悪代官の伏魔殿掲示板
広告やポップアップに悩まされています
初めまして、広告やポップアップに悩まされ自分では対処できないのでこちらでご相談したいと思います。

数ヶ月前にOneSystemCareというウイルスの感染を許してしまい、そこからDNSUnlockerなどにも感染してしまいました。
既にシステムの復元や、AdwCleaner、2014年版?のカスペルスキーでの削除やスキャンは試しました。

webページが開けても変なURLを読み込んでいて不安で仕方がないです
ウイルスに感染して面白いことと言えばカスペルスキーのバナーブロック件数が50000件を超えることくらいです、どうかご教授お願いいたします。


HJTのログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:27:15, on 2016/05/15
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)

FIREFOX: 45.0 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMECMNT.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Program Files (x86)\PIXELA\StationTV_S\StationTV_S.exe
C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Common Files\Overwolf\0.94.19.0\OverwolfHelper.exe
C:\Program Files (x86)\Overwolf\0.94.19.0\Purplizer\Purplizer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Overwolf\0.94.19.0\OverwolfTSHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Overwolf\0.94.19.0\OverwolfBrowser.exe
C:\Program Files (x86)\Overwolf\0.94.19.0\OverwolfBrowser.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Download\HijackThis (1).exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (file missing)
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files (x86)\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [IME14 JPN Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
O4 - HKLM\..\Run: [Dare-U mouse] "C:\Program Files (x86)\Gaming Mouse\Monitor.exe"
O4 - HKLM\..\Run: [RoccatKonePure] "C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ApplicationManager] C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] D:\Dxtory2.0\UpdateChecker.exe
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [StationTV_S] C:\Program Files (x86)\PIXELA\StationTV_S\StationTV_S.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'Default user')
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: AirStation おたすけナビ.lnk = C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: バナー広告対策に追加 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O9 - Extra button: セキュリティキーボード - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: 危険サイト診断 - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{685E7831-4A25-4E59-98CC-518F857F5C43}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{685E7831-4A25-4E59-98CC-518F857F5C43}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{685E7831-4A25-4E59-98CC-518F857F5C43}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BWH32S - Buffalo Inc. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: CyberLink Product - 2014/10/26 21:28:10 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: StationTV_S Collaborate Service (STVSCollaborateService) - Unknown owner - C:\Program Files (x86)\PIXELA\StationTV_S\STVSService.exe
O23 - Service: StationTV_S Service (STVSService) - Unknown owner - C:\Program Files (x86)\PIXELA\StationTV_S\STVSService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wireless Diagnosis (WirelessDiagnosis) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\WDTool\bwdbackground.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 18688 bytes


CCのログ

Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2016/05/13 219 MB 15.016.20039
Adobe AIR Adobe Systems Incorporated 2016/04/16 21.0.0.198
Adobe Creative Cloud Adobe Systems Incorporated 2015/09/24 279 MB 3.3.0.151
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 2016/05/13 5.15 MB 21.0.0.242
Adobe Flash Player 21 NPAPI Adobe Systems Incorporated 2016/05/14 5.71 MB 21.0.0.242
Adobe Photoshop CS2 Adobe Systems, Inc. 2015/05/10 9.0
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 2015/06/02 12.1.8.158
Alliance of Valiant Arms 株式会社ゲームオン 2015/09/20 238
Amazon Assistant Amazon 2016/04/03 2.3.4
Apple Application Support(32 ビット) Apple Inc. 2016/03/28 117 MB 4.3
Apple Application Support(64 ビット) Apple Inc. 2016/03/28 131 MB 4.3
Apple Mobile Device Support Apple Inc. 2016/03/28 28.5 MB 9.3.0.15
Apple Software Update Apple Inc. 2016/03/28 2.69 MB 2.2.0.150
ApplicationManager 2011.4.27.209 kingsoft 2013/06/19 2011.4.27.209
ArcheAge XLGAMES 2013/06/19
ArcheAge GameOn 2015/09/20 1
Archeblade CodeBrush Games 2014/04/06
AV Voice Changer Software 7.0 AVSOFT Corp. 2015/05/04 7.0.59
AV Voice Changer Software DIAMOND 8.0 AVSOFT Corp. 2015/05/04 8.0.21
Bamboo Dock Wacom Co., Ltd. 2015/07/20 4.1
Battle.net Blizzard Entertainment 2016/04/27
Battlefield 4™ Electronic Arts 2016/05/09 29.2 GB 1.7.2.45672
Battlelog Web Plugins EA Digital Illusions CE AB 2015/06/19 2.7.1
Bonjour Apple Inc. 2016/02/21 2.01 MB 3.1.0.1
BUFFALO AirStation おたすけナビ BUFFALO INC. 2014/03/24 2.99 MB 1.0.0
BUFFALO AirStation倍速設定ツール(アンインストール) 2014/03/23
BUFFALO エアステーション設定ツール BUFFALO INC. 2015/07/31 2.95 MB 2.0.12
BUFFALO クライアントマネージャV をアンインストール Buffalo Inc. 2015/08/27 13.2 MB 1.5.4
BUFFALO パソコン環境表示ツール BUFFALO INC. 2014/03/24 1.0.3
Caesium バージョン 1.7.0 Matteo Paonessa 2014/07/05 60.2 MB 1.7.0
CCleaner Piriform 2016/04/21 5.16
Common GameOn 2015/09/20 41213256
CoreMasters Gamepot 2014/05/13 9.22 MB 1.0
Counter-Strike: Global Offensive Valve 2015/03/18
CyberLink BD_3D Advisor 2.0 CyberLink Corp. 2014/03/21 2.0.5425
CyberLink Media Suite 10 CyberLink Corp. 2014/03/21 904 MB 10.0
CyberLink PowerProducer 5.5 CyberLink Corp. 2014/03/21 168 MB 5.5.3.4118
DARK SOULS™ II FromSoftware, Inc 2014/05/09
DC-Bass Source 1.3.0 2014/05/21
DirectVobSub 2.40.4209 MPC-HC Team 2014/05/21 2.10 MB 2.40.4209
DivXセットアップ DivX, LLC 2014/05/21 2.6.1.8
Don't Starve Together Beta Klei Entertainment 2014/12/27
Dragon's Dogma Online CAPCOM CO., LTD. 2015/08/31 71.4 MB 1.00.0000
Dungeon Defenders Trendy Entertainment 2014/08/08
Dxtory バージョン 2.0.126 ExKode Co. Ltd. 2014/04/16 34.2 MB 2.0.126
ffdshow v1.1.4399 [2012-03-22] 2014/05/21 13.2 MB 1.1.4399.0
FINAL FANTASY XIV - A Realm Reborn SQUARE ENIX CO., LTD. 2015/01/05 1.0.0000
FMEAutomator 3 ぶれぼ 2015/05/23 4.55 MB 3.3.1.0
Gamepot Web実行環境 Gamepot 2014/05/13 308 KB 1.1.0
Gaming mouse Driver Togran 2016/03/03 1.0
GIMP 2.8.14 The GIMP Team 2015/04/12 267 MB 2.8.14
Glyph Trion Worlds, Inc. 2014/12/06 77.3 MB
Google Chrome Google Inc. 2016/03/19 50.0.2661.102
Guns of Icarus Online Muse Games 2014/05/09
Gyazo 3.2.1 Nota Inc. 2016/03/02 22.9 MB
Haali Media Splitter 2014/05/21
Hearthstone Blizzard Entertainment 2016/04/27
iCloud Apple Inc. 2016/02/21 119 MB 5.1.0.34
Intel(R) C++ Redistributables on Intel(R) 64 Intel Corporation 2016/05/12 33.7 MB 15.0.179
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/06/19 54.8 MB 1.0.0.35342
Intel(R) Management Engine Components Intel Corporation 2012/01/20 8.0.1.1399
Intel(R) OpenCL CPU Runtime Intel Corporation 2013/06/19
Intel(R) Processor Graphics Intel Corporation 2013/06/19 9.17.10.2932
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2012/01/27 1.0.3.214
Intel® Trusted Connect Service Client Intel Corporation 2013/06/19 10.6 MB 1.23.219.2
iTunes Apple Inc. 2016/03/28 215 MB 12.3.3.17
Janetter 4.3.1.0 Jane, Inc. 2016/04/16
Java 8 Update 77 Oracle Corporation 2016/04/03 89.1 MB 8.0.770.3
Java 8 Update 77 (64-bit) Oracle Corporation 2016/04/03 23.4 MB 8.0.770.3
Kingsoft Office 2013 (9.1.0.4586) Kingsoft Corp. 2014/06/26 9.1.0.4586
Lagarith Lossless Codec (1.3.27) 2014/05/21 1.02 MB
LAME v3.99.3 (for Windows) 2014/05/21 1.52 MB
League of Legends Riot Games 2016/03/16 3.0.1
Left 4 Dead 2 Valve 2014/04/12
Lethal League Team Reptile 2014/12/31
LINE LINE Corporation 2016/04/23 4.6.1.931
McAfee Security Scan Plus McAfee, Inc. 2016/04/06 10.2 MB 3.11.309.1
Medal of Honor (TM) Electronic Arts 2014/11/18 38.3 MB 1.0.0.0
METAL SLUG 3 DotEmu 2014/12/02
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/02/14 38.8 MB 4.6.01055
Microsoft .NET Framework 4.6.1 (日本語) Microsoft Corporation 2016/02/14 2.93 MB 4.6.01055
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2015/02/28 1.59 MB 4.0.40804.0
Microsoft Office IME 2010 (Japanese) Microsoft Corporation 2015/06/06 14.0.6119.5000
Microsoft OneDrive Microsoft Corporation 2014/03/21 26.7 MB 17.0.4024.1220
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/06/19 1.72 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014/03/21 300 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2014/03/24 620 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2014/05/21 786 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2014/03/21 594 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2014/03/23 228 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2014/03/21 598 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2015/05/10 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/05/10 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2016/05/12 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Corporation 2016/05/09 11.0.60610.1
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/05/10 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2016/05/09 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2016/05/12 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2015/09/24 17.1 MB 12.0.30501.0
Monaco Pocketwatch Games 2014/04/06
MorphVOX Junior Screaming Bee 2015/05/04 9.22 MB 2.8.1
Mozilla Firefox 45.0 (x86 ja) Mozilla 2016/03/19 88.3 MB 45.0
Mozilla Maintenance Service Mozilla 2016/03/19 231 KB 45.0
Niconico Live Encoder niwango, inc. 2015/05/23 2.0.4
NVIDIA 3D Vision コントローラー ドライバー 364.44 NVIDIA Corporation 2016/04/08 364.44
NVIDIA 3D Vision ドライバー 364.72 NVIDIA Corporation 2016/04/08 364.72
NVIDIA GeForce Experience 2.11.3.5 NVIDIA Corporation 2016/05/08 2.11.3.5
NVIDIA HD オーディオ ドライバー 1.3.34.4 NVIDIA Corporation 2016/04/08 1.3.34.4
NVIDIA PhysX システム ソフトウェア 9.15.0428 NVIDIA Corporation 2016/01/28 9.15.0428
NVIDIA グラフィックス ドライバー 364.72 NVIDIA Corporation 2016/04/08 364.72
Open Broadcaster Software 2014/03/26
OpenSource Flash Video Splitter 1.0.0.5 2014/05/21 1.0.0.5
Origin Electronic Arts, Inc. 2014/04/03 9.4.6.2792
osu! ppy Pty Ltd 2014/10/11 123 MB latest
Overwolf Overwolf Ltd. 2016/05/03 0.94.19.0
paint.net dotPDN LLC 2015/05/11 26.2 MB 4.0.5
PAYDAY 2 OVERKILL - a Starbreeze Studio. 2014/06/01
PHANTASY STAR ONLINE 2 SEGA 2016/04/22 7.13 MB
Picasa 3 Google, Inc. 2015/03/11 3.9
Plants vs. Zombies™ Electronic Arts, Inc. 2014/05/17 99.6 MB 1.2.0.1093
Pmangインストールマネージャー GameOn,Pmang 2015/09/20 1.0.1.1
Pool Nation Cherry Pop Games 2014/05/09
PunkBuster Services Even Balance, Inc. 2014/04/19 0.993
QuickTime 7 Apple Inc. 2016/02/21 69.1 MB 7.79.80.95
Realtek Ethernet Controller Driver Realtek 2013/06/19 7.48.823.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/06/19 6.0.1.6482
Robocraft Freejam 2014/08/10
ROCCAT Kone Pure Mouse Driver Roccat GmbH 2016/03/04 13.0 MB
Rocket League Psyonix 2015/08/01
Saezuri UNKNOWN 2016/04/16 1.0.0
Sid Meier's Civilization V Firaxis Games 2016/03/21
Skype Click to Call Microsoft Corporation 2016/05/07 22.0 MB 8.1.0.9134
Skype(TM) 7.22 Skype Technologies S.A. 2016/05/07 80.4 MB 7.22.109
Space Engineers Keen Software House 2015/02/23
StationTV S PIXELA 2016/02/22 1.01.0012.1
Steam Valve Corporation 2014/03/25
Super Hexagon Terry Cavanagh 2015/12/23
Team Fortress 2 Valve 2015/05/02
TeamSpeak 3 Client TeamSpeak Systems GmbH 2016/05/07 3.0.19.1
Trove Trion Worlds, Inc. 2014/12/07
TuxGuitar Herac 2016/01/13 10.6 MB 1.2
TweetDeck Twitter 2014/06/14 69.9 MB 3.3.7
Unity Web Player Unity Technologies ApS 2014/04/03 12.0 MB
Viscera Cleanup Detail RuneStorm 2014/04/08
Viscera Cleanup Detail: alpha v0.25 RuneStorm
2014/04/08
Viscera Cleanup Detail: Santa's Rampage RuneStorm 2014/04/08
Viscera Cleanup Detail: Shadow Warrior RuneStorm 2014/04/08
Vulkan Run Time Libraries 1.0.5.1 LunarG, Inc. 2016/04/08 1.66 MB 1.0.5.1
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2015/07/20 2.1.0.7
WebTablet FB Plugin 64 bit Wacom Technology Corp. 2015/07/20 2.1.0.7
Windows Live Essentials Microsoft Corporation 2014/03/21 16.4.3522.0110
Windows Live Sync Microsoft Corporation 2013/06/19 2.76 MB 14.0.8089.726
WinRAR 5.01 (64ビット) win.rar GmbH 2014/03/25 5.01.0
wisen wizard wisen wizard 2014/05/05 2.35 MB 2014.05.04.130732
XSplit Broadcaster SplitmediaLabs 2014/10/17 109 MB 1.3.1403.1202
Xvid Video Codec Xvid Team 2014/05/21 1.3.2
やります!アンコちゃん co278640 2014/04/11
カスペルスキー インターネット セキュリティ Kaspersky Lab 2014/03/21 14.0.0.4651
バッファロー らくらくアップデートツール Buffalo Inc. 2014/03/27 11.0 MB 1.12
バトルフィールド 3 Electronic Arts 2014/04/07 1.6.0.0
ワコム Wacom Technology Corp. 2015/07/20 5.3.5-3
  • らすかる
  • 2016/05/15 (Sun) 04:14:15
返信フォームへ 
甘損牡丹の削除から
おはようございます。
ここの管理人の悪代官です。
夜8時45分頃に成敗されるのが嫌なので、日アサ8時45分頃の美少女戦隊にお仕置きされてます。
アコギな真似はおやめなさーいっっっ!(←それ悪代官側のセリフじゃないから

