Invalid Switch: 12 21:52:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
Invalid Switch: 11 11:46:09 | 000,000,000 | ---D | C] -- %userprofile%\AppData\Roaming\Malwarebytes
Invalid Switch: 11 11:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
Invalid Switch: 11 11:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
Invalid Switch: 11 11:46:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
Invalid Switch: 11 11:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
Invalid Switch: 07 21:30:51 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
Invalid Switch: 07 22:47:09 | 000,000,000 | ---- | C] () -- %userprofile%\AppData\Local\{C53A12FC-5C8E-4E24-BE56-FB1B3FC9CEA2}
Invalid Switch: 17 09:31:05 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp\S-1-5-21-1986508758-1585181776-1248126739-1001
Invalid Switch: 19 23:43:46 | 000,000,000 | -H-D | M] -- %userprofile%\Desktop\Freemake_do_not_remove_this_folder
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Flash cache emptied: 972 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: 【ユーザー名】
->Temp folder emptied: 33776768 bytes
->Temporary Internet Files folder emptied: 3396858 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9894309 bytes
->Google Chrome cache emptied: 240568960 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1719631 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 276.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 09132015_131226

Files\Folders moved on Reboot...
C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: 【ユーザー名】
->Temp folder emptied: 33776768 bytes
->Temporary Internet Files folder emptied: 3396858 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9894309 bytes
->Google Chrome cache emptied: 240568960 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1719631 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 276.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 09132015_131226

Files\Folders moved on Reboot...
C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • キツツキ
  • 2015/09/13 (Sun) 13:17:42
返信フォームへ 
ごめんなさい記述間違えました
OTLに無効な記述って言われてしまいました。
:Filesではなく:OTLでした。
正しくは以下になります。
お手間おかけしますが今一度お願いいたします。

------コピペこの下より------
:OTL
[2015/09/12 21:52:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/09/11 11:46:09 | 000,000,000 | ---D | C] -- %userprofile%\AppData\Roaming\Malwarebytes
[2015/09/11 11:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/09/11 11:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/09/11 11:46:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2015/09/11 11:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/09/07 21:30:51 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/08/07 22:47:09 | 000,000,000 | ---- | C] () -- %userprofile%\AppData\Local\{C53A12FC-5C8E-4E24-BE56-FB1B3FC9CEA2}
[2014/10/17 09:31:05 | 000,000,000 | -H-D | M] -- C:\OneDriveTemp\S-1-5-21-1986508758-1585181776-1248126739-1001
[2015/05/19 23:43:46 | 000,000,000 | -H-D | M] -- %userprofile%\Desktop\Freemake_do_not_remove_this_folder
:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[emptytemp]
[createrestorepoint]
[reboot]
------コピペこの上まで------
  • IVNO
  • MAIL
  • 2015/09/13 (Sun) 16:30:46
返信フォームへ 
Re: DNS Unlockerに感染
ログです。
OTLログ

All processes killed
========== OTL ==========
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google\Chrome\User Data folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google\Chrome folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local\Google folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData\Local folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】\AppData folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\【ユーザー名】 folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users folder moved successfully.
C:\AdwCleaner\Quarantine\C folder moved successfully.
C:\AdwCleaner\Quarantine folder moved successfully.
C:\AdwCleaner folder moved successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Users\【ユーザー名】\AppData\Roaming\Malwarebytes folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
C:\Windows\SysNative\drivers\mbam.sys moved successfully.
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages folder moved successfully.
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon folder moved successfully.
C:\Program Files (x86)\Malwarebytes' Anti-Malware folder moved successfully.
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk moved successfully.
C:\Users\【ユーザー名】\AppData\Local\{C53A12FC-5C8E-4E24-BE56-FB1B3FC9CEA2} moved successfully.
C:\OneDriveTemp\S-1-5-21-1986508758-1585181776-1248126739-1001 folder moved successfully.
C:\Users\【ユーザー名】\Desktop\Freemake_do_not_remove_this_folder folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Default.migrated

User: Public

User: UpdatusUser

User: 【ユーザー名】
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: 【ユーザー名】
->Temp folder emptied: 16722426 bytes
->Temporary Internet Files folder emptied: 52316 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 250139241 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1425586 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 256.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 09132015_182608

Files\Folders moved on Reboot...
C:\Users\【ユーザー名】\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • キツツキ
  • 2015/09/13 (Sun) 18:43:46
返信フォームへ 
OTLは削除し様子見を
OTLの処置は正常に終了した模様です。
OTLは不要となりますので、導入時の指示に従って削除なされてください。
ここで再発防止のため、1週間の様子見期間を設けます。
様子見期間中はできる限り1日1回はお手持ちのすべてのブラウザで動作確認をお願いいたします。
様子見期間が終了するか、あるいは異常が確認できた場合いずれにおいても、
HJTのログ、CCのインストール情報ログ、同じくCCのスタートアップの各ログを取得し、
それらすべてを貼り付けてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/13 (Sun) 18:49:43
返信フォームへ 
Re: DNS Unlockerに感染
一週間様子見をしましたが、特に広告が表示される、ブラウザが重くなるなどの異常は起きていません。

以下ログです。

HJTログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:56:43, on 2015/09/20
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.3 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\FolderSize\FolderSize.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\delegate_execute.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\【ユーザー名】\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo!ツールバーフィッシング警告 - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - BHO: Yahoo!ツールバーヘルパー - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
O3 - Toolbar: Trend ツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Folder Size] C:\Program Files (x86)\FolderSize\FolderSize.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: LilyCalendar.lnk = C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: コンテンツ管理アシスタント for PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: CyberLink Product - 2013/02/22 15:02:51 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: CypherGuard cguard Service 32bit Edition - CypherTec Inc. - C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe
O23 - Service: CypherGuard cguard Service 64bit Edition - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe
O23 - Service: CypherGuard Info Service - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cthwsrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: インテル(R) ラピッド・ストレージ・テクノロジー (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\elecom\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\elecom\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18884 bytes
  • キツツキ
  • 2015/09/21 (Mon) 00:01:03
返信フォームへ 
Re: DNS Unlockerに感染
CC(win)

有効 HKCU:Run ApplePhotoStreams Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
有効 HKCU:Run Folder Size Brio C:\Program Files (x86)\FolderSize\FolderSize.exe
有効 HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
有効 HKCU:Run OneDrive Microsoft Corporation "C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
無効 HKCU:Run Rainlendar2 Rainy C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
有効 HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
有効 HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
有効 HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run IAStorIcon Intel Corporation C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run Launch LCore Logitech Inc. C:\Program Files\Logicool Gaming Software\LCore.exe /minimized
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
有効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
有効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
無効 Startup Common LilyCalendar.lnk sakura apps C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
有効 Startup Common クライアントマネージャV.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup Common コンテンツ管理アシスタント for PlayStation(R).lnk Sony Computer Entertainment Inc. C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
無効 Startup User Rainmeter.lnk Open Source Developer, Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe

  • キツツキ
  • 2015/09/21 (Mon) 00:02:58
返信フォームへ 
Re: DNS Unlockerに感染
CC(IE)
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
有効 Extension Skype for Business Click to Call Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
無効 Helper Microsoft SkyDrive Pro Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
有効 Helper Skype for Business Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll
無効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
無効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
無効 Helper Yahoo!ツールバーフィッシング警告 Yahoo Japan Corporation. C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\ypho.dll
無効 Helper Yahoo!ツールバーヘルパー Yahoo! JAPAN C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
無効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
無効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
無効 Toolbar Yahoo!ツールバー Yahoo! JAPAN C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
  • キツツキ
  • 2015/09/21 (Mon) 00:04:01
返信フォームへ 
Re: DNS Unlockerに感染
CC(FireFox)

有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -check pepperplugin
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task AdobeAAMUpdater-1.0-hiro-【ユーザー名】 Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
有効 Task AdobeAAMUpdater-1.0-HIROAKI-【ユーザー名】 Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
有効 Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Microsoft OneDrive Auto Update Task-S-1-5-21-1986508758-1585181776-1248126739-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDrive.exe
有効 Task Opera scheduled Autoupdate 1423651649 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate
無効 Task Optimize Start Menu Cache Files-S-1-5-21-1986508758-1585181776-1248126739-1001
有効 Task Titanium BTC Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe -btc
有効 Task {3015A55F-6F87-4C55-946D-7BCB23334334} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\【ユーザー名】\Downloads\ShukuSen150.exe -d C:\Users\【ユーザー名】\Downloads
有効 Task {7DE26901-5AA7-426A-A4FE-27F9B3F2ECDB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\【ユーザー名】\Downloads\forge-1.7.10-10.13.1.1222-installer-win.exe -d C:\Users\【ユーザー名】\Downloads
有効 Task {9A763C48-1541-4E08-A714-ED2C87D21793} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.9.0.106/ja/abandoninstall?source=lightinstaller&page=tsInstall
  • キツツキ
  • 2015/09/21 (Mon) 00:05:16
返信フォームへ 
Re: DNS Unlockerに感染
CC(スケジュール)

無効 Extension Trend Micro Osprey Firefox Extension 1.6.0.1102 Trend Micro default Firefox 40.0.3 C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 7.0.0.1243 Trend Micro default Firefox 40.0.3 C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
有効 Plugin Adobe Acrobat 11.0.12.18 Adobe Systems Inc. default Firefox 40.0.3 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin AdobeAAMDetect 3.0.0.0 Adobe Systems default Firefox 40.0.3 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
有効 Plugin CJIJ Launcher plugin 1.0.0.5 1.0.0.5 CJ Internet Japan default Firefox 40.0.3 C:\Program Files (x86)\CJIJ\npCJIJLauncher.dll
有効 Plugin Google Update 1.3.28.15 Google Inc. default Firefox 40.0.3 C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default Firefox 40.0.3 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Java Deployment Toolkit 8.0.600.27 11.60.2.27 Oracle Corporation default Firefox 40.0.3 C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll
有効 Plugin Java(TM) Platform SE 8 U60 11.60.2.27 Oracle Corporation default Firefox 40.0.3 C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll
有効 Plugin Microsoft Office 2013 15.0.4514.1000 Microsoft Corporation default Firefox 40.0.3 C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
有効 Plugin NVIDIA 3D Vision 7.17.13.4752 NVIDIA Corporation default Firefox 40.0.3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
有効 Plugin NVIDIA 3D VISION 7.17.13.4752 NVIDIA Corporation default Firefox 40.0.3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
有効 Plugin Photo Gallery 16.4.3505.912 Microsoft Corporation default Firefox 40.0.3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin pmangdiagnostic 1.0.0.1 gameon default Firefox 40.0.3 C:\GameOn\Common files\nppmangdiagnostic.dll
有効 Plugin pmangsupport 1.0.0.1 gameon default Firefox 40.0.3 C:\GameOn\Common files\nppmangsupport.dll
有効 Plugin Shockwave Flash 18.0.0.232 Adobe Systems Incorporated default Firefox 40.0.3 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
有効 Plugin Silverlight Plug-In 5.1.40728.0 Microsoft Corporation default Firefox 40.0.3 c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
有効 Plugin Unity Player 4.3.5.32006 Unity Technologies ApS default Firefox 40.0.3 C:\Users\【ユーザー名】\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
有効 Plugin VLC Web Plugin 2.2.1.0 VideoLAN default Firefox 40.0.3 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
  • キツツキ
  • 2015/09/21 (Mon) 00:06:29
返信フォームへ 
Re: DNS Unlockerに感染
CC(コンテキスト)

有効 Directory 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 Directory IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Directory ShExplzh pon software C:\WINDOWS\SysWOW64\ShExplzh.dll
有効 Directory ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Directory VLCメディアプレイヤーで再生 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 Directory 書庫内検索(I)... pon software C:\Program Files\Explzh\Explzh.exe /f %1
有効 Drive ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Drive 書庫内検索(I)... pon software C:\Program Files\Explzh\Explzh.exe /f %1
有効 File 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 File AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 File CopyShExt Barracuda Networks, Inc. C:\Users\【ユーザー名】\AppData\Roaming\Copy\overlay\CopyShExt.dll
有効 File IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 File MBAMShlExt C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
有効 File ShExplzh pon software C:\WINDOWS\SysWOW64\ShExplzh.dll
有効 File ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 Folder AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 Folder CopyShExt Barracuda Networks, Inc. C:\Users\【ユーザー名】\AppData\Roaming\Copy\overlay\CopyShExt.dll
有効 Folder IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Folder MBAMShlExt C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 Folder ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll
  • キツツキ
  • 2015/09/21 (Mon) 00:07:28
返信フォームへ 
一部削除とIUでログ取得を
コンテキストメニューに一部問題点がありますので、そちらを削除しましょう。
今回の処置はすべて通常モードで行います。

CCを起動させ、ツール→スタートアップの各項目を開き、
該当するものを無効→エントリの削除の順番でクリックしてください。

コンテキストメニュー
有効 Directory ShExplzh pon software C:\WINDOWS\SysWOW64\ShExplzh.dll
有効 Directory ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Directory VLCメディアプレイヤーで再生 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 Drive ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 File ShExplzh pon software C:\WINDOWS\SysWOW64\ShExplzh.dll
有効 File ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll
有効 Folder MBAMShlExt C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 Folder ShExplzh64 pon software C:\WINDOWS\system32\shexplzh.dll