説明とログを見せていただきました。

>数ヶ月前にOneSystemCareというウイルスの感染を許してしまい、そこからDNSUnlockerなどにも感染してしまいました。
>既にシステムの復元や、AdwCleaner、2014年版?のカスペルスキーでの削除やスキャンは試しました。

>webページが開けても変なURLを読み込んでいて不安で仕方がないです
>ウイルスに感染して面白いことと言えばカスペルスキーのバナーブロック件数が50000件を超えることくらいです

なるほど、悪名高いDNSUnlocker系に入り込まれてますか。
ですが感染してバナーブロック発生が面白いというのはなかなかの強者ですね。
まあよほどの深刻な感染でなければあまり不安がらないことも重要です。
疑心暗鬼にとらわれてしまうと、ネット上の検索で見つけた効果も薄い「偽セキュリティツール」を次々と使ったあげく更なる感染被害を重ねてしまう方も多いので。
ここでの作業においては全部片付くまでにはどうしてもそれなりの手間は覚悟してもらう必要はあるので時間はかかってもいいですから落ち着いてひとつずつ確実に作業していってください。
【お覚悟はよろしくて?】(違

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」(通称:GU)
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

最初にWindowsUpdateの確認して、必要な更新があればそれを全部更新してください。
ですがそこで更新ができないようならこの後に説明する作業はせずに更新失敗の旨をレスで教えてください。
WUが正常にできなくすることで、感染の解析処置を阻害してくる危険なマルウェアが激増しているためです。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

なお、Windows10への更新はユーザー自身がよほど必要でなければ非推奨です。
http://www.japan-secure.com/entry/Windows_Update_7.html
http://www.japan-secure.com/entry/how_to_suppress_the_free_upgrade_of_Windows_10.html

少なくとも下記のアプリは旧バージョンです。
>DirectVobSub 2.40.4209 MPC-HC Team 2014/05/21 2.10 MB 2.40.4209

>DivXセットアップ DivX, LLC 2014/05/21 2.6.1.8

>ffdshow v1.1.4399 [2012-03-22] 2014/05/21 13.2 MB 1.1.4399.0

>GIMP 2.8.14 The GIMP Team 2015/04/12 267 MB 2.8.14

>Mozilla Firefox 45.0 (x86 ja) Mozilla 2016/03/19 88.3 MB 45.0

>Xvid Video Codec Xvid Team 2014/05/21 1.3.2

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。
それと下記はアンインストールと、以後は非使用も検討ください。
>QuickTime 7 Apple Inc. 2016/02/21 69.1 MB 7.79.80.95

Windows版のQuickTimeはサポート終了したので、以後は脆弱性や不具合が出ても修正されません。

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

GUを使って下記をアンインストールしてください。
>Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2016/05/13 219 MB 15.016.20039

>Adobe Shockwave Player 12.1 Adobe Systems, Inc. 2015/06/02 12.1.8.158

>Java 8 Update 77 Oracle Corporation 2016/04/03 89.1 MB 8.0.770.3

>Java 8 Update 77 (64-bit) Oracle Corporation 2016/04/03 23.4 MB 8.0.770.3

pdfアプリが必要なら、下記を入れておくといいでしょう。
http://www.forest.impress.co.jp/library/software/pdfxchange/

今度はPCをセーフモードで起動してください(やり方↓)
http://www.pc-master.jp/sousa/s-safemode.html

セーフモードでGUを使って、下記をアンインストールしてください。
>Amazon Assistant Amazon 2016/04/03 2.3.4

>McAfee Security Scan Plus McAfee, Inc. 2016/04/06 10.2 MB 3.11.309.1

>WinRAR 5.01 (64ビット) win.rar GmbH 2014/03/25 5.01.0

>wisen wizard wisen wizard 2014/05/05 2.35 MB 2014.05.04.130732

HJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。
>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll

>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll

>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

>O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe

必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。

ここでPCを通常モードで再起動してから、スタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。
  • 悪代官
  • 2016/05/15 (Sun) 06:13:05
返信フォームへ 
Re: 広告やポップアップに悩まされています
お早い返信ありがとうございます。

バナーブロック件数を今まで多くて10件ほどしか見たことがなかったので、50000なんて数を見て笑ってしまいました、笑


作業を進めていたのですが、セーフモードで起動しHJTでの削除の作業での、項目が一つも見当たりませんでした。
作業後、IEとFirefoxのトップページを確認したところ甘損ではなく通常のスタートページに戻っていました。
Chromeはよく使うので設定をすぐ変えてしまったのでわかりません。
DNSUnlockerなどは相変わらずといった感じです。