無効にできないもの、既に無効になっているものはそのままエントリの削除を、
エントリが存在しない場合は放置で先に進みましょう。
またGoogle Chrome等で削除ができない場合も放置で先に進みましょう。

せっかくIObit Uninstaller(通称:IU)を導入されているので、そちらでログ取得を行いましょう。
IUを起動させてください。
右上にある三のようなマークのメニューボタンをクリックし、プログラムリストをエクスポートを押します。
任意のお名前をつけ、分かりやすい場所に保存してください。
保存が完了しましたら、そちらのログを貼り付けてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/21 (Mon) 01:03:41
返信フォームへ 
Re: DNS Unlockerに感染
ログです。

IUログ

====================================
Software List
Application Version:4.3.0.118
Windows 8
Exported Time:09-21-2015 11:20:20
====================================

Software Name: 7-Zip 9.20
Version: -
Publisher:
Install Time: 2014/11/30
Size: 4.57 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
Uninstall Command: "C:\Program Files (x86)\7-Zip\Uninstall.exe"
----------------------------------------------

Software Name: Adobe AIR
Version: 15.0.0.356
Publisher: Adobe Systems Incorporated
Install Time: 2014/11/30
Size: 45.03 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
Uninstall Command: c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
----------------------------------------------

Software Name: Adobe Creative Cloud
Version: 3.2.0.129
Publisher: Adobe Systems Incorporated
Install Time: 2015/06/12
Size: 287.72 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Creative Cloud
Uninstall Command: "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
----------------------------------------------

Software Name: Adobe Flash Player 18 NPAPI
Version: 18.0.0.232
Publisher: Adobe Systems Incorporated
Install Time: 2015/08/13
Size: 8.85 MB
Help info: http://www.adobe.com/go/flashplayer_support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI
Uninstall Command: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_Plugin.exe -maintain plugin
----------------------------------------------

Software Name: Adobe Flash Player 18 PPAPI
Version: 18.0.0.232
Publisher: Adobe Systems Incorporated
Install Time: 2015/08/13
Size: 18.39 MB
Help info: http://www.adobe.com/go/flashplayer_support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI
Uninstall Command: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -maintain pepperplugin
----------------------------------------------

Software Name: AmvVideoCodec
Version: -
Publisher:
Install Time: 2014/11/30
Size: 7.54 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AmvVideoCodec
Uninstall Command: C:\Program Files (x86)\AmvVideoCodec\uninstall.exe
----------------------------------------------

Software Name: Android SDK Tools
Version: 1.16
Publisher: Google Inc.
Install Time: 2014/11/30
Size: 951.95 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Android SDK Tools
Uninstall Command: C:\Program Files (x86)\Android\android-sdk\uninstall.exe
----------------------------------------------

Software Name: EveryonePiano 1.7
Version: 1.7.1.12
Publisher: EveryonePiano.com
Install Time: 2015/05/13
Size: 11.20 MB
Help info: http://www.EveryonePiano.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EveryonePiano_is1
Uninstall Command: "C:\Program Files (x86)\EveryonePiano\unins000.exe"
----------------------------------------------

Software Name: giam209
Version: -
Publisher:
Install Time: 2014/11/30
Size:
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\giam209
Uninstall Command: "F:\epuninst.exe" /s
----------------------------------------------

Software Name: Google Chrome
Version: 45.0.2454.93
Publisher: Google Inc.
Install Time: 2015/09/05
Size: 456.56 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Uninstall Command: "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
----------------------------------------------

Software Name: PHANTASY STAR ONLINE 2
Version: -
Publisher: SEGA
Install Time: 2014/11/30
Size: 7.51 MB
Help info: http://pso2.jp/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\http://pso2.jp/appid/release_is1
Uninstall Command: "C:\Program Files (x86)\SEGA\PHANTASYSTARONLINE2\unins000.exe"
----------------------------------------------

Software Name: Inkscape 0.48.4
Version: 0.48.4
Publisher:
Install Time: 2014/11/30
Size: 152.89 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inkscape
Uninstall Command: C:\Program Files (x86)\Inkscape\Uninstall.exe
----------------------------------------------

Software Name: CyberLink Media Suite 10
Version: 10.0
Publisher: CyberLink Corp.
Install Time: 2014/11/30
Size: 1.05 GB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\setup.exe" /z-uninstall
----------------------------------------------

Software Name: CyberLink PowerProducer 5.5
Version: 5.5.3.4118
Publisher: CyberLink Corp.
Install Time: 2014/11/30
Size: 168.68 MB
Help info: http://support.gocyberlink.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall
----------------------------------------------

Software Name: IObit Uninstaller
Version: 4.3.0.118
Publisher: IObit
Install Time: 2015/06/24
Size: 36.26 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObitUninstall
Uninstall Command: "C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe" uninstall_start
----------------------------------------------

Software Name: 寝取られ新婚生活&お別れ温泉旅行セット
Version: -
Publisher:
Install Time: 2015/07/11
Size: 267.82 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JAFBIOOGICOHICOKJAFGINKFJALGIKIIIBJFICKIJFMKICOKIJLHJAPCJHLHINHDIDFKIDGCIDGH
Uninstall Command: C:\Program Files (x86)\miel\寝取られ新婚生活&お別れ温泉旅行セット\_uninst.exe JAFBIOOGICOHICOKJAFGINKFJALGIKIIIBJFICKIJFMKICOKIJLHJAPCJHLHINHDIDFKIDGCIDGH
----------------------------------------------

Software Name: +Lhaca
Version: -
Publisher:
Install Time: 2014/11/30
Size: 196.05 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lhaca
Uninstall Command: C:\Program Files\Lhaca\Lhaca.exe /u
----------------------------------------------

Software Name: LightWave 2015.2 64bit 日本語版
Version: 2015.2
Publisher: D-STORM, Inc.
Install Time: 2015/08/07
Size: 424.81 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LightWave_2015.2J
Uninstall Command: C:\Program Files\NewTek\LightWave_2015.2J\Uninstall.exe
----------------------------------------------

Software Name: LilyCalendar
Version: -
Publisher: SakuraApps
Install Time: 2015/07/11
Size: 8.37 MB
Help info: http://www.lilycalendar.com
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LilyCalendar_is1
Uninstall Command: "C:\Program Files (x86)\LilyCalendar\unins000.exe"
----------------------------------------------

Software Name: Malwarebytes Anti-Malware version 1.75.0.1300
Version: 1.75.0.1300
Publisher: Malwarebytes Corporation
Install Time: 2015/09/11
Size: 19.35 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
Uninstall Command: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
----------------------------------------------

Software Name: Mozilla Firefox 40.0.3 (x86 ja)
Version: 40.0.3
Publisher: Mozilla
Install Time: 2015/09/02
Size: 85.05 MB
Help info: https://support.mozilla.org
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 40.0.3 (x86 ja)
Uninstall Command: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
----------------------------------------------

Software Name: Mozilla Maintenance Service
Version: 40.0.3.5716
Publisher: Mozilla
Install Time: 2014/11/30
Size: 379.00 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
Uninstall Command: "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
----------------------------------------------

Software Name: clockmascotalice
Version: 1.0
Publisher: UNKNOWN
Install Time: 2014/11/30
Size: 617.93 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net.soukyu.clockmascotalice
Uninstall Command: msiexec /qb /x {1A84AA7C-DA80-C508-99DA-979F9BC54E83}
----------------------------------------------

Software Name: NifSkope (remove only)
Version: -
Publisher:
Install Time: 2014/11/30
Size: 32.05 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NifSkope
Uninstall Command: C:\Program Files (x86)\NifTools\NifSkope\uninstall.exe
----------------------------------------------

Software Name: NVIDIA Stereoscopic 3D Driver
Version: 7.17.12.6514
Publisher: NVIDIA Corporation
Install Time: 2015/03/13
Size: 29.10 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo
Uninstall Command: "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
----------------------------------------------

Software Name: Opera Stable 32.0.1948.25
Version: 32.0.1948.25
Publisher: Opera Software
Install Time: 2015/02/11
Size: 235.99 MB
Help info: http://help.opera.com/?p=
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 32.0.1948.25
Uninstall Command: "C:\Program Files (x86)\Opera\Launcher.exe" /uninstall
----------------------------------------------

Software Name: PhotoScape
Version: -
Publisher:
Install Time: 2014/11/30
Size: 25.37 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoScape
Uninstall Command: "C:\Program Files (x86)\PhotoScape\uninstall.exe"
----------------------------------------------

Software Name: PictBear Version 2.04
Version: -
Publisher: Fenrir Inc.
Install Time: 2014/12/03
Size: 7.67 MB
Help info: http://www.fenrir-inc.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PictBear Second Edition_is1
Uninstall Command: "C:\Program Files (x86)\Fenrir Inc\PictBear Second Edition\unins000.exe"
----------------------------------------------

Software Name: Pmangインストールマネージャー
Version: 1.0.1.1
Publisher: GameOn,Pmang
Install Time: 2015/05/16
Size:
Help info: http://www.pmang.jp/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pmang
Uninstall Command: "C:\WINDOWS\PmangDownloader.exe" /UINSTL=%s,%s
----------------------------------------------

Software Name: Black Desert
Version: 6
Publisher: GameOn
Install Time: 2015/05/16
Size: 6.50 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pmang_BlackDesert_live
Uninstall Command: "C:\GameOn\Common files\PmangDownloader.exe" /SGUNSTL=*{HKEY_CURRENT_USER}*software\GameOn\Pmang\BlackDesert_live
----------------------------------------------

Software Name: Common
Version: 13062208
Publisher: GameOn
Install Time: 2015/05/16
Size:
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pmang_common
Uninstall Command: "C:\WINDOWS\PmangDownloader.exe" /SGUNSTL=*{HKEY_CURRENT_USER}*software\GameOn\Pmang\common
----------------------------------------------

Software Name: Rainlendar2 (remove only)
Version: -
Publisher:
Install Time: 2015/07/11
Size: 36.48 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainlendar2
Uninstall Command: "C:\Program Files (x86)\Rainlendar2\uninst.exe"
----------------------------------------------

Software Name: Rainmeter
Version: 3.2.1 r2386
Publisher:
Install Time: 2015/07/12
Size: 3.78 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rainmeter
Uninstall Command: C:\Program Files\Rainmeter\uninst.exe
----------------------------------------------

Software Name: リサイズ超簡単!Pro v3.17
Version: -
Publisher:
Install Time: 2014/11/30
Size:
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RCKP317
Uninstall Command: "F:\epuninst.exe" /s
----------------------------------------------

Software Name: SoundEngine Free
Version: 5.1.0.5
Publisher: Coderium
Install Time: 2014/11/30
Size: 4.42 MB
Help info: http://soundengine.jp/services/soundpenguin/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoundEngine Free
Uninstall Command: "C:\Program Files (x86)\SoundEngine Free\SoundEngineUninstaller.exe" /Uninstall
----------------------------------------------

Software Name: Deck Builder for Duel Masters
Version: -
Publisher:
Install Time: 2014/11/30
Size: 830.20 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1
Uninstall Command: C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\DeckBuilderDM\ST6UNST.LOG"
----------------------------------------------

Software Name: 野田工房ランタイムVer.1.2.1のインストール
Version: -
Publisher:
Install Time: 2014/11/30
Size: 22.18 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #2
Uninstall Command: C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\Rantime\ST6UNST.LOG"
----------------------------------------------

Software Name: Steam
Version: -
Publisher: Valve Corporation
Install Time: 2014/11/30
Size: 30.12 GB
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam
Uninstall Command: C:\Program Files (x86)\Steam\uninstall.exe
----------------------------------------------

Software Name: Creation Kit
Version: -
Publisher: bgs.bethsoft.com
Install Time: 2014/11/30
Size: 17.19 GB
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 202480
Uninstall Command: "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/202480
----------------------------------------------

Software Name: Left 4 Dead 2
Version: -
Publisher: Valve
Install Time: 2014/11/30
Size: 12.37 GB
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 550
Uninstall Command: "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/550
----------------------------------------------

Software Name: The Elder Scrolls V: Skyrim
Version: -
Publisher: Bethesda Game Studios
Install Time: 2014/11/30
Size: 17.19 GB
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 72850
Uninstall Command: "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/72850
----------------------------------------------

Software Name: TechFun-Eclipse
Version: 3.7.1
Publisher: Tech Fun corp.
Install Time: 2014/11/30
Size: 418.90 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TechFun-Eclipse
Uninstall Command: C:\Program Files (x86)\TechFun\TechFun-Eclipse_3.7.1\uninstall.exe
----------------------------------------------

Software Name: Tera Term 4.85
Version: -
Publisher:
Install Time: 2014/12/17
Size: 11.06 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tera Term_is1
Uninstall Command: "C:\Program Files (x86)\teraterm\unins000.exe"
----------------------------------------------

Software Name: TeraPad
Version: -
Publisher:
Install Time: 2014/11/30
Size: 1.37 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TeraPad
Uninstall Command: "C:\Program Files (x86)\TeraPad\epuninst.exe" /s
----------------------------------------------

Software Name: BUFFALO クライアントマネージャV をアンインストール
Version: 1.5.0
Publisher: BUFFALO INC.
Install Time: 2014/11/30
Size: 10.21 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UN900119_is1
Uninstall Command: "C:\Program Files (x86)\BUFFALO\clientmgrv\unins000.exe"
----------------------------------------------

Software Name: Unity
Version: -
Publisher: Unity Technologies ApS
Install Time: 2014/11/30
Size: 3.18 GB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Unity
Uninstall Command: C:\Program Files (x86)\Unity\Editor\Uninstall.exe
----------------------------------------------

Software Name: VideoPad 動画編集ソフト
Version: 3.38
Publisher: NCH Software
Install Time: 2014/11/30
Size: 13.86 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoPad
Uninstall Command: "C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe" -uninstall
----------------------------------------------

Software Name: VLC media player
Version: 2.2.1
Publisher: VideoLAN
Install Time: 2014/11/30
Size: 115.08 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player
Uninstall Command: C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
----------------------------------------------

Software Name: Windows Live Essentials
Version: 16.4.3505.0912
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 81.30 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite
Uninstall Command: C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
----------------------------------------------

Software Name: Yahoo!ツールバー
Version: 7.3.0.18
Publisher: Yahoo! JAPAN.
Install Time: 2014/11/30
Size: 2.78 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo!Jツールバー
Uninstall Command: C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\uninst.exe
----------------------------------------------

Software Name: Update for Japanese Microsoft IME Standard Extended Dictionary
Version: 15.0.2013
Publisher: Microsoft Corporation
Install Time: 2015/09/07
Size: 11.62 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01E87699-A49D-413A-B75B-7C434FEF979C}
Uninstall Command: MsiExec.exe /X{01E87699-A49D-413A-B75B-7C434FEF979C}
----------------------------------------------

Software Name: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Version: 12.0.30501.0
Publisher: Microsoft Corporation
Install Time: 2015/08/07
Size: 20.57 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}
Uninstall Command: "C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
----------------------------------------------

Software Name: Update for Japanese Microsoft IME Postal Code Dictionary
Version: 15.0.1759
Publisher: Microsoft Corporation
Install Time: 2014/12/03
Size: 7.61 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15015752-9990-4516-A2B1-93823281FB8E}
Uninstall Command: MsiExec.exe /X{15015752-9990-4516-A2B1-93823281FB8E}
----------------------------------------------

Software Name: Minecraft
Version: 1.0.3.0
Publisher: Mojang
Install Time: 2015/05/11
Size: 1.23 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}
Uninstall Command: MsiExec.exe /X{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Version: 9.0.30729.4148
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 8.06 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Uninstall Command: MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
----------------------------------------------

Software Name: CyberLink Media Suite 10
Version: 10.2021
Publisher: CyberLink Corp.
Install Time: 2014/11/30
Size: 34.00 MB
Help info: http://support.gocyberlink.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
----------------------------------------------

Software Name: Java 8 Update 60
Version: 8.0.600.27
Publisher: Oracle Corporation
Install Time: 2015/09/07
Size: 20.62 MB
Help info: http://java.com/help
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218060F0}
Uninstall Command: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218060F0}
----------------------------------------------

Software Name: honestech VHS to DVD 2.5 SE
Version: 2.5
Publisher: honestech
Install Time: 2014/11/30
Size: 27.55 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}\setup.exe" -runfromtemp -l0x0411 -removeonly
----------------------------------------------

Software Name: WDC-433SU2M ドライバー
Version: 1.5.28.0.4
Publisher: elecom
Install Time: 2014/11/30
Size: 22.42 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}
Uninstall Command: C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.exe -runfromtemp -l0x0011 -removeonly
----------------------------------------------

Software Name: Adobe Illustrator CC 2014
Version: 18.1.1
Publisher: Adobe Systems Incorporated
Install Time: 2014/12/29
Size: 907.74 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B4B4082-8043-4646-8334-B0A29E641211}
Uninstall Command: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{2B4B4082-8043-4646-8334-B0A29E641211}"
----------------------------------------------

Software Name: CJIJ_Launcher(1.0.0.5)
Version: -
Publisher: CJ Internet Japan, Inc.
Install Time: 2014/11/30
Size: 2.04 MB
Help info: cjinternet.jp
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BF8F5E5-4F82-4D24-B113-224FAC56F765}_is1
Uninstall Command: "C:\Program Files (x86)\CJIJ\unins000.exe"
----------------------------------------------

Software Name: Microsoft XNA Framework Redistributable 4.0
Version: 4.0.20823.0
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 9.45 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
Uninstall Command: MsiExec.exe /X{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
----------------------------------------------

Software Name: コンテンツ管理アシスタント for PlayStation(R)
Version: 3.00.7187.47
Publisher: Sony Computer Entertainment Inc.
Install Time: 2014/11/30
Size: 6.34 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32C46540-7693-49E1-A81E-121B09C8303B}
Uninstall Command: MsiExec.exe /X{32C46540-7693-49E1-A81E-121B09C8303B}
----------------------------------------------

Software Name: Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Version: 11.0.61030.0
Publisher: Microsoft Corporation
Install Time: 2014/12/29
Size: 17.38 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
Uninstall Command: "C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall
----------------------------------------------

Software Name: Intel(R) Rapid Storage Technology
Version: 11.7.0.1013
Publisher: Intel Corporation
Install Time: 2014/11/30
Size: 18.50 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}
Uninstall Command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
----------------------------------------------

Software Name: Microsoft ASP.NET MVC 4 Runtime
Version: 4.0.40804.0
Publisher: Microsoft Corporation
Install Time: 2015/03/16
Size: 2.94 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}
Uninstall Command: MsiExec.exe /X{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}
----------------------------------------------

Software Name: CyberLink Power2Go 7
Version: 7.0.0.3126
Publisher: CyberLink Corp.
Install Time: 2014/11/30
Size: 169.12 MB
Help info: http://support.gocyberlink.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
----------------------------------------------

Software Name: デザインドール
Version: 5.6
Publisher: Terawell
Install Time: 2014/11/30
Size: 42.25 MB
Help info: http://terawell.net/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C2DAB97-43D6-4EAF-A1BA-75B2351E3BE1}
Uninstall Command: MsiExec.exe /X{5C2DAB97-43D6-4EAF-A1BA-75B2351E3BE1}
----------------------------------------------

Software Name: MGSPlayer
Version: 1.2.2
Publisher: Media Global Stage Co.Ltd.
Install Time: 2014/11/30
Size: 3.08 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68C25867-EB7B-42EA-B341-AC29056970A1}
Uninstall Command: MsiExec.exe /X{68C25867-EB7B-42EA-B341-AC29056970A1}
----------------------------------------------

Software Name: Skype(TM) 7.10
Version: 7.10.101
Publisher: Skype Technologies S.A.
Install Time: 2015/09/10
Size: 72.75 MB
Help info: http://ui.skype.com/ui/0/7.10.0.101/ja/help
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A0549A9-1B96-498C-ACBC-3943001FEB19}
Uninstall Command: MsiExec.exe /X{6A0549A9-1B96-498C-ACBC-3943001FEB19}
----------------------------------------------

Software Name: Microsoft Visual C++ 2005 Redistributable
Version: 8.0.61001
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 4.85 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Uninstall Command: MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
----------------------------------------------

Software Name: Apple Software Update
Version: 2.1.3.127
Publisher: Apple Inc.
Install Time: 2014/11/30
Size: 2.38 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Uninstall Command: MsiExec.exe /X{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
----------------------------------------------

Software Name: Adobe Photoshop CC 2015
Version: 16.0.1
Publisher: Adobe Systems Incorporated
Install Time: 2014/12/29
Size: 1.91 GB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{793C2BF7-A4FE-4608-91C9-9282C5801C21}
Uninstall Command: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{793C2BF7-A4FE-4608-91C9-9282C5801C21}"
----------------------------------------------

Software Name: Adobe Lightroom
Version: 6.1.1
Publisher: Adobe Systems Incorporated
Install Time: 2014/12/29
Size: 1.42 GB
Help info: http://www.adobe.com/go/downloads/updates.html
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}
Uninstall Command: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}"
----------------------------------------------

Software Name: FFsplit version 0.7
Version: 0.7
Publisher: FFsplit Team
Install Time: 2015/05/20
Size: 12.23 MB
Help info: http://www.ffsplit.com
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82458834-6226-4A34-AE96-6907354F9F36}_is1
Uninstall Command: "C:\Program Files (x86)\FFsplit\unins000.exe"
----------------------------------------------

Software Name: CyberLink Medi@Show 6
Version: 6.0.4312
Publisher: CyberLink Corp.
Install Time: 2014/11/30
Size: 314.00 MB
Help info: http://support.gocyberlink.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}\Setup.exe" /z-uninstall
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Version: 9.0.30729
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 10.27 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Uninstall Command: MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Version: 9.0.30729.6161
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 10.20 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Uninstall Command: MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
----------------------------------------------

Software Name: Adobe Reader XI (11.0.12) - Japanese
Version: 11.0.12
Publisher: Adobe Systems Incorporated
Install Time: 2015/09/07
Size: 247.62 MB
Help info: http://www.adobe.co.jp/support/main.html
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1041-7B44-AB0000000001}
Uninstall Command: MsiExec.exe /X{AC76BA86-7AD7-1041-7B44-AB0000000001}
----------------------------------------------

Software Name: Apple Application Support(32 ビット)
Version: 3.1.3
Publisher: Apple Inc.
Install Time: 2015/04/29
Size: 94.29 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}
Uninstall Command: MsiExec.exe /X{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}
----------------------------------------------

Software Name: 777タウン.net
Version: 3.0.0.65
Publisher: Sammy NetWorks Co.,Ltd.
Install Time: 2014/11/30
Size: 383.03 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2A0CF90-E30C-4C0E-89CB-CB6891EC7EDE}
Uninstall Command: RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B2A0CF90-E30C-4C0E-89CB-CB6891EC7EDE}\setup.exe" -l0x11 removeonly -removeonly
----------------------------------------------

Software Name: Sentinel Protection Installer 7.6.7
Version: 7.6.7
Publisher: SafeNet, Inc.
Install Time: 2015/08/07
Size: 5.92 MB
Help info: http://www.safenet-inc.com/support/index.asp
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C238971D-5059-4B2F-B760-BB237AF4206A}
Uninstall Command: MsiExec.exe /X{C238971D-5059-4B2F-B760-BB237AF4206A}
----------------------------------------------

Software Name: CyberLink LabelPrint 2.5
Version: 2.5.5311
Publisher: CyberLink Corp.
Install Time: 2014/11/30
Size: 58.73 MB
Help info: http://support.gocyberlink.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
----------------------------------------------

Software Name: Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Version: 11.0.61030.0
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 20.52 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
Uninstall Command: "C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall
----------------------------------------------

Software Name: Driver_DC1150_v1.1.0.89_64bit
Version: 1.1.0.89
Publisher: 会社名
Install Time: 2014/11/30
Size: 1.79 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6F091D6-EB70-4BB0-84E2-2EF6F192CCD1}
Uninstall Command: MsiExec.exe /X{D6F091D6-EB70-4BB0-84E2-2EF6F192CCD1}
----------------------------------------------

Software Name: チルトシフトスタジオ
Version: 1.10.0
Publisher: GRAFFICIA
Install Time: 2014/11/30
Size: 19.47 MB
Help info: http://grafficia.com/sns/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DB4D628B-A803-402A-9CC5-13C617EA4BB2}
Uninstall Command: MsiExec.exe /X{DB4D628B-A803-402A-9CC5-13C617EA4BB2}
----------------------------------------------

Software Name: XMedia Recode バージョン 3.1.7.4
Version: 3.1.7.4
Publisher: XMedia Recode
Install Time: 2014/11/30
Size: 20.68 MB
Help info: http://www.xmedia-recode.de/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1
Uninstall Command: "C:\Program Files (x86)\XMedia Recode\unins000.exe"
----------------------------------------------

Software Name: CyberLink PowerDVD 10
Version: 10.0.4125.52
Publisher: CyberLink Corp.
Install Time: 2014/11/30
Size: 152.11 MB
Help info: http://support.gocyberlink.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
----------------------------------------------

Software Name: CyberLink MediaEspresso 6.5
Version: 6.5.3019_44673
Publisher: CyberLink Corp.
Install Time: 2014/11/30
Size: 176.00 MB
Help info: http://support.gocyberlink.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3739848-5329-48E3-8D28-5BBD6E8BE384}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe" /z-uninstall
----------------------------------------------

Software Name: Niconico Live Encoder
Version: 2.0.4
Publisher: niwango, inc.
Install Time: 2014/12/25
Size: 26.28 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3D1594B-8077-42C9-8541-B8438F52F283}
Uninstall Command: C:\Program Files (x86)\InstallShield Installation Information\{E3D1594B-8077-42C9-8541-B8438F52F283}\setup.exe -runfromtemp -l0x0011 Nicoliveenc -removeonly
----------------------------------------------

Software Name: Update for Japanese Microsoft IME Standard Dictionary
Version: 15.0.2013
Publisher: Microsoft Corporation
Install Time: 2015/09/07
Size: 41.75 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}
Uninstall Command: MsiExec.exe /X{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}
----------------------------------------------