取り直した各データのログを以下に貼ります、お忙しいところありがとうございます。



● HJTのログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:40:03, on 2016/05/15
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)

FIREFOX: 46.0.1 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMECMNT.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Program Files (x86)\PIXELA\StationTV_S\StationTV_S.exe
C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Common Files\Overwolf\0.94.19.0\OverwolfHelper.exe
C:\Program Files (x86)\Overwolf\0.94.19.0\Purplizer\Purplizer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Janetter2\bin\Janetter.exe
D:\Janetter2\bin\janettersrv.exe
D:\Janetter2\bin\Janetter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (file missing)
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files (x86)\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [IME14 JPN Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
O4 - HKLM\..\Run: [Dare-U mouse] "C:\Program Files (x86)\Gaming Mouse\Monitor.exe"
O4 - HKLM\..\Run: [RoccatKonePure] "C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE"
O4 - HKCU\..\Run: [ApplicationManager] C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
O4 - HKCU\..\Run: [Dxtory Update Checker 2.0] D:\Dxtory2.0\UpdateChecker.exe
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [StationTV_S] C:\Program Files (x86)\PIXELA\StationTV_S\StationTV_S.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'Default user')
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: AirStation おたすけナビ.lnk = C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: バナー広告対策に追加 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O9 - Extra button: セキュリティキーボード - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: 危険サイト診断 - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} - https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{685E7831-4A25-4E59-98CC-518F857F5C43}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{685E7831-4A25-4E59-98CC-518F857F5C43}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{685E7831-4A25-4E59-98CC-518F857F5C43}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Amazon 1Button App Service - Amazon Inc. - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BWH32S - Buffalo Inc. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: CyberLink Product - 2014/10/26 21:28:10 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: StationTV_S Collaborate Service (STVSCollaborateService) - Unknown owner - C:\Program Files (x86)\PIXELA\StationTV_S\STVSService.exe
O23 - Service: StationTV_S Service (STVSService) - Unknown owner - C:\Program Files (x86)\PIXELA\StationTV_S\STVSService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wireless Diagnosis (WirelessDiagnosis) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\WDTool\bwdbackground.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 17525 bytes



● CC:Windowsのログ

有効 HKCU:Run ApplicationManager Kingsoft Corp. Ltd. C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run Dxtory Update Checker 2.0 D:\Dxtory2.0\UpdateChecker.exe
有効 HKCU:Run Gyazo Nota Inc. C:\Program Files (x86)\Gyazo\GyStation.exe
有効 HKCU:Run Overwolf Overwolf LTD C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
有効 HKCU:Run StationTV_S PIXELA CORPORATION C:\Program Files (x86)\PIXELA\StationTV_S\StationTV_S.exe
有効 HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
有効 HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
無効 HKLM:Run BambooCore Wacom Europe GmbH C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
有効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
有効 HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run Dare-U mouse "C:\Program Files (x86)\Gaming Mouse\Monitor.exe"
有効 HKLM:Run DivXMediaServer C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run IME14 JPN Setup Microsoft Corporation C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
有効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RoccatKonePure ROCCAT GmbH "C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
有効 HKLM:Run SysMetrix C:\Program Files (x86)\SysMetrix\SysMetrix.exe
有効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 Startup Common AirStation おたすけナビ.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
無効 Startup Common LOLRecorder.lnk C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
有効 Startup Common クライアントマネージャV.lnk Buffalo Inc. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup User らくらくアップデートツール.lnk Buffalo Inc. C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe



● CC:スケジュールされたタスクのログ

有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task DistromaticSearchProtect-hourly C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe --start --launcher=hourly-task
有効 Task DistromaticSearchProtect-logon C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe --start --launcher=logon-task
有効 Task DistromaticUpdater-logon C:\Program Files (x86)\Amazon Browser Settings\updater.exe --launcher=logon-task
有効 Task DistromaticUpdater-periodic C:\Program Files (x86)\Amazon Browser Settings\updater.exe --launcher=periodic-task
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task GyazoUpdateTaskMachine "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
有効 Task GyazoUpdateTaskMachineDaily "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
有効 Task Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} AO Kaspersky Lab C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
有効 Task Overwolf Updater Task Overwolf LTD C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule
有効 Task WpsUpdateTask_Owner C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task
有効 Task {04EA10F0-DAF0-4ABC-B0F2-B9519BCB575B} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Owner\Downloads\Vcs_8.0.21.Diamond.Demo.jp.EXE -d C:\Users\Owner\Downloads
有効 Task {12F47C6E-91D9-4AA3-BDF1-A18CC068AA67} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Downloads\pmang_common_module (2).exe" -d C:\Users\Owner\Downloads
有効 Task {2C14D3D0-4AB0-4EDA-A396-F5C399B14F80} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WHQIF1G\PS_CS2_JP_NonRet.exe" -d C:\Users\Owner\Desktop
有効 Task {512C4F57-B580-4D13-9DD2-0D24E63AF1A4} Microsoft Corporation "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/ja/abandoninstall?source=lightinstaller&page=tsInstall
有効 Task {819AA56C-6167-48B5-B7E0-BD9274B97261} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Downloads\pmang_common_module (3).exe" -d C:\Users\Owner\Downloads
有効 Task {932424B1-14B1-41C3-ABC6-A29BB8205226} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Owner\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1



● CC:コンテキストメニューのログ

有効 Directory Kaspersky Anti-Virus Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\shellex.dll
有効 Directory SkyDriveEx Microsoft Corporation C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
有効 Drive Kaspersky Anti-Virus Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\shellex.dll
有効 File AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 File Kaspersky Anti-Virus Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\shellex.dll
有効 File PhotoStreamsExt Apple Inc. C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
有効 File SkyDriveEx Microsoft Corporation C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
有効 Folder AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 Folder Kaspersky Anti-Virus Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\shellex.dll



● CC:InternetExplorerのログ

有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
有効 Extension Skype Click to Call settings Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
有効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Extension セキュリティキーボード Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
有効 Extension セキュリティキーボード Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
有効 Extension 危険サイト診断 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
有効 Extension 危険サイト診断 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
有効 Helper Content Blocker Plugin Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
有効 Helper Content Blocker Plugin Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
無効 Helper Microsoft アカウント サインイン ヘルパー Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
無効 Helper MSS+ Identifier C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
無効 Helper Safe Money Plugin Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
無効 Helper Safe Money Plugin Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
無効 Helper Search Helper Microsoft Corp. C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
無効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
無効 Helper Skype Click to Call for Internet Explorer Microsoft Corporation C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
有効 Helper URL Advisor Plugin Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
有効 Helper URL Advisor Plugin Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
無効 Helper Virtual Keyboard Plugin Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
無効 Helper Virtual Keyboard Plugin Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
無効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll



● CC:firefoxのログ

無効 Extension 14.0.0.4971 default Firefox 46.0.1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
有効 Extension Firefox Hello 1.2.6 Mozilla default Firefox 46.0.1 C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.0 default Firefox 46.0.1 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0 default Firefox 46.0.1 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Plugin AdobeAAMDetect 3.0.0.0 Adobe Systems default Firefox 46.0.1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
有効 Plugin Battlelog Game Launcher 2.7.1.0 EA Digital Illusions CE AB default Firefox 46.0.1 C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll
有効 Plugin Gamepot Execution Environment 1.0.0.3 Gamepot Inc. default Firefox 46.0.1 C:\Program Files (x86)\Gamepot\GPEXE\npGPEXE.dll
有効 Plugin Google Update 1.3.30.3 Google Inc. default Firefox 46.0.1 C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
有効 Plugin Intel® Identity Protection Technology 2.0.59.0 Intel Corporation default Firefox 46.0.1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin Intel® Identity Protection Technology 2.0.59.0 Intel Corporation default Firefox 46.0.1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default Firefox 46.0.1 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin NVIDIA 3D Vision 7.17.13.6472 NVIDIA Corporation default Firefox 46.0.1 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
有効 Plugin NVIDIA 3D VISION 7.17.13.6472 NVIDIA Corporation default Firefox 46.0.1 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
有効 Plugin OpenH264 Video Codec 1.5.3 Mozilla Corporation default Firefox 46.0.1 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\arzmwncy.default\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
有効 Plugin Photo Gallery 16.4.3522.110 Microsoft Corporation default Firefox 46.0.1 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin Picasa 3.0.0.0 default Firefox 46.0.1 D:\縺シ縺九@\Picasa3\npPicasa3.dll
有効 Plugin Primetime Content Decryption Module provided by Adobe Systems, Incorporated 15 Adobe Systems Inc default Firefox 46.0.1 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\arzmwncy.default\gmp-eme-adobe\15\eme-adobe.dll
有効 Plugin Shockwave Flash 21.0.0.242 Adobe Systems Incorporated default Firefox 46.0.1 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
有効 Plugin Unity Player 4.3.5.32006 Unity Technologies ApS default Firefox 46.0.1 C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
有効 Plugin WacomTabletPlugin 2.1.0.7 Wacom default Firefox 46.0.1 C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll



● CC:GoogleChromeのログ

無効 Extension Momentum 0.80.1 最初のユーザー C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca\0.80.1_0
有効 Extension My Chrome テーマ 2.1 最初のユーザー C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.1_0
有効 Extension グランブルーファンタジー[ChromeApps版] 1.3.8 最初のユーザー C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilbkckngf\1.3.8_0
  • らすかる
  • 2016/05/15 (Sun) 13:49:37
返信フォームへ 
次はCCでの処置から
レスが遅くなってすみません。
さっきまで風呂入ってました(←うちの風呂には由○かおるはいません