Software Name: MCSkin3D バージョン 1.3
Version: 1.3
Publisher: Altered Softworks & MCSkin3D Development Team
Install Time: 2015/03/13
Size: 6.05 MB
Help info: http://mcskin3d.alteredsoftworks.com
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1
Uninstall Command: "C:\Program Files (x86)\MCSkin3D\unins000.exe"
----------------------------------------------

Software Name: Microsoft SQL Server 2005 Compact Edition [ENU]
Version: 3.1.0000
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 1.93 MB
Help info: http://www.microsoft.com/sql/everywhere
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Uninstall Command: MsiExec.exe /X{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
----------------------------------------------

Software Name: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2015/04/22
Size: 15.00 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=146008
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Uninstall Command: MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
----------------------------------------------

Software Name: Realtek High Definition Audio Driver
Version: 6.0.1.6662
Publisher: Realtek Semiconductor Corp.
Install Time: 2014/12/01
Size: 32.25 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
Uninstall Command: C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
----------------------------------------------

Software Name: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Version: 12.0.30501.0
Publisher: Microsoft Corporation
Install Time: 2015/08/07
Size: 17.19 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}
Uninstall Command: "C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
----------------------------------------------

Software Name: Folder Size
Version: 2.6
Publisher: Brio
Install Time: 2015/05/16
Size: 426.00 KB
Help info: http://foldersize.sourceforge.net
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Uninstall Command: MsiExec.exe /X{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
----------------------------------------------

Software Name: やります!アンコちゃん 2.2.0.6
Version: 2.2.0.6
Publisher: 居酒屋「めがね」
Install Time: 2015/08/12
Size: 9.87 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\やります!アンコちゃん
Uninstall Command: C:\Users\【ユーザー名】\Documents\やりますアンコちゃん\uninst.exe
----------------------------------------------

Software Name: カスタムメイド3D 2 Edit体験版
Version: -
Publisher: KISS
Install Time: 2015/08/02
Size: 1.04 GB
Help info: http://kisskiss.tv/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\カスタムメイド3D 2 Edit体験版
Uninstall Command: C:\KISS\CM3D2EditTrial\uninst.exe /luninst1
----------------------------------------------

Software Name: 抽選王
Version: 0.61.1
Publisher: 古川 明人
Install Time: 2014/11/30
Size: 4.87 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\抽選王_is1
Uninstall Command: "C:\tyusenk\unins000.exe"
----------------------------------------------

Software Name: Amazon Kindle
Version: -
Publisher: Amazon
Install Time: 2015/06/24
Size: 94.23 MB
Help info: -
Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Kindle
Uninstall Command: C:\Users\【ユーザー名】\AppData\Local\Amazon\Kindle\application\uninstall.exe
----------------------------------------------

Software Name: CopyTrans Suite削除専用
Version: 2.37
Publisher: WindSolutions
Install Time: 2015/01/21
Size: 14.14 MB
Help info: -
Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyTrans Suite
Uninstall Command: C:\Users\【ユーザー名】\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe /uninstall
----------------------------------------------

Software Name: デスクトップカレンダー 2.2.1.3583
Version: 2.2.1.3583
Publisher: DesktopCal, Inc.
Install Time: 2015/07/11
Size: 9.31 MB
Help info: http://rd.desktopcal.com/?id=1000&fp=client&cver=2.2.1.3583
Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopCal
Uninstall Command: "C:\Users\【ユーザー名】\AppData\Roaming\DesktopCal\uninst.exe"
----------------------------------------------

Software Name: Microsoft OneDrive
Version: 17.3.5951.0827
Publisher: Microsoft Corporation
Install Time: 2015/09/16
Size: 36.17 MB
Help info: http://go.microsoft.com/fwlink/?LinkID=215117
Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
Uninstall Command: C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\OneDriveSetup.exe /uninstall
----------------------------------------------

Software Name: Unity Web Player
Version: -
Publisher: Unity Technologies ApS
Install Time: 2014/11/30
Size: 12.00 MB
Help info: http://unity3d.com/
Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer
Uninstall Command: C:\Users\【ユーザー名】\AppData\Local\Unity\WebPlayer\Uninstall.exe /CurrentUser
----------------------------------------------

Software Name: WorldPainter 1.10.4
Version: 1.10.4
Publisher: pepsoft.org
Install Time: 2015/01/29
Size: 10.31 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4144-4862-0472-7103
Uninstall Command: "C:\Program Files\WorldPainter\uninstall.exe"
----------------------------------------------

Software Name: CCleaner
Version: 4.15
Publisher: Piriform
Install Time: 2014/11/30
Size: 12.97 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
Uninstall Command: "C:\Program Files\CCleaner\uninst.exe"
----------------------------------------------

Software Name: Explzh for Windows (64bit)
Version: 7.2.4.0
Publisher: pon software
Install Time: 2015/01/15
Size: 6.90 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Explzh
Uninstall Command: C:\Program Files\Explzh\install.exe /d
----------------------------------------------

Software Name: Logicool ゲームソフトウェア 8.55
Version: 8.55.137
Publisher: Logicool
Install Time: 2014/11/30
Size: 85.38 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Logitech Gaming Software
Uninstall Command: C:\Program Files\Logicool Gaming Software\uninstallhlpr.exe /bitness=x64 /silentmode=off /langid=JPN /downgrade=no
----------------------------------------------

Software Name: Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Version: 10.0.50903
Publisher: Microsoft Corporation
Install Time: 2015/02/13
Size: 6.19 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Uninstall Command: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
----------------------------------------------

Software Name: Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語
Version: 10.0.50903
Publisher: Microsoft Corporation
Install Time: 2015/02/13
Size: 6.19 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=133405
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN
Uninstall Command: c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN\install.exe
----------------------------------------------

Software Name: Microsoft Office Professional 2013 - ja-jp
Version: 15.0.4753.1002
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 1.77 GB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProfessionalRetail - ja-jp
Uninstall Command: "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" scenario=install scenariosubtype=uninstall baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4753.1002 culture=ja-jp productstoremove=ProfessionalRetail_ja-jp_x-none
----------------------------------------------

Software Name: Oracle VM VirtualBox 4.2.12
Version: 4.2.12
Publisher: Oracle Corporation
Install Time: 2014/12/03
Size: 134.18 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}
Uninstall Command: MsiExec.exe /X{0C1DE303-E41B-44BA-8ABA-B7F09D857001}
----------------------------------------------

Software Name: Update for Japanese Microsoft IME Postal Code Dictionary
Version: 16.0.1171.1
Publisher: Microsoft Corporation
Install Time: 2014/12/03
Size: 4.55 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B2C85A0-2B9E-4291-8B37-468D57503E98}
Uninstall Command: MsiExec.exe /X{1B2C85A0-2B9E-4291-8B37-468D57503E98}
----------------------------------------------

Software Name: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2015/02/13
Size: 13.87 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=146008
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Uninstall Command: MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
----------------------------------------------

Software Name: 7-Zip 9.38 (x64 edition)
Version: 9.38.00.0
Publisher: Igor Pavlov
Install Time: 2015/05/20
Size: 4.66 MB
Help info: http://www.7-zip.org/support.html
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{23170F69-40C1-2702-0938-000001000000}
Uninstall Command: MsiExec.exe /X{23170F69-40C1-2702-0938-000001000000}
----------------------------------------------

Software Name: iCloud
Version: 4.0.6.28
Publisher: Apple Inc.
Install Time: 2015/04/29
Size: 89.51 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{309768A4-A2BB-4930-A5A2-8169678C9B4C}
Uninstall Command: MsiExec.exe /X{309768A4-A2BB-4930-A5A2-8169678C9B4C}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Version: 9.0.21022
Publisher: Microsoft Corporation
Install Time: 2014/12/03
Size: 7.51 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350AA351-21FA-3270-8B7A-835434E766AD}
Uninstall Command: MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
----------------------------------------------

Software Name: AGMDecoder64
Version: 1.1.1
Publisher: T.Ishii (t-ishii@js2.so-net.ne.jp)
Install Time: 2015/09/12
Size: 224.00 KB
Help info: http://homepage2.nifty.com/t_ishii/ag/index.html
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4230B46F-DB0B-479C-B955-AD2DF3AD0350}
Uninstall Command: MsiExec.exe /X{4230B46F-DB0B-479C-B955-AD2DF3AD0350}
----------------------------------------------

Software Name: Update for Japanese Microsoft IME Standard Dictionary
Version: 16.0.1404.1
Publisher: Microsoft Corporation
Install Time: 2015/03/17
Size: 34.93 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4DF9BC73-D405-4C3B-A0EA-1E390A8AFC73}
Uninstall Command: MsiExec.exe /X{4DF9BC73-D405-4C3B-A0EA-1E390A8AFC73}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Version: 9.0.30729.6161
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 13.21 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Uninstall Command: MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
----------------------------------------------

Software Name: Java SE Development Kit 8 Update 5 (64-bit)
Version: 8.0.50
Publisher: Oracle Corporation
Install Time: 2014/11/30
Size: 248.75 MB
Help info: http://java.com/help
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180050}
Uninstall Command: MsiExec.exe /X{64A3A4F4-B792-11D6-A78A-00B0D0180050}
----------------------------------------------

Software Name: Java SE Development Kit 8 Update 25 (64-bit)
Version: 8.0.250.18
Publisher: Oracle Corporation
Install Time: 2014/11/30
Size: 311.29 MB
Help info: http://java.com/help
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180250}
Uninstall Command: MsiExec.exe /X{64A3A4F4-B792-11D6-A78A-00B0D0180250}
----------------------------------------------

Software Name: AMV4 Video Codec
Version: 4.02
Publisher: amaman
Install Time: 2015/02/21
Size: 3.74 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{657FFEDF-A596-491F-985C-7F2090B8FEBB}
Uninstall Command: MsiExec.exe /X{657FFEDF-A596-491F-985C-7F2090B8FEBB}
----------------------------------------------

Software Name: Genymotion version 2.3.1
Version: 2.3.1
Publisher: Genymobile
Install Time: 2014/12/03
Size: 187.82 MB
Help info: http://www.genymotion.com
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1
Uninstall Command: "C:\Program Files\Genymobile\Genymotion\unins000.exe"
----------------------------------------------

Software Name: Bonjour
Version: 3.0.0.10
Publisher: Apple Inc.
Install Time: 2014/11/30
Size: 2.00 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Uninstall Command: MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Version: 9.0.30729
Publisher: Microsoft Corporation
Install Time: 2014/11/30
Size: 13.28 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}
Uninstall Command: MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
----------------------------------------------

Software Name: Microsoft Silverlight
Version: 5.1.40728.0
Publisher: Microsoft Corporation
Install Time: 2015/08/13
Size: 199.78 MB
Help info: http://go.microsoft.com/fwlink/?LinkID=91955
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Uninstall Command: MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
----------------------------------------------

Software Name: ActivePerl 5.16.3 Build 1603 (64-bit)
Version: 5.16.1603
Publisher: ActiveState
Install Time: 2014/11/30
Size: 83.32 MB
Help info: http://www.activestate.com/Support/index.html
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C327061-E39D-4696-84A8-E84533ADDD7D}
Uninstall Command: MsiExec.exe /X{8C327061-E39D-4696-84A8-E84533ADDD7D}
----------------------------------------------

Software Name: iTunes
Version: 12.1.2.27
Publisher: Apple Inc.
Install Time: 2015/04/29
Size: 233.45 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93F2A022-6C37-48B8-B241-FFABD9F60C30}
Uninstall Command: MsiExec.exe /X{93F2A022-6C37-48B8-B241-FFABD9F60C30}
----------------------------------------------

Software Name: ウイルスバスター クラウド
Version: 7.0
Publisher: トレンドマイクロ株式会社
Install Time: 2014/11/30
Size: 450.00 MB
Help info: http://docs.trendmicro.com/ja-jp/consumer/titanium2014/home.aspx
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}
Uninstall Command: C:\Program Files\Trend Micro\Titanium\Remove.exe
----------------------------------------------

Software Name: NVIDIA 3D Vision ドライバー 347.52
Version: 347.52
Publisher: NVIDIA Corporation
Install Time: 2015/03/13
Size: 29.10 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
----------------------------------------------

Software Name: NVIDIA グラフィックス ドライバー 347.52
Version: 347.52
Publisher: NVIDIA Corporation
Install Time: 2015/03/13
Size: 216.13 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
----------------------------------------------

Software Name: NVIDIA GeForce Experience 2.2.2
Version: 2.2.2
Publisher: NVIDIA Corporation
Install Time: 2015/03/13
Size: 21.89 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
----------------------------------------------

Software Name: NVIDIA 3D Vision コントローラー ドライバー 347.09
Version: 347.09
Publisher: NVIDIA Corporation
Install Time: 2015/03/13
Size: 4.17 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB
----------------------------------------------

Software Name: NVIDIA PhysX システム ソフトウェア 9.14.0702
Version: 9.14.0702
Publisher: NVIDIA Corporation
Install Time: 2015/03/13
Size: 160.75 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
----------------------------------------------

Software Name: NVIDIA HD オーディオ ドライバー 1.3.33.0
Version: 1.3.33.0
Publisher: NVIDIA Corporation
Install Time: 2015/03/13
Size: 4.10 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
----------------------------------------------