>作業を進めていたのですが、セーフモードで起動しHJTでの削除の作業での、項目が一つも見当たりませんでした。
>作業後、IEとFirefoxのトップページを確認したところ甘損ではなく通常のスタートページに戻っていました。
>Chromeはよく使うので設定をすぐ変えてしまったのでわかりません。
>DNSUnlockerなどは相変わらずといった感じです。

はい、わかりました。
作業途中で見えないor処置できないところはスルーして進めていいです。
状態は少し沈静化したようですがDNSはしぶとく食い込んでますね。

ではまた説明に沿って続きの作業をお願いします。

先の要領でまたCC起動して「スケジュール」タブ内の下記を右クリックから「無効」にしたあと「エントリの削除」してください。無効化できないときはそのまま削除でもいいです。
有効 Task DistromaticSearchProtect-hourly C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe --start --launcher=hourly-task

有効 Task DistromaticSearchProtect-logon C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe --start --launcher=logon-task

有効 Task DistromaticUpdater-logon C:\Program Files (x86)\Amazon Browser Settings\updater.exe --launcher=logon-task

有効 Task DistromaticUpdater-periodic C:\Program Files (x86)\Amazon Browser Settings\updater.exe --launcher=periodic-task

CCを終了したら次は下記のツールを準備してください。
「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/

ダウンロード
https://www.malwarebytes.org/mwb-download/thankyou/
ファイル直リンです。保存しておいてください。

使い方の説明サイト
http://www.gigafree.net/security/MalwarebytesAnti-MalwareFree.html

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

両ツールのアップデートができたらディスククリーンアップを使ってゴミファイルの掃除したあと、PCをセーフモードで再起動してしてください。

続いてPCをセーフモード起動してから、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

ACでの作業ができたら次はMBAMの作業です。
またセーフモード起動してからMBAM起動してスキャンしてください。
MBAM起動したら「スキャン」タブで「カスタムスキャン」選択後、Cドライブを含む全ドライブを選択してください。
それとルートキットスキャンの項目もチェック入れておいてください。

この形でスキャンすると時間はかかりますができるだけ細かくスキャンするためです。

両ツールのスキャンの順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、画面右下にその結果を知らせるメッセージが出るので、それを押すとその結果が表示されるはずです。
そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとしばらくPC状態を様子見後、作業後に保存したACとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。
  • 悪代官
  • 2016/05/15 (Sun) 20:54:54
返信フォームへ 
Re: 広告やポップアップに悩まされています
すいません、レスが遅れました。

ご指示ありがとうございます、作業完了しました。

ですが、MBAMでのスキャン後の画面右下に出るメッセージを押しておらず、ログを保存し損ねてしまいました。
通常モードでの起動後にMBAMの「History」→「アプリケーションログ」の欄から二種類のログをエクスポートしましたのでそちらを貼らせていただきます。
本当にすいません。

作業後の状態ですが、IE,FireFox,GoogleChromeでサイトを見て回ったのですが3つともDNSUnlockerの広告、ポップアップ、新規タブでの広告表示なども見られません。

各ログを以下に貼ります、お忙しいところすいません。


● ACのログ

# AdwCleaner v5.034 - ログファイルの作成日 18/03/2016 作成時間 23:59:58
# 更新日 16/02/2016 作成元 Xplode
# データベース : 2016-02-16.2 [ローカル]
# オペレーティングシステム : Windows 7 Professional Service Pack 1 (x64)
# ユーザー名 : Owner - OWNER-PC
# 実行場所 : D:\NightCore\adwcleaner_5.034.exe
# オプション : 削除
# サポート : http://toolslib.net/forum

***** [ サービス ] *****


***** [ フォルダ ] *****

[-] フォルダ 削除済み項目 : C:\Program Files (x86)\DNS Unlocker
[#] フォルダ 削除済み項目 : C:\Program Files (x86)\OneSystemCare
[-] フォルダ 削除済み項目 : C:\ProgramData\{0a807d61-112c-0}
[-] フォルダ 削除済み項目 : C:\ProgramData\{168f5a63-012c-1}
[-] フォルダ 削除済み項目 : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] フォルダ 削除済み項目 : C:\Users\Owner\AppData\Roaming\One System Care
[-] フォルダ 削除済み項目 : C:\Users\Owner\Documents\Updater

***** [ ファイル ] *****

[-] ファイル 削除済み項目 : C:\Users\Public\Desktop\Launch One System Care.lnk
[-] ファイル 削除済み項目 : C:\Windows\uninstaller.exe

***** [ DLLs ] *****


***** [ ショートカット ] *****


***** [ スケジュールタスク ] *****

[-] タスク 削除済み項目 : One System CarePeriod
[-] タスク 削除済み項目 : One System Care Monitor
[-] タスク 削除済み項目 : One System Care Task

***** [ レジストリ ] *****

[-] キー 削除済み項目 : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] 値 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] キー 削除済み項目 : HKCU\Software\distromatic
[-] キー 削除済み項目 : HKCU\Software\One System Care
[-] キー 削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] キー 削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] データ 復元済み項目 : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{685E7831-4A25-4E59-98CC-518F857F5C43} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{685E7831-4A25-4E59-98CC-518F857F5C43} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{685E7831-4A25-4E59-98CC-518F857F5C43} [NameServer]
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hamachi.softonic.jp
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\jp.hao123.com
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.jp
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\spigotmc.org
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.spigotmc.org

***** [ Webブラウザ ] *****

[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] 削除済み項目 : aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] 削除済み項目 : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] 削除済み項目 : pbjikboenpfhbbejgkoklgkhjpfogcam

*************************

:: "Tracing"キーは削除します
:: Winsock設定を初期化しました

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4055 バイト] ##########
# AdwCleaner v5.117 - Logfile created 17/05/2016 at 02:45:27
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\57d8a2f5
[-] Folder Deleted : C:\ProgramData\6cd159a1-04a3-1
[-] Folder Deleted : C:\ProgramData\6cd159a1-05d1-0
[-] Folder Deleted : C:\ProgramData\6cd159a1-1043-1
[-] Folder Deleted : C:\ProgramData\6cd159a1-1071-0
[-] Folder Deleted : C:\ProgramData\6cd159a1-14b1-1
[-] Folder Deleted : C:\ProgramData\6cd159a1-17c7-0
[-] Folder Deleted : C:\ProgramData\6cd159a1-1dd3-1
[-] Folder Deleted : C:\ProgramData\6cd159a1-2857-0
[-] Folder Deleted : C:\ProgramData\6cd159a1-29e7-1
[-] Folder Deleted : C:\ProgramData\6cd159a1-3ec7-1
[-] Folder Deleted : C:\ProgramData\6cd159a1-41f5-1
[-] Folder Deleted : C:\ProgramData\6cd159a1-4c65-1
[-] Folder Deleted : C:\ProgramData\6cd159a1-4d77-0
[-] Folder Deleted : C:\ProgramData\6cd159a1-5493-0
[-] Folder Deleted : C:\ProgramData\6cd159a1-65f1-0
[-] Folder Deleted : C:\ProgramData\6cd159a1-6db1-0
[-] Folder Deleted : C:\ProgramData\7fb86241-0073-1
[-] Folder Deleted : C:\ProgramData\7fb86241-1487-0
[-] Folder Deleted : C:\ProgramData\7fb86241-1591-0
[-] Folder Deleted : C:\ProgramData\7fb86241-2123-0
[-] Folder Deleted : C:\ProgramData\7fb86241-4403-1
[-] Folder Deleted : C:\ProgramData\7fb86241-5cb7-0
[#] Folder Deleted : C:\ProgramData\Application Data\57d8a2f5
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-04a3-1
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-05d1-0
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-1043-1
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-1071-0
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-14b1-1
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-17c7-0
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-1dd3-1
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-2857-0
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-29e7-1
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-3ec7-1
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-41f5-1
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-4c65-1
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-4d77-0
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-5493-0
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-65f1-0
[#] Folder Deleted : C:\ProgramData\Application Data\6cd159a1-6db1-0
[#] Folder Deleted : C:\ProgramData\Application Data\7fb86241-0073-1
[#] Folder Deleted : C:\ProgramData\Application Data\7fb86241-1487-0
[#] Folder Deleted : C:\ProgramData\Application Data\7fb86241-1591-0
[#] Folder Deleted : C:\ProgramData\Application Data\7fb86241-2123-0
[#] Folder Deleted : C:\ProgramData\Application Data\7fb86241-4403-1
[#] Folder Deleted : C:\ProgramData\Application Data\7fb86241-5cb7-0

***** [ Files ] *****

[-] File Deleted : C:\Windows\uninstaller.exe

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SystemCash.exe]
[-] Value Deleted : HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SystemCash.exe]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57d8a2f5}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ads.clipconverter.cc
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\clipconverter.cc
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKCU\Software\distromatic
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3789204616-4169482505-2587553410-1002\Software\AskPartnerNetwork
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{685E7831-4A25-4E59-98CC-518F857F5C43} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\utop.it
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9731 bytes] - [18/03/2016 23:59:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [1620 bytes] - [19/03/2016 00:04:20]
C:\AdwCleaner\AdwCleaner[C3].txt - [1544 bytes] - [19/03/2016 06:24:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [9974 bytes] - [18/03/2016 23:58:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [1610 bytes] - [19/03/2016 00:01:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [1610 bytes] - [19/03/2016 00:03:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [1610 bytes] - [19/03/2016 00:06:21]
C:\AdwCleaner\AdwCleaner[S5].txt - [1538 bytes] - [19/03/2016 03:11:15]
C:\AdwCleaner\AdwCleaner[S6].txt - [1538 bytes] - [19/03/2016 06:23:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10388 bytes] ##########



● MBAMのログ1

Malwarebytes Anti-Malware
www.malwarebytes.org

スキャン日付: 2016/05/17
スキャン時刻: 2:50
ログファイル: mbam1.txt
管理者: はい

バージョン: 2.2.1.1043
マルウェアデータベース: v2016.05.16.04
ルートキットデータベース: v2016.05.06.01
ライセンス: 無料版
マルウェア保護機能: 無効
悪質ウェブサイト保護機能: 無効
自己防衛: 無効