Software Name: NVIDIA Miracast 仮想オーディオ 347.52
Version: 347.52
Publisher: NVIDIA Corporation
Install Time: 2015/03/13
Size: 2.83 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Miracast.VirtualAudio
----------------------------------------------

Software Name: Apple Mobile Device Support
Version: 8.1.1.3
Publisher: Apple Inc.
Install Time: 2015/04/29
Size: 27.97 MB
Help info: http://www.apple.com/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4123106-B685-48E6-B9BD-E4F911841EB4}
Uninstall Command: MsiExec.exe /X{C4123106-B685-48E6-B9BD-E4F911841EB4}
----------------------------------------------

Software Name: Apple Application Support(64 ビット)
Version: 3.1.3
Publisher: Apple Inc.
Install Time: 2015/04/29
Size: 109.60 MB
Help info: http://www.apple.com/jp/support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D7B824DE-DA32-4772-9E5E-39C5158136A7}
Uninstall Command: MsiExec.exe /X{D7B824DE-DA32-4772-9E5E-39C5158136A7}
----------------------------------------------

Software Name: Copy
Version: 1.47.410.0
Publisher: Barracuda Networks, Inc.
Install Time: 2014/11/30
Size: 97.52 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}
Uninstall Command: MsiExec.exe /X{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}
----------------------------------------------

Software Name: Update for Japanese Microsoft IME Trending Words Dictionary
Version: 16.0.1515.1
Publisher: Microsoft Corporation
Install Time: 2015/05/29
Size: 9.00 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F3F11FF1-4EF7-4012-A0D7-BC89442FCA4F}
Uninstall Command: MsiExec.exe /X{F3F11FF1-4EF7-4012-A0D7-BC89442FCA4F}
----------------------------------------------

====================================
Browser Plug-ins List
Application Version:4.3.0.118
Windows 8
Exported Time:09-21-2015 11:20:20
====================================

====================================
Browser: Internet Explorer
====================================

************************************
Toolbar
************************************

Name: Yahoo!ツールバー
Version: 2012. 4. 5. 0
Description: Yahoo!ツールバー・本体
Publisher: Yahoo Japan Corporation
Architecture: 32-bit
----------------------------------------------

Name: Trend ツールバー
Version: 7.0.0.1243
Description: Trend Micro TrendSecure
Publisher: Trend Micro, Inc.
Architecture: 32-bit
----------------------------------------------

Name: Send to OneNote
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: OneNote Linked Notes
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Trend ツールバー
Version: 7.0.0.1243
Description: Trend Micro TrendSecure
Publisher: Trend Micro, Inc.
Architecture: 64-bit
----------------------------------------------

Name: Send to OneNote
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

Name: Skype for Business Click to Call
Version: 15.0.4751.1000
Description: Skype for Business
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: OneNote Linked Notes
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

************************************
BHO
************************************

Name: Yahoo!ツールバーフィッシング警告
Version: 2012. 1. 6. 0
Description: Yahoo!ツールバー 拡張機能
Publisher: Yahoo Japan Corporation
Architecture: 32-bit
----------------------------------------------

Name: TSToolbarBHO
Version: 7.0.0.1243
Description: Trend Micro TrendSecure
Publisher: Trend Micro, Inc.
Architecture: 32-bit
----------------------------------------------

Name: Java(tm) Plug-In SSV Helper
Version: 11.60.2.27
Description: Java(TM) Platform SE binary
Publisher: Oracle America, Inc.
Architecture: 32-bit
----------------------------------------------

Name: TmIEPlugInBHO Class
Version: 1.6.0.1102
Description: Trend Micro Osprey IE Plug-In
Publisher: Trend Micro, Inc.
Architecture: 32-bit
----------------------------------------------

Name: Java(tm) Plug-In 2 SSV Helper
Version: 11.60.2.27
Description: Java(TM) Platform SE binary
Publisher: Oracle America, Inc.
Architecture: 32-bit
----------------------------------------------

Name: Yahoo!ツールバーヘルパー
Version: 2012. 4. 5. 0
Description: Yahoo!ツールバー・本体
Publisher: Yahoo Japan Corporation
Architecture: 32-bit
----------------------------------------------

Name: Skype for Business Browser Helper
Version: 15.0.4751.1000
Description: Skype for Business
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: TSToolbarBHO
Version: 7.0.0.1243
Description: Trend Micro TrendSecure
Publisher: Trend Micro, Inc.
Architecture: 64-bit
----------------------------------------------

Name: TmIEPlugInBHO Class
Version: 1.6.0.1102
Description: Trend Micro Osprey IE Plug-In
Publisher: Trend Micro, Inc.
Architecture: 64-bit
----------------------------------------------

Name: Microsoft SkyDrive Pro Browser Helper
Version: 15.0.4753.1000
Description: Microsoft OneDrive for Business Extensions
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

************************************
ActiveX
***************************
  • キツツキ
  • 2015/09/21 (Mon) 11:23:31
返信フォームへ 
Re: DNS Unlockerに感染
続きです。

Name: Windows Media Player
Version: 12.0.9600.17415
Description: Windows Media Player Extension
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: isInstalled Class
Version: 8.0.600.27
Description: Java Web Start ActiveX Control
Publisher: Oracle America, Inc.
Architecture: 32-bit
----------------------------------------------

Name: Windows Media Player
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Windows Script Host Shell Object
Version: 5.8.9600.16384
Description: Windows Script Host Runtime Library
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: Microsoft Web Browser
Version: 11.00.9600.17840
Description: インターネット ブラウザー
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: VLC ActiveX Plugin and IE Web Plugin v2
Version:
Description:
Publisher: VideoLAN
Architecture: 32-bit
----------------------------------------------

Name: RMGetLicense Class
Version: 11.0.9600.17415
Description: DRM ActiveX Network Object
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: Google Update Plugin
Version: 1.3.28.15
Description: Google Update
Publisher: Google Inc
Architecture: 32-bit
----------------------------------------------

Name: Adobe PDF Reader
Version: 11.0.10.32
Description: PDF Browser Control
Publisher: Adobe Systems, Incorporated
Architecture: 32-bit
----------------------------------------------

Name: Shockwave Flash Object
Version: 18.0.0.232
Description: Adobe Flash Player 18.0 r0
Publisher: Microsoft Windows Third Party Application Component
Architecture: 32-bit
----------------------------------------------

Name: Microsoft Silverlight
Version: 5.1.40728.0
Description: 5.1.40728.0
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: XML HTTP Request
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: XML HTTP
Version:
Description:
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Windows Media Player
Version: 12.0.9600.17415
Description: Windows Media Player Extension
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: isInstalled Class
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

Name: Windows Media Player
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

Name: Windows Script Host Shell Object
Version: 5.8.9600.16384
Description: Windows Script Host Runtime Library
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: Microsoft Web Browser
Version: 11.00.9600.17840
Description: インターネット ブラウザー
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: RMGetLicense Class
Version: 11.0.9600.17415
Description: DRM ActiveX Network Object
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: Adobe PDF Reader
Version: 11.0.12.18
Description: PDF Browser Control
Publisher: Adobe Systems, Incorporated
Architecture: 64-bit
----------------------------------------------

Name: Shockwave Flash Object
Version: 18.0.0.232
Description: Adobe Flash Player 18.0 r0
Publisher: Microsoft Windows Third Party Application Component
Architecture: 64-bit
----------------------------------------------

Name: Microsoft Silverlight
Version: 5.1.40728.0
Description: 5.1.40728.0
Publisher: Microsoft Corporation
Architecture: 64-bit
----------------------------------------------

Name: XML HTTP Request
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

Name: XML HTTP
Version:
Description:
Publisher:
Architecture: 64-bit
----------------------------------------------

====================================
Browser: Google Chrome
====================================

====================================
Browser: Mozilla FireFox
====================================

************************************
Extensions
************************************

Name: Trend Micro Toolbar
Version: 7.0.0.1243
Description: Checks the safety of websites before you click the links to open them.
Publisher: Trend Micro
Architecture: 32-bit
----------------------------------------------

Name: Trend Micro Osprey Firefox Extension
Version: 1.6.0.1102
Description: Check the safety of websites, hyperlinks, and wireless network connections.
Publisher: Trend Micro
Architecture: 32-bit
----------------------------------------------

************************************
Plug-ins
************************************

Name: Adobe Acrobat
Version: 11.0.12.18
Description: Adobe PDF Plug-In For Firefox and Netscape 11.0.12
Publisher: Adobe Systems Inc.
Architecture: 32-bit
----------------------------------------------

Name: pmangdiagnostic
Version: 1.0.0
Description: pmang diagnostic plugin
Publisher: gameon
Architecture: 32-bit
----------------------------------------------

Name: pmangsupport
Version: 1.0.1
Description: pmang support plugin
Publisher: gameon
Architecture: 32-bit
----------------------------------------------

Name: AdobeAAMDetect
Version: 3.0.0.0
Description: Creative Cloud Desktop Plugin.v_3_0_0_0
Publisher: Adobe Systems
Architecture: 32-bit
----------------------------------------------

Name: VLC Web Plugin
Version: 2.2.1
Description: VLC media player Web Plugin
Publisher: VideoLAN
Architecture: 32-bit
----------------------------------------------

Name: Google Update
Version: 1.3.28.15
Description: Google Update
Publisher: Google Inc.
Architecture: 32-bit
----------------------------------------------

Name: NVIDIA 3D VISION
Version: 7.17.13.4752
Description: NVIDIA 3D Vision Streaming plugin for Mozilla browsers
Publisher: NVIDIA Corporation
Architecture: 32-bit
----------------------------------------------

Name: NVIDIA 3D Vision
Version: 7.17.13.4752
Description: NVIDIA 3D Vision plugin for Mozilla browsers
Publisher: NVIDIA Corporation
Architecture: 32-bit
----------------------------------------------

Name: Photo Gallery
Version: 16.4.3505.0912_ship.client.main.w5m4 (ship)
Description: NPWLPG
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: Microsoft Office 2013
Version: 15.0.4514.1000
Description: The plugin allows you to have a better experience with Microsoft SharePoint
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: Silverlight Plug-In
Version: 5.1.40728.0
Description: 5.1.40728.0
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: Java(TM) Platform SE 8 U60
Version: 11.60.2.27
Description: Next Generation Java Plug-in 11.60.2 for Mozilla browsers
Publisher: Oracle Corporation
Architecture: 32-bit
----------------------------------------------

Name: Java Deployment Toolkit 8.0.600.27
Version: 11.60.2.27
Description: NPRuntime Script Plug-in Library for Java(TM) Deploy
Publisher: Oracle Corporation
Architecture: 32-bit
----------------------------------------------

Name: CJIJ Launcher plugin 1.0.0.5
Version: 1. 0. 0. 5
Description: CJIJ Launcher Plugin
Publisher: CJ Internet Japan
Architecture: 32-bit
----------------------------------------------

Name: iTunes Application Detector
Version: 1.0.1.1
Description: iTunes Detector Plug-in
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Shockwave Flash
Version: 18.0.0.232
Description: Shockwave Flash 18.0 r0
Publisher:
Architecture: 32-bit
----------------------------------------------

Name: Unity Player
Version: 4.3.5.97542
Description: Unity Player 4.3.5f1
Publisher: Unity Technologies ApS
Architecture: 32-bit
----------------------------------------------

====================================
Browser: Opera
====================================

************************************
Plug-ins
************************************

Name: NPSWF32_18_0_0_232.dll
Version: 18.0.0.232
Description: Adobe® Flash® Player 18.0.0.232 Plugin
Publisher: Adobe Systems Incorporated
Architecture: 32-bit
----------------------------------------------

Name: npitunes.dll
Version: 12.1.2.27
Description:
Publisher: Apple Inc.
Architecture: 32-bit
----------------------------------------------

Name: CJIJ Launcher plugin 1.0.0.5
Version: 1. 0. 0. 5
Description: CJIJ Launcher Plugin
Publisher: CJ Internet Japan
Architecture: 32-bit
----------------------------------------------

Name: Java Deployment Toolkit 8.0.600.27
Version: 11.60.2.27
Description: NPRuntime Script Plug-in Library for Java(TM) Deploy
Publisher: Oracle Corporation
Architecture: 32-bit
----------------------------------------------

Name: Java(TM) Platform SE 8 U60
Version: 11.60.2.27
Description: Next Generation Java Plug-in 11.60.2 for Mozilla browsers
Publisher: Oracle Corporation
Architecture: 32-bit
----------------------------------------------

Name: Silverlight Plug-In
Version: 5.1.40728.0
Description: 5.1.40728.0
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: Microsoft Office 2013
Version: 15.0.4514.1000
Description: The plugin allows you to have a better experience with Microsoft SharePoint
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: Photo Gallery
Version: 16.4.3505.0912_ship.client.main.w5m4 (ship)
Description: NPWLPG
Publisher: Microsoft Corporation
Architecture: 32-bit
----------------------------------------------

Name: NVIDIA 3D Vision
Version: 7.17.13.4752
Description: NVIDIA 3D Vision plugin for Mozilla browsers
Publisher: NVIDIA Corporation
Architecture: 32-bit
----------------------------------------------

Name: NVIDIA 3D VISION
Version: 7.17.13.4752
Description: NVIDIA 3D Vision Streaming plugin for Mozilla browsers
Publisher: NVIDIA Corporation
Architecture: 32-bit
----------------------------------------------

Name: Google Update
Version: 1.3.28.15
Description: Google Update
Publisher: Google Inc.
Architecture: 32-bit
----------------------------------------------

Name: VLC Web Plugin
Version: 2.2.1
Description: VLC media player Web Plugin
Publisher: VideoLAN
Architecture: 32-bit
----------------------------------------------

Name: Adobe Acrobat
Version: 11.0.12.18
Description: Adobe PDF Plug-In For Firefox and Netscape 11.0.12
Publisher: Adobe Systems Inc.
Architecture: 32-bit
----------------------------------------------

Name: AdobeAAMDetect
Version: 3.0.0.0
Description: Creative Cloud Desktop Plugin.v_3_0_0_0
Publisher: Adobe Systems
Architecture: 32-bit
----------------------------------------------

Name: pmangdiagnostic
Version: 1.0.0
Description: pmang diagnostic plugin
Publisher: gameon
Architecture: 32-bit
----------------------------------------------

Name: pmangsupport
Version: 1.0.1
Description: pmang support plugin
Publisher: gameon
Architecture: 32-bit
----------------------------------------------

Name: Unity Player
Version: 4.3.5.97542
Description: Unity Player 4.3.5f1
Publisher: Unity Technologies ApS
Architecture: 32-bit
----------------------------------------------


====================================
Metro Info
Application Version:4.3.0.118
Windows 8
Exported Time:09-21-2015 11:20:20
====================================

Software Name: ムビチケ
Version: 2.0.0.1
Publisher: 株式会社ムビチケ
Install Time: 2012/11/12
Size: 23.4 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\16054EC2.42090C7D459BD_s8x78mhtyb04m\SplashScreen\16054EC2.42090C7D459BD_s8x78mhtyb04m!App
Path: C:\Program Files\WindowsApps\16054EC2.42090C7D459BD_2.0.0.1_x64__s8x78mhtyb04m\
Uninstall Command: 16054EC2.42090C7D459BD_2.0.0.1_x64__s8x78mhtyb04m
----------------------------------------------

Software Name: Canon Inkjet Print Utility
Version: 2.4.0.6
Publisher: Canon Inc.
Install Time: 2014/12/03
Size: 10.4 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\34791E63.CanonInkjetPrintUtility_6e5tt8cgb93ep\SplashScreen\34791E63.CanonInkjetPrintUtility_6e5tt8cgb93ep!App
Path: C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.4.0.6_neutral__6e5tt8cgb93ep\
Uninstall Command: 34791E63.CanonInkjetPrintUtility_2.4.0.6_neutral__6e5tt8cgb93ep
----------------------------------------------

Software Name: Dragonball Card Game
Version: 1.0.0.2
Publisher: Thiago Alcântara Leandro
Install Time: 2013/10/25
Size: 13.8 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\44316ThiagoAlcntaraLeandr.DragonballCardGame_x3aqgq8bm0zy0\SplashScreen\44316ThiagoAlcntaraLeandr.DragonballCardGame_x3aqgq8bm0zy0!App
Path: C:\Program Files\WindowsApps\44316ThiagoAlcntaraLeandr.DragonballCardGame_1.0.0.2_neutral__x3aqgq8bm0zy0\
Uninstall Command: 44316ThiagoAlcntaraLeandr.DragonballCardGame_1.0.0.2_neutral__x3aqgq8bm0zy0
----------------------------------------------

Software Name: Yahoo!オークション (mc)
Version: 2.0.0.4
Publisher: ヤフー株式会社
Install Time: 2013/01/21
Size: 3.0 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\4CFFC7E9.Yahoomc_pwa6bkj9fkgbm\SplashScreen\4CFFC7E9.Yahoomc_pwa6bkj9fkgbm!App
Path: C:\Program Files\WindowsApps\4CFFC7E9.Yahoomc_2.0.0.4_neutral__pwa6bkj9fkgbm\
Uninstall Command: 4CFFC7E9.Yahoomc_2.0.0.4_neutral__pwa6bkj9fkgbm
----------------------------------------------

Software Name: ポンパレ
Version: 1.1.0.2
Publisher: Recruit Holdings Co., Ltd.
Install Time: 2013/01/21
Size: 1.1 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\88D59032.3720871B53F33_66hy87mnnyyhe\SplashScreen\88D59032.3720871B53F33_66hy87mnnyyhe!ShieldApp
Path: C:\Program Files\WindowsApps\88D59032.3720871B53F33_1.1.0.2_neutral__66hy87mnnyyhe\
Uninstall Command: 88D59032.3720871B53F33_1.1.0.2_neutral__66hy87mnnyyhe
----------------------------------------------

Software Name: じゃらん
Version: 1.1.0.4
Publisher: Recruit Holdings Co., Ltd.
Install Time: 2013/10/07
Size: 4.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\88D59032.42081C4E6C4F1_66hy87mnnyyhe\SplashScreen\88D59032.42081C4E6C4F1_66hy87mnnyyhe!ShieldApp
Path: C:\Program Files\WindowsApps\88D59032.42081C4E6C4F1_1.1.0.4_neutral__66hy87mnnyyhe\
Uninstall Command: 88D59032.42081C4E6C4F1_1.1.0.4_neutral__66hy87mnnyyhe
----------------------------------------------

Software Name: ホットペッパー グルメ
Version: 1.1.0.3
Publisher: Recruit Holdings Co., Ltd.
Install Time: 2013/01/21
Size: 1.3 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\88D59032.525896DC6E41C_66hy87mnnyyhe\SplashScreen\88D59032.525896DC6E41C_66hy87mnnyyhe!App
Path: C:\Program Files\WindowsApps\88D59032.525896DC6E41C_1.1.0.3_neutral__66hy87mnnyyhe\
Uninstall Command: 88D59032.525896DC6E41C_1.1.0.3_neutral__66hy87mnnyyhe
----------------------------------------------

Software Name: SUUMO
Version: 1.0.0.3
Publisher: Recruit Holdings Co., Ltd.
Install Time: 2012/12/09
Size: 3.8 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\88D59032.SUUMO_66hy87mnnyyhe\SplashScreen\88D59032.SUUMO_66hy87mnnyyhe!App
Path: C:\Program Files\WindowsApps\88D59032.SUUMO_1.0.0.3_neutral__66hy87mnnyyhe\
Uninstall Command: 88D59032.SUUMO_1.0.0.3_neutral__66hy87mnnyyhe
----------------------------------------------

Software Name: クックパッド
Version: 1.1.0.10
Publisher: COOKPAD
Install Time: 2012/12/09
Size: 1.5 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\COOKPAD.cookpad_4kc63px8q9g14\SplashScreen\COOKPAD.cookpad_4kc63px8q9g14!App
Path: C:\Program Files\WindowsApps\COOKPAD.cookpad_1.1.0.10_neutral__4kc63px8q9g14\
Uninstall Command: COOKPAD.cookpad_1.1.0.10_neutral__4kc63px8q9g14
----------------------------------------------

Software Name: Hulu
Version: 1.3.0.40
Publisher: Hulu.
Install Time: 2012/12/09
Size: 8.0 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\HuluLLC.Hulu_fphbd361v8tya\SplashScreen\HuluLLC.Hulu_fphbd361v8tya!App
Path: C:\Program Files\WindowsApps\HuluLLC.Hulu_1.3.0.40_x64__fphbd361v8tya\
Uninstall Command: HuluLLC.Hulu_1.3.0.40_x64__fphbd361v8tya
----------------------------------------------

Software Name: マネー
Version: 3.0.4.336
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 28.8 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFinance_8wekyb3d8bbwe\SplashScreen\Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance
Path: C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.336_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingFinance_3.0.4.336_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: フード&レシピ
Version: 3.0.4.336
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 23.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\SplashScreen\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink
Path: C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: 地図
Version: 2.1.3230.2048
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 17.0 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingMaps_8wekyb3d8bbwe\SplashScreen\Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps
Path: C:\Program Files\WindowsApps\Microsoft.BingMaps_2.1.3230.2048_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingMaps_2.1.3230.2048_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: ニュース
Version: 3.0.4.336
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 24.9 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe\SplashScreen\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews
Path: C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingNews_3.0.4.336_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: スポーツ
Version: 3.0.4.336
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 27.5 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingSports_8wekyb3d8bbwe\SplashScreen\Microsoft.BingSports_8wekyb3d8bbwe!AppexSports
Path: C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.336_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingSports_3.0.4.336_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: トラベル
Version: 3.0.4.336
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 27.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingTravel_8wekyb3d8bbwe\SplashScreen\Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel
Path: C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: 天気
Version: 3.0.4.336
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 25.7 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe\SplashScreen\Microsoft.BingWeather_8wekyb3d8bbwe!App
Path: C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.336_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingWeather_3.0.4.336_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Fresh Paint
Version: 2.0.15068.1
Publisher: Microsoft Corporation
Install Time: 2012/10/16
Size: 114.9 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.FreshPaint_8wekyb3d8bbwe\SplashScreen\Microsoft.FreshPaint_8wekyb3d8bbwe!Microsoft.FreshPaint
Path: C:\Program Files\WindowsApps\Microsoft.FreshPaint_2.0.15068.1_x86__8wekyb3d8bbwe\
Uninstall Command: Microsoft.FreshPaint_2.0.15068.1_x86__8wekyb3d8bbwe
----------------------------------------------

Software Name: ヘルプ+使い方
Version: 6.3.9654.20559
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 32.8 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.HelpAndTips_8wekyb3d8bbwe\SplashScreen\Microsoft.HelpAndTips_8wekyb3d8bbwe!HelpAndTips
Path: C:\Program Files\WindowsApps\Microsoft.HelpAndTips_6.3.9654.20559_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.HelpAndTips_6.3.9654.20559_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Microsoft Mahjong
Version: 2.4.1412.2202
Publisher: Microsoft Studios
Install Time: 2013/10/07
Size: 165.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\SplashScreen\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong
Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MicrosoftMahjong_2.4.1412.2202_x86__8wekyb3d8bbwe
----------------------------------------------

Software Name: Microsoft Minesweeper
Version: 2.4.1408.2503
Publisher: Microsoft Studios
Install Time: 2013/10/08
Size: 118.5 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe\SplashScreen\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe!App
Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.4.1408.2503_x86__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MicrosoftMinesweeper_2.4.1408.2503_x86__8wekyb3d8bbwe
----------------------------------------------

Software Name: Microsoft Solitaire Collection
Version: 2.7.1508.1402
Publisher: Microsoft Studios
Install Time: 2013/01/14
Size: 130.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\SplashScreen\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App
Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.7.1508.1402_x86__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MicrosoftSolitaireCollection_2.7.1508.1402_x86__8wekyb3d8bbwe
----------------------------------------------

Software Name: リーダー
Version: 6.4.9926.17994
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 13.5 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Reader_8wekyb3d8bbwe\SplashScreen\Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader
Path: C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Taptiles
Version: 2.4.1412.201
Publisher: Microsoft Studios
Install Time: 2013/10/07
Size: 126.1 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Taptiles_8wekyb3d8bbwe\SplashScreen\Microsoft.Taptiles_8wekyb3d8bbwe!App
Path: C:\Program Files\WindowsApps\Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe
----------------------------------------------

Software Name: アラーム
Version: 6.3.9654.20335
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 5.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SplashScreen\Microsoft.WindowsAlarms_8wekyb3d8bbwe!App
Path: C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_6.3.9654.20335_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WindowsAlarms_6.3.9654.20335_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: カレンダー
Version: 17.5.9600.20911
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 34.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SplashScreen\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar
Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\
Uninstall Command: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: メール
Version: 17.5.9600.20911
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 34.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SplashScreen\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\
Uninstall Command: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: People
Version: 17.5.9600.20911
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 34.6 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SplashScreen\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.People
Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\
Uninstall Command: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: スキャン
Version: 6.3.9654.17133
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 3.1 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsScan_8wekyb3d8bbwe\SplashScreen\Microsoft.WindowsScan_8wekyb3d8bbwe!App
Path: C:\Program Files\WindowsApps\Microsoft.WindowsScan_6.3.9654.17133_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WindowsScan_6.3.9654.17133_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Xbox 360 SmartGlass
Version: 1.4.3.0
Publisher: Microsoft Corporation
Install Time: 2012/12/09
Size: 62.3 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxCompanion_8wekyb3d8bbwe\SplashScreen\Microsoft.XboxCompanion_8wekyb3d8bbwe!Microsoft.XboxCompanion
Path: C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: ゲーム
Version: 2.0.139.0
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 28.3 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxLIVEGames_8wekyb3d8bbwe\SplashScreen\Microsoft.XboxLIVEGames_8wekyb3d8bbwe!Microsoft.XboxLIVEGames
Path: C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: ミュージック
Version: 2.6.672.0
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 57.8 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe\SplashScreen\Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
Path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: ビデオ
Version: 2.6.441.0
Publisher: Microsoft Corporation
Install Time: 2014/09/24
Size: 51.1 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneVideo_8wekyb3d8bbwe\SplashScreen\Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo
Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.441.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.ZuneVideo_2.6.441.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: LINE
Version: 1.0.12.102
Publisher: LINE Corporation
Install Time: 2014/04/17
Size: 8.8 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\NAVER.LINEwin8_8ptj331gd3tyt\SplashScreen\NAVER.LINEwin8_8ptj331gd3tyt!App
Path: C:\Program Files\WindowsApps\NAVER.LINEwin8_1.0.12.102_x64__8ptj331gd3tyt\
Uninstall Command: NAVER.LINEwin8_1.0.12.102_x64__8ptj331gd3tyt
----------------------------------------------