OS: Windows 7 Service Pack 1
CPU: x64
ファイルシステム: NTFS
ユーザー: Owner

スキャン形式: カスタムスキャン
結果: 完了しました
スキャンされたオブジェクト数: 1282650
経過時間: 2 時間, 6 分, 11 秒

メモリ: 有効
スタートアップ: 有効
ファイルシステム: 有効
アーカイブ: 有効
ルートキット: 無効
ヒューリスティック: 有効
PUP: 有効
PUM: 有効

プロセス: 0
(なし悪意のある項目を検出)

モジュール: 0
(なし悪意のある項目を検出)

レジストリキー: 3
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CDD85679-531A-430B-8D80-C99B88302ADD}, 隔離, [a3f13a9c1f7ab87e873cd2ffe61d966a],
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSLOCKINGTON, 隔離, [3a5ae4f29504fb3bb50f329fe320e41c],
PUP.Optional.Wisenwizard, HKLM\SOFTWARE\WOW6432NODE\wisen wizard, 隔離, [276dfdd91782c670b19e0591e91aac54],

レジストリ値: 1
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CDD85679-531A-430B-8D80-C99B88302ADD}|Path, \DNSLOCKINGTON, 隔離, [a3f13a9c1f7ab87e873cd2ffe61d966a]

レジストリデータ: 1
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, 良: (8.8.8.8), 悪: (82.163.142.7 95.211.158.134),置換,[74209046594038fe86683612ce36f907]

フォルダー: 0
(なし悪意のある項目を検出)

ファイル: 3
PUP.Optional.InstallCore, F:\C\Users\Owner\Downloads\UltimateCodec.exe, 隔離, [118380564b4ece682dbcb04fe41f1ce4],
PUP.Optional.InstallCore, F:\fav\download\UltimateCodec.exe, 隔離, [870d1bbb693052e4b336649bf80bc739],
PUP.Optional.DNSUnlocker.ACMB2, C:\AdwCleaner\Quarantine\C\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll.vir, 隔離, [8c08a135dfba0f273e9207c2e819e31d],

物理セクタ: 0
(なし悪意のある項目を検出)


(end)



● MBAMのログ2

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 2016/05/17 2:25, SYSTEM, OWNER-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.5.6.1,
Update, 2016/05/17 2:25, SYSTEM, OWNER-PC, Manual, Remediation Database, 2016.2.12.1, 2016.5.16.1,
Update, 2016/05/17 2:25, SYSTEM, OWNER-PC, Manual, IP Database, 2016.2.8.1, 2016.5.13.3,
Update, 2016/05/17 2:25, SYSTEM, OWNER-PC, Manual, Domain Database, 2016.2.16.8, 2016.5.16.4,
Update, 2016/05/17 2:25, SYSTEM, OWNER-PC, Manual, Malware Database, 2016.2.16.6, 2016.5.16.4,
Update, 2016/05/17 2:50, SYSTEM, OWNER-PC, Manual, Failed, No Internet connection detected,
Scan, 2016/05/17 7:34, SYSTEM, OWNER-PC, Manual, 開始: 2016/05/172:50, 期間: 2 hr 6 分 11 秒, カスタムスキャン, 完了しました, 1 のマルウェアの検出, 7 - マルウェア検出,

(end)
  • らすかる
  • 2016/05/17 (Tue) 18:12:15
返信フォームへ 
次回は更にレスが遅れます
今夜は特にレスが遅くなってすみません。
うちの回線障害でネット上に出てこれませんでした。

>作業後の状態ですが、IE,FireFox,GoogleChromeでサイトを見て回ったのですが3つともDNSUnlockerの広告、ポップアップ、新規タブでの広告表示なども見られません。

はい、まずは沈静化成功ですね。
両ログを見ると、やはり多数の検出処置出てますね。
処置もできたならそれでいいです。

では引き続き別のツールで更に踏み込んで調べます。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで1万文字以内に分割して、複数回に分けてレス送信してください。
1万文字を越えた投稿はfc2の文字数制限で途切れてしまうためです。
http://www1.odn.ne.jp/megukuma/count.htm

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです。

それと、都合で明日は自分はレスできそうにないので、次回のレスは明後日以降になるのをご了承ください
  • 悪代官
  • 2016/05/17 (Tue) 20:42:06
返信フォームへ 
Re: 広告やポップアップに悩まされています
すいません、かなり時間が空いてしまいました。

スキャンを終えましたのでOTLのログを以下に貼っておきます、よろしくお願いします。



●OTL.txt

OTL logfile created on: 2016/05/25 15:05:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.96 Gb Total Physical Memory | 11.85 Gb Available Physical Memory | 74.24% Memory free
31.92 Gb Paging File | 26.93 Gb Available in Paging File | 84.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 9.19 Gb Free Space | 8.23% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1207.39 Gb Free Space | 64.81% Space Free | Partition Type: NTFS
Drive F: | 2794.52 Gb Total Space | 274.06 Gb Free Space | 9.81% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/05/25 14:12:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
PRC - [2016/05/19 19:47:56 | 000,045,296 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
PRC - [2016/05/11 21:04:17 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016/05/08 19:58:44 | 000,182,000 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\Purplizer.exe
PRC - [2016/05/08 19:58:44 | 000,077,552 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Common Files\Overwolf\0.94.107.0\OverwolfHelper.exe
PRC - [2016/05/02 15:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/05/02 14:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016/03/22 11:10:00 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2016/02/17 05:42:32 | 003,586,848 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2015/09/17 05:59:30 | 002,258,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
PRC - [2015/09/17 05:59:22 | 002,292,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2015/09/15 08:09:46 | 000,174,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
PRC - [2015/09/15 08:09:16 | 000,669,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
PRC - [2015/09/11 19:01:52 | 031,958,688 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2015/07/29 19:32:32 | 004,349,080 | ---- | M] (Jane,Inc.) -- D:\Janetter2\bin\JanetterSrv.exe
PRC - [2015/07/15 19:57:58 | 001,011,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2015/07/14 15:14:24 | 000,212,952 | ---- | M] (Buffalo Inc.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
PRC - [2015/07/06 14:55:42 | 000,139,568 | ---- | M] (Buffalo Inc.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
PRC - [2014/12/17 21:16:36 | 001,005,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2014/09/03 18:45:38 | 010,858,280 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\StationTV_S\StationTV_S.exe
PRC - [2014/09/03 18:45:38 | 000,025,384 | ---- | M] () -- C:\Program Files (x86)\PIXELA\StationTV_S\STVSService.exe
PRC - [2014/04/19 22:29:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/01/28 16:11:52 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2014/01/20 10:46:50 | 000,561,152 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
PRC - [2013/09/25 17:02:32 | 000,179,976 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2013/06/28 19:23:10 | 002,260,592 | ---- | M] (Jane, Inc.) -- D:\Janetter2\bin\Janetter.exe
PRC - [2013/03/08 15:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/10/08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/01/27 02:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/20 17:35:24 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/01/20 17:35:22 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/01/20 17:35:18 | 000,128,280 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/01/20 17:35:08 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/08/30 11:37:00 | 000,860,608 | ---- | M] (Kingsoft Corp. Ltd.) -- C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
PRC - [2011/03/31 11:54:08 | 000,216,440 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
PRC - [2011/03/31 11:53:58 | 000,230,776 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\WDTool\bwdbackground.exe
PRC - [2011/03/09 14:21:54 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2016/05/12 21:53:36 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\f96faf473ed69af52095444a4e9d581e\PresentationFramework-SystemXml.ni.dll
MOD - [2016/05/12 21:53:35 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\8ea4c536da1434c796df396e7f5384c4\PresentationFramework-SystemCore.ni.dll
MOD - [2016/05/12 21:53:23 | 000,262,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\21b3f5dbe49c7be0400dd3a3994cb1b2\WindowsFormsIntegration.ni.dll
MOD - [2016/05/12 21:53:12 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P0071ad0b#\03a3686fb5f913a6d7b3716f8ab1558a\Microsoft.Practices.Prism.Interactivity.ni.dll
MOD - [2016/05/12 21:52:57 | 019,426,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a459f8b69edabf287d593a2a08c5c8d6\System.ServiceModel.ni.dll
MOD - [2016/05/12 21:52:41 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P4d3ce419#\a5d7e01da622c2fae0cc8adf4c639a64\Microsoft.Practices.ServiceLocation.ni.dll
MOD - [2016/05/12 21:52:37 | 000,099,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\b3cf11c3f770001f985f3a1a2f303852\UIAutomationProvider.ni.dll
MOD - [2016/05/12 21:52:14 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\f0ff869354778427c9cd1565ec367e53\System.Xml.Linq.ni.dll
MOD - [2016/05/12 21:51:54 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c8340415e9b8e16131fb6db9fa3a0786\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2016/05/12 21:51:38 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\017700b4ae8431dd45f88fa38324b228\System.Core.ni.dll
MOD - [2016/05/12 21:51:31 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
MOD - [2016/05/12 21:51:14 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5cbdc13bae7068a248da6dfb5cd96f69\System.Runtime.Serialization.ni.dll
MOD - [2016/05/12 09:18:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d715f0706e56d7a65af0fe35bf565013\PresentationFramework.Aero.ni.dll
MOD - [2016/05/12 09:18:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e24fa73a85564123eeb3755544d8cefc\System.ServiceProcess.ni.dll
MOD - [2016/05/12 09:18:29 | 011,923,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a3c7333fa15bc7c42d35026a80950081\System.Web.ni.dll
MOD - [2016/05/12 09:18:25 | 006,638,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8687e43ef23de4f9262530d943886112\System.Data.ni.dll
MOD - [2016/05/12 09:18:20 | 014,344,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\066eb2adc7523ed93c98ecdf1abc50af\PresentationFramework.ni.dll
MOD - [2016/05/12 09:18:13 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
MOD - [2016/05/12 09:18:13 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6a2c0b34f6f52df22c1905934d419208\PresentationCFFRasterizer.ni.dll
MOD - [2016/05/12 09:18:09 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
MOD - [2016/05/12 09:18:07 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
MOD - [2016/05/12 09:18:05 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\6354b2318a8367c3689a4a44c07ffde4\System.Configuration.ni.dll
MOD - [2016/05/12 09:18:04 | 012,260,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5582ea5a2f2d3c2e0ad6f50cf49efec8\PresentationCore.ni.dll
MOD - [2016/05/12 09:17:59 | 003,352,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b307bd80b0707bfa6ea87eb69a8e15eb\WindowsBase.ni.dll
MOD - [2016/05/12 09:17:57 | 007,996,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
MOD - [2016/05/12 03:12:03 | 019,077,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\850b1b2f3ba808cabfaa84b4703213cb\PresentationFramework.ni.dll
MOD - [2016/05/12 03:11:55 | 011,560,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\86d8696483cc81f030d41061c629fa41\PresentationCore.ni.dll
MOD - [2016/05/12 03:11:49 | 003,975,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\778c4647568c87adb6930daa13e24b88\WindowsBase.ni.dll
MOD - [2016/05/12 03:11:48 | 012,945,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7b437291b260f008653ebc86553ab462\System.Windows.Forms.ni.dll
MOD - [2016/05/12 03:11:47 | 001,871,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\2c4f2941220c9d637c098649ead31b91\Microsoft.VisualBasic.ni.dll
MOD - [2016/05/12 03:11:47 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6b3bc806e6d6a2c73c6d9f1429395698\System.Configuration.ni.dll
MOD - [2016/05/12 03:11:46 | 007,518,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a57805cc2d492d82e327b83ab24fad62\System.Core.ni.dll
MOD - [2016/05/12 03:11:44 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7ab1680c39bc1c41f147f78cbe0db0f2\PresentationFramework.Aero.ni.dll
MOD - [2016/05/12 03:11:43 | 001,876,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\347ba862763b7e7c80bdef8764ae72dc\System.Xaml.ni.dll
MOD - [2016/05/12 03:00:43 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\36599a72e79974ff4c004c43df9fce2b\System.Xml.ni.dll
MOD - [2016/05/12 03:00:41 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2b2d69274742cfa9cac75a84dbd6fdf9\System.Management.ni.dll
MOD - [2016/05/12 03:00:40 | 001,623,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48453ce4573683172752f7fdc00f8820\System.Drawing.ni.dll
MOD - [2016/05/12 03:00:39 | 009,983,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d03eb8a47500f40d5428f9c6875f8e56\System.ni.dll
MOD - [2016/05/12 03:00:39 | 000,218,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\779476f7b8e5cf194303e03c06653cc1\System.ServiceProcess.ni.dll
MOD - [2016/05/08 19:57:46 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\sqlite3.dll
MOD - [2016/05/08 19:57:46 | 000,373,657 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\plugins\libmsn.dll
MOD - [2016/05/08 19:57:46 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\sasl2\saslDIGESTMD5.dll
MOD - [2016/05/08 19:57:46 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\sasl2\saslPLAIN.dll
MOD - [2016/05/08 19:57:46 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\zlib1.dll
MOD - [2016/05/08 19:57:46 | 000,027,811 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\plugins\ssl-nss.dll
MOD - [2016/05/08 19:57:46 | 000,022,832 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\plugins\libyahoo.dll
MOD - [2016/05/08 19:57:46 | 000,021,337 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\plugins\libxmpp.dll
MOD - [2016/05/08 19:57:46 | 000,012,004 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\plugins\ssl.dll
MOD - [2016/05/08 19:57:44 | 001,274,655 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\libxml2-2.dll
MOD - [2016/05/08 19:57:44 | 000,415,553 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\libjabber.dll
MOD - [2016/05/08 19:57:44 | 000,228,908 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\libymsg.dll
MOD - [2016/05/08 19:57:44 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\libsasl.dll
MOD - [2016/05/08 19:57:44 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\Purplizer\libssp-0.dll
MOD - [2016/05/08 19:57:36 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\CoreAudioApi.dll
MOD - [2016/05/08 19:57:34 | 045,069,312 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\libcef.dll
MOD - [2016/05/08 19:57:32 | 000,262,656 | ---- | M] () -- C:\Program Files (x86)\Overwolf\0.94.107.0\OpenHardwareMonitorLib.dll
MOD - [2016/05/02 15:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016/04/14 17:59:08 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\4f0e851ac0426baeb8f222a120b7712a\UIAutomationTypes.ni.dll
MOD - [2016/04/14 17:00:11 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\0f430d444ed52f1043a6349a52fd3d27\UIAutomationProvider.ni.dll
MOD - [2016/04/14 01:22:08 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\329cc606515169bfd06a4d2529b99a31\Accessibility.ni.dll
MOD - [2016/04/14 01:22:07 | 018,111,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\affcb83bba04f782c2586a1788330891\mscorlib.ni.dll
MOD - [2015/09/15 08:08:50 | 040,523,440 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
MOD - [2015/09/15 08:08:48 | 001,365,680 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libGLESv2.dll
MOD - [2015/09/15 08:08:46 | 000,219,312 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libEGL.dll
MOD - [2015/09/11 19:01:52 | 031,958,688 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/09/11 21:42:54 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\61bea915a98d92c2748dc18d5fc594a7\UIAutomationTypes.ni.dll
MOD - [2014/09/11 21:42:54 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\0483c93466914f3fbd5b44454b0c8a98\Accessibility.ni.dll
MOD - [2014/09/11 21:42:40 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/04/30 17:23:44 | 000,162,640 | ---- | M] () -- C:\Program Files (x86)\PIXELA\StationTV_S\Pixela.IntervalList.dll
MOD - [2014/04/30 17:20:32 | 011,180,368 | ---- | M] () -- C:\Program Files (x86)\PIXELA\StationTV_S\CoreSDK.dll
MOD - [2014/03/21 07:49:19 | 002,952,704 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/06/17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2012/06/23 14:54:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll
MOD - [2012/03/27 20:32:12 | 020,108,800 | ---- | M] () -- D:\Janetter2\bin\libcef.dll
MOD - [2012/03/27 20:32:12 | 000,641,024 | ---- | M] () -- D:\Janetter2\bin\libGLESv2.dll
MOD - [2012/03/27 20:32:12 | 000,183,822 | ---- | M] () -- D:\Janetter2\bin\avformat-53.dll
MOD - [2012/03/27 20:32:12 | 000,122,368 | ---- | M] () -- D:\Janetter2\bin\libEGL.dll
MOD - [2012/03/27 20:32:12 | 000,117,262 | ---- | M] () -- D:\Janetter2\bin\avutil-51.dll
MOD - [2012/03/14 18:58:06 | 001,094,158 | ---- | M] () -- D:\Janetter2\bin\avcodec-53.dll
MOD - [2011/06/09 18:31:54 | 000,026,736 | ---- | M] () -- D:\Janetter2\bin\SendWheel.dll
MOD - [2011/04/12 16:49:00 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_ja_b77a5c561934e089\System.resources.dll
MOD - [2011/03/09 14:21:56 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2011/03/09 14:21:48 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2010/11/13 08:18:15 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089\mscorlib.resources.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2016/05/02 14:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:[b]64bit:[/b] - [2016/05/02 14:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2016/05/02 14:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:[b]64bit:[/b] - [2016/04/23 13:47:35 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2015/07/23 09:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2014/08/19 12:12:16 | 000,656,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:[b]64bit:[/b] - [2014/08/11 00:20:11 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/05/19 19:47:54 | 001,286,896 | ---- | M] (Overwolf LTD) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdater)
SRV - [2016/05/15 06:46:35 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/05/14 00:12:51 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/05/03 00:39:34 | 002,120,712 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2016/05/02 14:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016/04/29 15:52:40 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016/04/29 15:52:34 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016/03/23 19:08:24 | 000,327,808 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016/03/22 11:10:00 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2016/02/17 13:28:26 | 000,436,032 | ---- | M] (Amazon Inc.) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe -- (Amazon 1Button App Service)
SRV - [2015/11/10 11:44:38 | 000,836,176 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/11/05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2015/09/15 08:09:16 | 000,669,872 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2015/07/06 14:55:42 | 000,139,568 | ---- | M] (Buffalo Inc.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2014/09/03 18:45:38 | 000,025,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PIXELA\StationTV_S\STVSService.exe -- (STVSService)
SRV - [2014/09/03 18:45:38 | 000,025,384 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\PIXELA\StationTV_S\STVSService.exe -- (STVSCollaborateService)
SRV - [2014/04/19 22:29:42 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/28 16:11:52 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2014/01/22 17:04:00 | 005,267,776 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/09/25 17:02:32 | 000,243,464 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/20 17:35:24 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 17:35:22 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 17:35:18 | 000,128,280 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/01/20 17:35:08 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/03/31 11:53:58 | 000,230,776 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\WDTool\bwdbackground.exe -- (WirelessDiagnosis)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2016/05/02 14:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:[b]64bit:[/b] - [2016/04/14 14:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2015/12/17 02:34:16 | 000,205,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2015/06/10 23:08:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2015/03/12 17:22:16 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV:[b]64bit:[/b] - [2014/08/06 11:15:50 | 000,102,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:[b]64bit:[/b] - [2014/08/06 11:15:50 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:[b]64bit:[/b] - [2014/08/06 11:15:50 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:[b]64bit:[/b] - [2014/03/31 13:33:24 | 000,345,816 | ---- | M] (Pixela) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pxsmsbda.sys -- (pxsmsbda)
DRV:[b]64bit:[/b] - [2014/03/24 18:57:07 | 000,625,248 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2014/03/24 18:57:07 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:[b]64bit:[/b] - [2014/03/24 18:57:06 | 000,115,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:[b]64bit:[/b] - [2014/01/28 16:11:50 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:[b]64bit:[/b] - [2014/01/28 16:11:50 | 000,178,272 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:[b]64bit:[/b] - [2014/01/28 16:11:50 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2014/01/28 16:11:50 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2013/10/02 11:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/05/14 17:34:44 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:[b]64bit:[/b] - [2013/04/12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:[b]64bit:[/b] - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 23:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/01/27 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2012/01/27 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012/01/27 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2011/08/23 22:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/08/05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ucgnstax.sys -- (ucgnsta)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://applied.starthome.jp
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\SearchScopes,DefaultScope = 0633EE93-D776-472f-A0FF-E1416B8B2E3A
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\SearchScopes\{C0FF055D-678C-4F1B-AC0C-A3433BE31106}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.1.6