Software Name: NAVITIME
Version: 2.0.3.0
Publisher: NAVITIME JAPAN
Install Time: 2013/01/21
Size: 15.4 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\NAVITIMEJAPAN.NAVITIMEformousecomputer_7h0f4kpf7b3ct\SplashScreen\NAVITIMEJAPAN.NAVITIMEformousecomputer_7h0f4kpf7b3ct!App
Path: C:\Program Files\WindowsApps\NAVITIMEJAPAN.NAVITIMEformousecomputer_2.0.3.0_neutral__7h0f4kpf7b3ct\
Uninstall Command: NAVITIMEJAPAN.NAVITIMEformousecomputer_2.0.3.0_neutral__7h0f4kpf7b3ct
----------------------------------------------

Software Name: Abilie
Version: 1.0.1.2
Publisher: OKWave
Install Time: 2012/12/09
Size: 1.7 MB
Registry Key: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\OKWave.Abilie_1jxzhqrt4dk8m\SplashScreen\OKWave.Abilie_1jxzhqrt4dk8m!App
Path: C:\Program Files\WindowsApps\OKWave.Abilie_1.0.1.2_neutral__1jxzhqrt4dk8m\
Uninstall Command: OKWave.Abilie_1.0.1.2_neutral__1jxzhqrt4dk8m
----------------------------------------------


  • キツツキ
  • 2015/09/21 (Mon) 11:25:23
返信フォームへ 
IUで処置を
ログを確認したところ、感染源となったものがいくつか出てきています。
IUを利用してそれらを処置しましょう。

以下のソフトウェアをIUを利用して削除してください。
削除後はパワフルスキャンを行い、検出されたものすべてを削除してください。

VideoPad 動画編集ソフト
VLC media player
XMedia Recode
Explzh for Windows

IUを起動させ、ツールバー/プラグイン⇒Internet ExplorerからBHOを選択して以下を削除してください。

Yahoo!ツールバーフィッシング警告
Yahoo!ツールバーヘルパー
Skype for Business Browser Helper

ツールバー/プラグイン⇒Internet ExplorerからActiveXを選択して以下を削除してください。

VLC ActiveX Plugin and IE Web Plugin v2

ツールバー/プラグイン⇒Mozilla Firefoxからプラグインを選択して以下を削除してください。

VLC Web Plugin

ツールバー/プラグイン⇒Operaからプラグインを選択して以下を削除してください。

VLC Web Plugin

以下のソフトウェアは旧バージョンです。
URLから最新バージョンをインストールしてください。

Skype
http://www.skype.com/ja/download-skype/skype-for-computer/

Adobe Reader XI
https://get.adobe.com/jp/reader/
オプションのプログラムのチェックを必ず外してからダウンロードしてください。

ここまで終わりましたら、HJTのログ、CCのインストール情報ログを取得し、
それらを貼り付けてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/21 (Mon) 17:29:18
返信フォームへ 
Re: DNS Unlockerに感染
ログです

HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:34:43, on 2015/09/22
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.3 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\FolderSize\FolderSize.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\【ユーザー名】\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Trend Micro Osprey BHO - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll (file missing)
O3 - Toolbar: Trend ツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Folder Size] C:\Program Files (x86)\FolderSize\FolderSize.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: LilyCalendar.lnk = C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: コンテンツ管理アシスタント for PlayStation(R).lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: CyberLink Product - 2013/02/22 15:02:51 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: CypherGuard cguard Service 32bit Edition - CypherTec Inc. - C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe
O23 - Service: CypherGuard cguard Service 64bit Edition - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe
O23 - Service: CypherGuard Info Service - CypherTec Inc. - C:\Program Files\Common Files\CypherTec\cthwsrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: インテル(R) ラピッド・ストレージ・テクノロジー (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\elecom\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\elecom\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16252 bytes
  • キツツキ
  • 2015/09/22 (Tue) 22:36:36
返信フォームへ 
Re: DNS Unlockerに感染
CC(win)

有効 HKCU:Run ApplePhotoStreams Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
有効 HKCU:Run Folder Size Brio C:\Program Files (x86)\FolderSize\FolderSize.exe
有効 HKCU:Run iCloudServices Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
有効 HKCU:Run OneDrive Microsoft Corporation "C:\Users\【ユーザー名】\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
無効 HKCU:Run Rainlendar2 Rainy C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
有効 HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
有効 HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
有効 HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
有効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
有効 HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run IAStorIcon Intel Corporation C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run Launch LCore Logitech Inc. C:\Program Files\Logicool Gaming Software\LCore.exe /minimized
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
有効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
有効 HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
無効 Startup Common LilyCalendar.lnk sakura apps C:\Program Files (x86)\LilyCalendar\LilyCalendar.exe
有効 Startup Common クライアントマネージャV.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup Common コンテンツ管理アシスタント for PlayStation(R).lnk Sony Computer Entertainment Inc. C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
無効 Startup User Rainmeter.lnk Open Source Developer, Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe
  • キツツキ
  • 2015/09/22 (Tue) 22:40:04
返信フォームへ 
Re: DNS Unlockerに感染
CC(IE)

無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
有効 Extension Skype for Business Click to Call C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
無効 Helper Microsoft SkyDrive Pro Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll
無効 Helper TmIEPlugInBHO Class Trend Micro Inc. C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll
無効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
無効 Helper TSToolbarBHO Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
無効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
無効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
無効 Toolbar Yahoo!ツールバー C:\Program Files (x86)\Yahoo!J\Toolbar\7_3_0_18\Modules\YahooToolBar.dll
  • キツツキ
  • 2015/09/22 (Tue) 22:41:46
返信フォームへ 
Re: DNS Unlockerに感染
CC(FF)

無効 Extension Trend Micro Osprey Firefox Extension 1.6.0.1102 Trend Micro default Firefox 40.0.3 C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 7.0.0.1243 Trend Micro default Firefox 40.0.3 C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
有効 Plugin Adobe Acrobat 11.0.12.18 default Firefox 40.0.3 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin AdobeAAMDetect 3.0.0.0 Adobe Systems default Firefox 40.0.3 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
有効 Plugin CJIJ Launcher plugin 1.0.0.5 1.0.0.5 CJ Internet Japan default Firefox 40.0.3 C:\Program Files (x86)\CJIJ\npCJIJLauncher.dll
有効 Plugin Google Update 1.3.28.15 Google Inc. default Firefox 40.0.3 C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default Firefox 40.0.3 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Java Deployment Toolkit 8.0.600.27 11.60.2.27 Oracle Corporation default Firefox 40.0.3 C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll
有効 Plugin Java(TM) Platform SE 8 U60 11.60.2.27 Oracle Corporation default Firefox 40.0.3 C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll
有効 Plugin Microsoft Office 2013 15.0.4514.1000 Microsoft Corporation default Firefox 40.0.3 C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
有効 Plugin NVIDIA 3D Vision 7.17.13.4752 NVIDIA Corporation default Firefox 40.0.3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
有効 Plugin NVIDIA 3D VISION 7.17.13.4752 NVIDIA Corporation default Firefox 40.0.3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
有効 Plugin Photo Gallery 16.4.3505.912 Microsoft Corporation default Firefox 40.0.3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin pmangdiagnostic 1.0.0.1 gameon default Firefox 40.0.3 C:\GameOn\Common files\nppmangdiagnostic.dll
有効 Plugin pmangsupport 1.0.0.1 gameon default Firefox 40.0.3 C:\GameOn\Common files\nppmangsupport.dll
有効 Plugin Shockwave Flash 18.0.0.232 default Firefox 40.0.3 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
有効 Plugin Silverlight Plug-In 5.1.40728.0 Microsoft Corporation default Firefox 40.0.3 c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
有効 Plugin Unity Player 4.3.5.32006 Unity Technologies ApS default Firefox 40.0.3 C:\Users\【ユーザー名】\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
無効 Plugin VLC Web Plugin 2.2.1.0 default Firefox 40.0.3 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
  • キツツキ
  • 2015/09/22 (Tue) 22:42:50
返信フォームへ 
Re: DNS Unlockerに感染
CC(タスク)

有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task Adobe Flash Player PPAPI Notifier Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe -check pepperplugin
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task AdobeAAMUpdater-1.0-hiro-【ユーザー名】 Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
有効 Task AdobeAAMUpdater-1.0-HIROAKI-【ユーザー名】 Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
有効 Task Apple Diagnostics Apple Inc. C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Microsoft OneDrive Auto Update Task-S-1-5-21-1986508758-1585181776-1248126739-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDrive.exe
有効 Task Opera scheduled Autoupdate 1423651649 Opera Software C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate
有効 Task Optimize Start Menu Cache Files-S-1-5-21-1986508758-1585181776-1248126739-1001
有効 Task Titanium BTC Trend Micro Inc. C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe -btc
有効 Task Uninstaller_SkipUac_【ユーザー名】 IObit C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
有効 Task {3015A55F-6F87-4C55-946D-7BCB23334334} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\【ユーザー名】\Downloads\ShukuSen150.exe -d C:\Users\【ユーザー名】\Downloads
有効 Task {7DE26901-5AA7-426A-A4FE-27F9B3F2ECDB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\【ユーザー名】\Downloads\forge-1.7.10-10.13.1.1222-installer-win.exe -d C:\Users\【ユーザー名】\Downloads
有効 Task {9A763C48-1541-4E08-A714-ED2C87D21793} Google Inc. "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.9.0.106/ja/abandoninstall?source=lightinstaller&page=tsInstall
  • キツツキ
  • 2015/09/22 (Tue) 22:46:20
返信フォームへ 
Re: DNS Unlockerに感染
CC(コンテキスト)

有効 Directory 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 Directory IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 File 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 File AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 File CopyShExt Barracuda Networks, Inc. C:\Users\【ユーザー名】\AppData\Roaming\Copy\overlay\CopyShExt.dll
有効 File IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 File MBAMShlExt C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder 7-Zip Igor Pavlov C:\Program Files (x86)\7-Zip\7-zip.dll
有効 Folder AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 Folder CopyShExt Barracuda Networks, Inc. C:\Users\【ユーザー名】\AppData\Roaming\Copy\overlay\CopyShExt.dll
有効 Folder IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll
  • キツツキ
  • 2015/09/22 (Tue) 22:47:14
返信フォームへ 
そちらはスタートアップログです
CCの取得いただくログが間違っています。
あって困るログではないので良いのですが、
今回取得いただくログはインストール情報ログです。
今回取得なされたのはスタートアップログです。
お手数ですがインストール情報ログを再取得し、
そちらを貼り付けてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/22 (Tue) 23:28:32
返信フォームへ 
Re: DNS Unlockerに感染
すみません。取得し直した、インストールに関するログです。