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.hiddenOneOffs: "Amazon.co.jp,Bing,DuckDuckGo,Google,Twitter,Wikipedia (ja),Yahoo! JAPAN,繝、繝輔が繧ッ!"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0: C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0: C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@gamepot.co.jp/GamepotEXeEnvCtrl;version=1: C:\Program Files (x86)\Gamepot\GPEXE\\npGPEXE.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\ぼかし\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll File not found
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\Common files\nppmangsupport.dll File not found
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014/12/17 21:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014/12/17 21:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014/12/17 21:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014/12/17 21:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014/12/17 21:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2016/03/19 01:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2016/05/19 23:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\arzmwncy.default\extensions
[2016/05/19 23:57:44 | 001,036,367 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\arzmwncy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/05/15 06:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilbkckngf\1.3.8_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjacokfiijjoekmldedapdpcgmcaopi\1.0_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca\0.80.1_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.1_0\

O1 HOSTS File: ([2016/05/15 07:08:57 | 000,000,830 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Microsoft アカウント サインイン ヘルパー) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\Toolbar\WebBrowser: (no name) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dare-U mouse] "C:\Program Files (x86)\Gaming Mouse\Monitor.exe" File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [IME14 JPN Setup] C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoccatKonePure] C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [SysMetrix] C:\Program Files (x86)\SysMetrix\SysMetrix.exe File not found
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002..\Run: [ApplicationManager] C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe (Kingsoft Corp. Ltd.)
O4 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002..\Run: [Dxtory Update Checker 2.0] D:\Dxtory2.0\UpdateChecker.exe File not found
O4 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf LTD)
O4 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002..\Run: [StationTV_S] C:\Program Files (x86)\PIXELA\StationTV_S\StationTV_S.exe (PIXELA CORPORATION)
O4 - HKU\.DEFAULT..\RunOnce: [iCloud] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [iCloud] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\らくらくアップデートツール.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: バナー広告対策に追加 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: バナー広告対策に追加 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O9:[b]64bit:[/b] - Extra Button: セキュリティキーボード - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: 危険サイト診断 - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: セキュリティキーボード - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: 危険サイト診断 - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007
  • らすかる
  • 2016/05/25 (Wed) 15:46:47
返信フォームへ 
Re: 広告やポップアップに悩まされています
切れたログの続きです



O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..Trusted Domains: amazon.co.jp ([]https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} https://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 220.152.39.11 220.152.39.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{685E7831-4A25-4E59-98CC-518F857F5C43}: DhcpNameServer = 220.152.39.11 220.152.39.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB839D23-F7C3-4A82-9360-D678769440FB}: DhcpNameServer = 220.152.39.11 220.152.39.12
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/06 19:24:38 | 000,000,031 | RH-- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/05/17 02:18:42 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/05/17 02:18:25 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/05/17 02:18:25 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/05/17 02:18:25 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/05/17 02:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/05/15 06:59:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2016/05/15 06:56:30 | 006,348,824 | ---- | C] (Geek Uninstaller) -- C:\Users\Owner\Desktop\geek.exe
[2016/05/15 06:50:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Geek Uninstaller
[2016/05/15 06:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/05/15 06:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/05/14 15:14:34 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2016/05/12 02:42:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MAXON
[2016/05/11 20:51:43 | 005,546,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/05/11 20:51:43 | 003,998,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/05/11 20:51:43 | 003,943,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/05/11 20:51:43 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/05/11 20:51:43 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/05/11 20:51:43 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016/05/11 20:51:43 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/05/11 20:51:42 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016/05/11 20:51:42 | 000,706,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2016/05/11 20:51:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/05/11 20:51:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016/05/11 20:51:42 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2016/05/11 20:51:42 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016/05/11 20:51:42 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016/05/11 20:51:42 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/05/11 20:51:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016/05/11 20:51:42 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016/05/11 20:51:42 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016/05/11 20:51:42 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/05/11 20:51:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016/05/11 20:51:42 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016/05/11 20:51:42 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016/05/11 20:51:42 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2016/05/11 20:51:42 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2016/05/11 20:51:42 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/05/11 20:51:42 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016/05/11 20:51:42 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2016/05/11 20:51:42 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016/05/11 20:51:42 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016/05/11 20:51:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016/05/11 20:51:42 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2016/05/11 20:51:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/05/11 20:51:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016/05/11 20:51:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2016/05/11 20:51:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2016/05/11 20:51:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016/05/11 20:51:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/05/11 20:51:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016/05/11 20:51:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016/05/11 20:51:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016/05/11 20:51:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016/05/11 20:51:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/05/11 20:51:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2016/05/11 20:51:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016/05/11 20:51:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/05/11 20:51:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016/05/11 20:51:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/05/11 20:51:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/05/11 20:51:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016/05/11 20:51:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/05/11 20:51:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016/05/11 20:51:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/05/11 20:51:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016/05/11 20:51:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/05/11 20:51:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/05/11 20:51:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/05/11 20:51:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016/05/11 20:51:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/05/11 20:50:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2016/05/11 20:50:24 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016/05/11 20:50:24 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/05/11 20:50:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/05/11 20:50:24 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/05/11 20:50:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016/05/11 20:50:24 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/05/11 20:50:24 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016/05/11 20:50:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/05/11 20:50:23 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016/05/11 20:50:23 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/05/11 20:50:23 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016/05/11 20:50:23 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016/05/11 20:50:23 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/05/11 20:50:22 | 002,056,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/05/11 20:50:22 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016/05/11 20:50:22 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/05/11 20:50:22 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/05/11 20:50:22 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/05/11 20:50:22 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/05/11 20:50:22 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/05/11 20:50:22 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016/05/11 20:50:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016/05/11 20:50:22 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/05/11 20:50:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016/05/11 20:50:21 | 002,131,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/05/11 20:50:21 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/05/11 20:50:21 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/05/11 20:50:21 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/05/11 20:50:21 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/05/11 20:50:21 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016/05/11 20:50:20 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016/05/11 20:50:20 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016/05/11 20:50:20 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/05/11 20:50:20 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/05/11 20:50:20 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/05/11 20:50:19 | 006,052,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/05/11 20:50:19 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016/05/11 20:50:19 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/05/11 20:50:19 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016/05/11 20:50:19 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016/05/11 20:50:19 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016/05/11 20:50:18 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016/05/11 20:50:18 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016/05/11 20:46:48 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2016/05/11 20:46:21 | 000,264,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2016/05/11 20:46:21 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2016/05/11 20:46:18 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2016/05/11 20:46:09 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2016/05/11 20:46:06 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2016/05/11 20:46:06 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2016/05/08 00:48:42 | 000,113,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2016/05/08 00:48:42 | 000,102,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2016/05/08 00:48:42 | 000,056,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2016/05/07 21:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2016/04/27 18:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2016/04/27 18:24:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Battle.net
[2016/04/27 18:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2016/04/27 18:20:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Battle.net
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/05/25 14:45:45 | 000,027,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/05/25 14:45:45 | 000,027,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/05/25 14:38:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Owner.job
[2016/05/25 14:13:22 | 001,313,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/05/25 14:13:22 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/05/25 14:13:22 | 000,411,162 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2016/05/25 14:13:22 | 000,122,208 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2016/05/25 14:13:22 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/05/25 14:12:04 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/25 14:11:04 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/05/25 14:07:29 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2016/05/25 14:07:29 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/05/25 14:07:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/25 14:07:21 | 4264,603,646 | -HS- | M] () -- C:\hiberfil.sys
[2016/05/22 15:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2016/05/17 17:52:34 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/05/17 02:18:26 | 000,000,702 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/05/17 02:15:31 | 003,651,136 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2016/05/15 13:34:45 | 000,001,308 | ---- | M] () -- C:\Users\Owner\Desktop\CCleaner.exe - ショートカット.lnk
[2016/05/15 06:33:38 | 002,583,152 | ---- | M] () -- C:\Users\Owner\Desktop\geek.zip
[2016/05/14 12:21:51 | 000,102,784 | ---- | M] () -- C:\Users\Owner\Desktop\6899848_0.jpg
[2016/05/14 00:12:50 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/14 00:12:49 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/12 09:14:53 | 000,279,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/05/12 00:32:49 | 000,118,692 | ---- | M] () -- C:\Users\Owner\Desktop\8a452555429d1a844ed0c18209b19d53.gif
[2016/05/02 14:39:01 | 001,377,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2016/05/02 14:39:01 | 001,316,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016/05/02 14:38:42 | 001,767,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2016/05/02 14:38:42 | 001,756,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016/05/02 14:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[2016/05/01 22:32:26 | 000,000,794 | ---- | M] () -- C:\Users\Owner\Desktop\ScreenShot - ショートカット.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/05/17 02:18:26 | 000,000,702 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/05/17 02:16:26 | 003,651,136 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2016/05/15 13:34:45 | 000,001,308 | ---- | C] () -- C:\Users\Owner\Desktop\CCleaner.exe - ショートカット.lnk
[2016/05/15 06:51:10 | 002,583,152 | ---- | C] () -- C:\Users\Owner\Desktop\geek.zip
[2016/05/14 12:21:51 | 000,102,784 | ---- | C] () -- C:\Users\Owner\Desktop\6899848_0.jpg
[2016/05/12 00:32:49 | 000,118,692 | ---- | C] () -- C:\Users\Owner\Desktop\8a452555429d1a844ed0c18209b19d53.gif
[2016/05/01 22:32:31 | 000,000,794 | ---- | C] () -- C:\Users\Owner\Desktop\ScreenShot - ショートカット.lnk
[2016/04/14 23:10:26 | 000,115,556 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2016/04/08 18:54:26 | 000,128,792 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/04/08 18:54:26 | 000,041,752 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/04/08 18:53:18 | 008,659,472 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016/04/08 18:53:18 | 000,571,912 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016/04/08 18:53:17 | 037,567,424 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016/03/17 06:30:22 | 000,128,792 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-5-1.dll
[2016/03/17 06:29:38 | 000,041,752 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-5-1.exe
[2015/07/22 03:50:27 | 000,006,051 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2015/06/04 20:56:03 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{B952885B-E80B-42C6-A2FE-B7FCB2E64F0C}
[2014/09/07 01:59:24 | 000,000,000 | ---- | C] () -- C:\Users\Owner\netsh
[2014/08/03 00:43:43 | 000,000,000 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\97d96934a876729e8aca362b176ef4472
[2014/05/21 21:59:06 | 000,000,046 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
[2014/03/25 01:08:53 | 000,000,999 | ---- | C] () -- C:\Users\Owner\Owner - ショートカット.lnk