+Lhaca 2014/12/01
7-Zip 9.20 2014/12/01
7-Zip 9.38 (x64 edition) Igor Pavlov 2015/05/20 4.66 MB 9.38.00.0
777タウン.net Sammy NetWorks Co.,Ltd. 2013/12/29 3.0.0.65
ActivePerl 5.16.3 Build 1603 (64-bit) ActiveState 2013/10/18 83.3 MB 5.16.1603
Adobe AIR Adobe Systems Incorporated 2014/12/01 15.0.0.356
Adobe Creative Cloud Adobe Systems Incorporated 2015/08/07 287 MB 3.2.0.129
Adobe Flash Player 19 NPAPI Adobe Systems Incorporated 2015/09/22 17.9 MB 19.0.0.185
Adobe Flash Player 19 PPAPI Adobe Systems Incorporated 2015/09/22 18.4 MB 19.0.0.185
Adobe Illustrator CC 2014 Adobe Systems Incorporated 2015/01/16 907 MB 18.1.1
Adobe Lightroom Adobe Systems Incorporated 2015/08/08 1.42 GB 6.1.1
Adobe Photoshop CC 2015 Adobe Systems Incorporated 2015/08/07 1.90 GB 16.0.1
AGMDecoder64 T.Ishii (t-ishii@js2.so-net.ne.jp) 2015/09/12 224 KB 1.1.1
Amazon Kindle Amazon 2015/06/24
AMV4 Video Codec amaman 2015/02/21 3.73 MB 4.02
AmvVideoCodec 2014/12/01
Android SDK Tools Google Inc. 2014/12/01 1.16
Apple Application Support(32 ビット) Apple Inc. 2015/04/29 94.2 MB 3.1.3
Apple Application Support(64 ビット) Apple Inc. 2015/04/29 109 MB 3.1.3
Apple Mobile Device Support Apple Inc. 2015/04/29 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 2013/10/09 2.38 MB 2.1.3.127
Black Desert GameOn 2015/05/17 6
Bonjour Apple Inc. 2013/10/09 2.00 MB 3.0.0.10
BUFFALO クライアントマネージャV をアンインストール BUFFALO INC. 2014/07/19 10.2 MB 1.5.0
CCleaner Piriform 2014/12/01 4.15
CJIJ_Launcher(1.0.0.5) CJ Internet Japan, Inc. 2013/11/13 2.03 MB
clockmascotalice UNKNOWN 2014/12/01 1.0
Common GameOn 2015/05/16 13062208
Copy Barracuda Networks, Inc. 2014/11/08 97.5 MB 1.47.410.0
CopyTrans Suite削除専用 WindSolutions 2015/01/21 2.37
Creation Kit bgs.bethsoft.com 2014/12/01
CyberLink Media Suite 10 CyberLink Corp. 2014/12/01 1.05 GB 10.0
CyberLink PowerProducer 5.5 CyberLink Corp. 2013/02/22 168 MB 5.5.3.4118
Deck Builder for Duel Masters 2014/12/01
DMM電子書籍ビューア x64 Edition 2014/05/28
Driver_DC1150_v1.1.0.89_64bit 会社名 2013/11/06 1.79 MB 1.1.0.89
EveryonePiano 1.7 EveryonePiano.com 2015/05/13 1.7.1.12
FFsplit version 0.7 FFsplit Team 2015/05/20 12.2 MB 0.7
Folder Size Brio 2015/05/16 426 KB 2.6
Genymotion version 2.3.1 Genymobile 2014/12/03 187 MB 2.3.1
giam209 2014/12/01
Google Chrome Google Inc. 2015/09/05 45.0.2454.93
honestech VHS to DVD 2.5 SE honestech 2013/12/04 2.5
iCloud Apple Inc. 2015/04/29 89.5 MB 4.0.6.28
Inkscape 0.48.4 2014/12/01 0.48.4
Intel(R) Rapid Storage Technology Intel Corporation 2013/10/06 11.7.0.1013
IObit Uninstaller IObit 2015/06/24 4.3.0.118
iTunes Apple Inc. 2015/04/29 233 MB 12.1.2.27
Java 8 Update 60 Oracle Corporation 2015/09/07 20.6 MB 8.0.600.27
Java SE Development Kit 8 Update 25 (64-bit) Oracle Corporation 2014/11/22 311 MB 8.0.250.18
Java SE Development Kit 8 Update 5 (64-bit) Oracle Corporation 2014/04/26 248 MB 8.0.50
Left 4 Dead 2 Valve 2014/12/01
LightWave 2015.2 64bit 日本語版 D-STORM, Inc. 2015/09/18 2015.2
LilyCalendar SakuraApps 2015/07/11 8.37 MB
Live2D Cubism 2.1 Live2D Inc. 2015/09/22 2.1
Live2D Viewer Live2D Inc. 2015/09/22 2.1.12
Logicool ゲームソフトウェア 8.55 Logicool 2014/12/01 85.3 MB 8.55.137
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2015/09/11 19.3 MB 1.75.0.1300
MCSkin3D バージョン 1.3 Altered Softworks & MCSkin3D Development Team 2015/03/13 6.04 MB 1.3
MGSPlayer Media Global Stage Co.Ltd. 2014/04/19 3.07 MB 1.2.2
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2015/03/16 2.93 MB 4.0.40804.0
Microsoft Office Professional 2013 - ja-jp Microsoft Corporation 2015/09/17 15.0.4753.1002
Microsoft OneDrive Microsoft Corporation 2015/09/16 36.1 MB 17.3.5951.0827
Microsoft Silverlight Microsoft Corporation 2015/08/13 199 MB 5.1.40728.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/02/22 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2013/02/22 4.84 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 2014/12/03 7.51 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2014/03/09 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2014/03/09 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2013/02/22 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2013/12/01 8.05 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2013/10/07 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2015/02/13 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/04/22 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/04/22 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/04/22 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2015/08/07 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2015/08/07 17.1 MB 12.0.30501.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2015/02/13 10.0.50903
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 2015/02/13 10.0.50903
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 2014/04/10 9.44 MB 4.0.20823.0
Minecraft Mojang 2015/05/11 1.22 MB 1.0.3.0
Mozilla Firefox 40.0.3 (x86 ja) Mozilla 2015/09/02 85.0 MB 40.0.3
Mozilla Maintenance Service Mozilla 2015/09/02 379 KB 40.0.3.5716
Niconico Live Encoder niwango, inc. 2014/12/25 2.0.4
NifSkope (remove only) 2014/12/01
NVIDIA 3D Vision コントローラー ドライバー 347.09 NVIDIA Corporation 2015/03/13 347.09
NVIDIA 3D Vision ドライバー 347.52 NVIDIA Corporation 2015/03/13 347.52
NVIDIA GeForce Experience 2.2.2 NVIDIA Corporation 2015/03/13 2.2.2
NVIDIA HD オーディオ ドライバー 1.3.33.0 NVIDIA Corporation 2015/03/13 1.3.33.0
NVIDIA Miracast 仮想オーディオ 347.52 NVIDIA Corporation 2015/03/13 347.52
NVIDIA PhysX システム ソフトウェア 9.14.0702 NVIDIA Corporation 2015/03/13 9.14.0702
NVIDIA グラフィックス ドライバー 347.52 NVIDIA Corporation 2015/03/13 347.52
Opera Stable 32.0.1948.25 Opera Software 2015/09/17 32.0.1948.25
Oracle VM VirtualBox 4.2.12 Oracle Corporation 2014/12/03 134 MB 4.2.12
PHANTASY STAR ONLINE 2 SEGA 2013/12/06 7.51 MB
PhotoScape 2014/12/01
PictBear Version 2.04 Fenrir Inc. 2014/12/03 7.67 MB
Pmangインストールマネージャー GameOn,Pmang 2015/05/16 1.0.1.1
Rainlendar2 (remove only) 2015/07/11
Rainmeter 2015/07/12 3.2.1 r2386
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/12/01 6.0.1.6662
Sentinel Protection Installer 7.6.7 SafeNet, Inc. 2015/08/07 5.92 MB 7.6.7
SoundEngine Free Coderium 2013/11/02 5.1.0.5
Steam Valve Corporation 2014/12/01
TechFun-Eclipse Tech Fun corp. 2014/12/01 3.7.1
Tera Term 4.85 2014/12/17 11.0 MB
TeraPad 2014/12/01
The Elder Scrolls V: Skyrim Bethesda Game Studios 2014/12/01
Unity Unity Technologies ApS 2014/12/01
Unity Web Player Unity Technologies ApS 2014/12/01 12.0 MB
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/12/03 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2015/09/07 41.7 MB 16.0.1404.1
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2015/09/07 11.6 MB 15.0.2013
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2015/05/29 9.00 KB 16.0.1515.1
WDC-433SU2M ドライバー elecom 2014/08/03 1.5.28.0.4
Windows Live Essentials Microsoft Corporation 2013/02/22 16.4.3505.0912
WorldPainter 1.10.4 pepsoft.org 2015/01/29 1.10.4
Yahoo!ツールバー Yahoo! JAPAN. 2014/12/01 2.77 MB 7.3.0.18
やります!アンコちゃん 2.2.0.6 居酒屋「めがね」 2015/08/12 2.2.0.6
ウイルスバスター クラウド トレンドマイクロ株式会社 2014/10/11 450 MB 7.0
カスタムメイド3D 2 Edit体験版 KISS 2015/08/02 1.03 GB
コンテンツ管理アシスタント for PlayStation(R) Sony Computer Entertainment Inc. 2013/12/01 6.33 MB 3.00.7187.47
チルトシフトスタジオ GRAFFICIA 2013/10/23 19.4 MB 1.10.0
デザインドール Terawell 2014/04/10 42.2 MB 5.6
デスクトップカレンダー 2.2.1.3583 DesktopCal, Inc. 2015/07/11 2.2.1.3583
リサイズ超簡単!Pro v3.17 2014/12/01
寝取られ新婚生活&お別れ温泉旅行セット 2015/07/11
抽選王 古川 明人 2014/06/08 4.87 MB 0.61.1
野田工房ランタイムVer.1.2.1のインストール 2014/12/01
  • キツツキ
  • 2015/09/22 (Tue) 23:54:32
返信フォームへ 
もう少しだけ調べてみますか
ログ上では一通りの問題は解決しているみたいですが、
前回みたいにまだ何か潜んでいると言う可能性もありますので、
念のためにもう少し調べてみることにしましょう。

以下のソフトウェアをご用意ください。

ComboFix(通称:CF)
http://www.bleepingcomputer.com/download/combofix/dl/12/
ページを表示後しばらくすると自動的にダウンロードが開始されます。
分かりやすい場所に保存してください。
削除時はキーボードの左側いあるCtrlとAltの間のスタートボタンを押しながらRキーを押します。
プログラムを指定して実行が表示されますので、以下の一行を入力して削除してください。
combofix /uninstall
半角スペースも忘れずに入力してください。
見つからないと出た場合に限り、そのままファイルごと削除してください。

準備ができたら作業を開始します。

本作業はすべて通常モードにて行います。
CFを起動させてください。
同意します(I Agree)のボタンを押します。
自動的にスキャンが開始されますので、終了するまでお待ちください。
スキャン途中でWarning!!と言う表示が出る場合があります。
こちらが表示はセキュリティソフトのリアルタイム監視が有効であるとの警告です。
こちらが表示された場合はセキュリティソフトのリアルタイム監視を一時的に無効に設定してください。
無効に設定したらCFのOKボタンを押して作業を進めてください。
駆除画面が切り替わってスキャンを続行しますが、スキャン完了まで10分少々お待ちくださいと出るものの、
10分では終わらないことが多々ありますので、それなりに気長にお待ちください。
スキャン途中で問題のあるファイルが見つかると自動的に削除が実行されます。
Do not run any programs until ComboFix has finishedと表示されたら、
ブラウザを含めて一切のソフトウェアの起動を控え、完全に放置してください。
このとき調査の障害となるものは自動的に終了させられます。
そのまま放置すると処置結果が表示されますので、処置結果を分かりやすい場所に保存してください。
保存が完了しましたらPCを手動で再起動してください。
再起動が完了しましたら、CFのログを貼り付けてご連絡をお願いいたします。
  • IVNO
  • MAIL
  • 2015/09/23 (Wed) 02:54:29
返信フォームへ 
Re: DNS Unlockerに感染
すみません、このソフトはどうやらwin8.1には非対応のようで、使う事が出来ません。
  • キツツキ
  • 2015/09/23 (Wed) 09:50:21
返信フォームへ 
非対応でしたか
CFは8.1非対応でしたか。
動作確認まではしていなくて申し訳ありません。
では仕方ありませんので、もっと別の方法で調査しましょう。

さてここからはログ取得の手順です。
以下の一行をメモ帳にコピーして保存してください。

dir %appdata% /b /a /s > %userprofile%\Desktop\Roaming.txt

保存が完了しましたらPCをセーフモードで起動させてください。
セーフモードで起動しましたら、スタートボタン⇒すべてのプログラム⇒アクセサリ⇒コマンドプロンプトを右クリックし、
管理者として実行をクリックしてください。
コマンドプロンプトが管理者権限で起動したら、上記で保存したメモ帳を開いてください。
dir %appdata% /b /a /s > %userprofile%\Desktop\Roaming.txtコマンドをコピーし、右クリックで貼り付けてください。
コマンドプロンプトの文字入力部分が新しく表示されたら完了となります。
該当のログはデスクトップ上にRoaming.txtと言う名称で出力されます。
ログの出力を確認したらPCを通常モードで再起動し、ログを私のメールアドレス宛ファイルごと送信してください。
  • IVNO
  • MAIL
  • 2015/09/23 (Wed) 11:57:25
返信フォームへ 
お待たせしました
ここしばらく頭痛に苛まれていたため、臥せっていました。
ログを確認いたしましたが、オンラインゲームのBOT化ツールが入っています。
C:\Users\xof\AppData\Roaming\UWSC
BOT化ツールは不法ではありませんが、ゲームバランスを著しく損なうため間違いなく不正です。
そしてこういう不正ツールを使用している人は、感染しても泣き寝入りするほかありませんので、
こういうツールを餌にマルウェアを仕込まれることも珍しくありません。
それにいただいたログを見て実際にマルウェア感染を確認しました。
うち2種類はツールでも恐らく駆除できるでしょう。
しかし残り2種類はこれまでツールで検出されたと言う話を聞かないものでした。
現状で不正行為の痕跡が残っているほか、ご提示いただいたこの一部のログだけでもこの状態ですから、
全体を見ればもっとマルウェアも見つかるでしょう。
このうち検出されないもののうちの1つは特に危険です。
Gmailのアカウントを盗難、インストールされたソフトウェアのリストを盗難、
メーラーのメールアカウントを盗難、PC内の情報をトレース、Windows丸ごとバックアップと、
まるっきり同じPCを複製するためのマルウェアとなります。
メールアカウントがなぜGmail限定なのかは謎ですが、恐らく利用者数の関係でしょう。
と言うことでこんな状態ですから、リカバリが必須となります。
  • IVNO
  • MAIL
  • 2015/10/01 (Thu) 18:17:21
返信フォームへ 

返信フォーム
プレビュー (投稿前に内容を確認)
  
Template by  マシマロック