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/01/22 15:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/01/22 15:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2013/06/19 16:33:18 | 000,000,000 | -H-D | M] -- C:\Applied
[2016/05/17 02:45:27 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2016/03/04 23:05:48 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/06/19 15:44:11 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2014/05/17 15:49:02 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller
[2014/04/07 17:59:38 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3
[2014/04/19 22:30:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4
[2014/05/17 15:49:02 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\PlantsvsZombies
[2015/06/04 21:20:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\microsoft shared\IME14SS
[2016/05/21 13:31:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Apple Computer\iTunes\SC Info
[2014/03/21 12:59:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\BDNAV
[2016/03/06 18:24:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2014/05/24 16:10:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerDVD\10.0
[2014/10/26 21:29:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\PowerStarter\10.0
[2014/10/26 21:29:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\LABELPRINT\2.5
[2014/10/26 21:29:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MediaShow\6.0
[2014/10/26 21:29:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWER2GO\7.0
[2014/10/26 21:29:32 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERBACKUP\2.50
[2014/05/24 16:10:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerDVD\10.0
[2014/10/26 21:29:32 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\POWERPRODUCER\5.5
[2014/10/26 21:29:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerStarter\10.0
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2011/04/12 17:00:57 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2013/06/19 16:35:15 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2016/05/21 13:31:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Apple Computer\iTunes\SC Info
[2014/03/21 12:59:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\BDNAV
[2016/03/06 18:24:56 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2014/05/24 16:10:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerDVD\10.0
[2014/10/26 21:29:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\PowerStarter\10.0
[2014/10/26 21:29:33 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\LABELPRINT\2.5
[2014/10/26 21:29:33 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MediaShow\6.0
[2014/10/26 21:29:30 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWER2GO\7.0
[2014/10/26 21:29:32 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERBACKUP\2.50
[2014/05/24 16:10:03 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerDVD\10.0
[2014/10/26 21:29:32 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\POWERPRODUCER\5.5
[2014/10/26 21:29:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerStarter\10.0
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2011/04/12 17:00:57 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2009/07/14 12:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2014/03/21 09:43:51 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData
[2014/03/23 20:58:52 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2014/03/21 09:44:03 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2014/06/24 21:26:50 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2014/03/21 13:28:58 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2016/02/17 14:12:07 | 000,000,000 | RH-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Windows\Burn\Burn
[2016/01/28 19:27:15 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Local\NVIDIA Corporation\Shield Apps\StreamingAssets
[2015/11/08 00:49:48 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Adobe\CoreSync\plugins\livetype\c
[2015/05/10 21:49:57 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Adobe\CoreSync\plugins\livetype\e
[2015/05/10 21:49:57 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Adobe\CoreSync\plugins\livetype\r
[2014/03/21 12:56:29 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\CyberLink\MediaCache
[2014/05/04 11:53:03 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2016/05/17 02:18:26 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 11:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2014/03/23 20:19:41 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2014/04/06 00:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
[2016/02/11 16:23:08 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\Power2Go
[2014/04/06 00:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\7.0
[2014/04/06 00:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{4230527D-88E1-4fb5-9EDD-606F3AD2B389}\Version\2.5
[2014/04/06 00:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{63E98B26-4583-4418-958D-B6BD95DFE5C9}\Version\2.50
[2014/04/06 00:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455}\Version\10.0
[2014/04/06 00:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{748DB920-B5DD-4cdb-9EC4-5A3B61A21936}\Version\10.0
[2014/04/06 00:27:34 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{79B38061-BE11-4614-B048-0D6E669B12B3}\Version\5.5
[2014/03/21 13:28:43 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2014/03/23 21:02:33 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2014/03/21 11:17:09 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2015/05/18 17:56:36 | 000,000,000 | -H-D | M] -- C:\Windows\SysWOW64\directx\websetup

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2016/05/25 15:12:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/25 14:07:29 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/05/25 15:10:01 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/05/25 14:07:29 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2016/05/25 15:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2016/05/25 14:38:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Owner.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST2000DM001-1CH164 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SuperSSpeed S306 120GB ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: BUFFALO External HDD USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 112.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2,795.00GB
Starting Offset: 524288
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/10/30 02:50:29 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2016/02/02 03:56:25 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2016/04/09 14:43:20 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2015/04/28 04:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2015/04/28 04:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2016/02/03 03:57:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2012/02/11 15:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2016/04/09 14:43:20 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2016/02/03 03:57:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2016/02/09 18:55:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2016/04/09 14:43:20 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/06 02:56:14 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2015/06/16 06:44:47 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2015/06/16 06:42:49 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2016/02/13 03:22:06 | 002,610,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2016/04/10 04:09:05 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\????????????????????????釧????????釧????) -- C:\Windows\SysWow64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ
[2016/04/10 04:09:05 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\????????????????????????釧????????釧????) -- C:\Windows\SysWow64\ꧣ鲁뷦꞉뗦ꒅ藦鲭跧낕跧ꮥ냦ꆉ藦뚁郣꺀胣鲑釧ꆱ뷦꒕闦뎽맦뚕釧꾉맢ꒅ
[2016/03/10 02:03:18 | 000,065,536 | ---- | M] ()(C:\Windows\SysWow64\???牧??慴??数獲??????????屡潭畤敬彳??????) -- C:\Windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2015/02/11 00:57:42 | 000,065,536 | ---- | C] ()(C:\Windows\SysWow64\???牧??慴??数獲??????????屡潭畤敬彳??????) -- C:\Windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤

< End of report >
  • らすかる
  • 2016/05/25 (Wed) 15:51:09
返信フォームへ 
Re: 広告やポップアップに悩まされています
続いてExtras.txtのログになります


●Extras.txt

OTL Extras logfile created on: 2016/05/25 15:05:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.96 Gb Total Physical Memory | 11.85 Gb Available Physical Memory | 74.24% Memory free
31.92 Gb Paging File | 26.93 Gb Available in Paging File | 84.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 9.19 Gb Free Space | 8.23% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1207.39 Gb Free Space | 64.81% Space Free | Partition Type: NTFS
Drive F: | 2794.52 Gb Total Space | 274.06 Gb Free Space | 9.81% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048897D6-7B58-4C67-8F61-347992CA6A02}" = lport=139 | protocol=6 | dir=in | app=system |
"{15180E92-2FE2-4C7D-BED0-03303056EC5F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BE7A0E2-0EE1-4020-B608-0414AE78E6B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{331FC44A-5838-46E9-9EB6-50DDF764B4C6}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{3835CD5B-1AC8-4A9E-9EAD-9EA815E0A165}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CE2470C-7A4A-4E42-AB09-DDBE3AC5BC07}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{3EFD9275-6AE1-40C5-BC9A-3719F60B9C42}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{471D1650-F7B7-48FF-AC57-963BE18D36C8}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{48D8E3DC-A65D-4A6A-AF88-ACF70AD78D7A}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{51C824E2-C959-4F25-96F4-BE0D8CCC3B4C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{55059FC6-6B82-4791-ADD7-7503F110F127}" = rport=137 | protocol=17 | dir=out | app=system |
"{55142C15-B686-4594-A9F8-AC94669C0DF1}" = rport=138 | protocol=17 | dir=out | app=system |
"{558B0657-B56E-48D0-9855-5D00B9EDBF78}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D5C8B32-FA92-4E7F-B95C-2C49274A13E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73B48E73-0B3B-4914-B004-FD53CDE7E172}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{802CCFA9-FAFA-4A6F-97E7-8A59B6F96F37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A8F59AF-88E0-40CA-AC55-E9B7699A659C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F750888-A725-4E40-8550-1B057259CED5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9056C2A7-7196-4701-8E94-9EC8E550CE24}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9E97E5E5-ED7B-4A62-8F89-95159EFEC288}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4E653AD-1AAE-454C-A2A0-1BC3F1402330}" = lport=445 | protocol=6 | dir=in | app=system |
"{A58D7E1F-9AEC-4A51-8E99-F52C43583A5E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9B05214-34CD-4102-B57A-A19B9EA6F9DF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A9D3610E-F0AE-48AD-B7BB-3D236E82711B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B82CDE6C-A426-4FAB-9449-BB21A461AAAF}" = lport=1526 | protocol=6 | dir=in | name=pull |
"{B85AD09E-735F-4087-9E48-E40E7DD0A41A}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{BC892804-C6C8-4E75-98FA-E8087EBCEDE4}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{BFB73CBF-2D96-4076-B80F-8FA497193545}" = rport=445 | protocol=6 | dir=out | app=system |
"{C14497AB-67C6-4E1A-A470-3BAB8096073D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD83A167-EE79-4413-A5C7-BDF95A4066EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D1AA026F-CD69-465C-86BE-B1149DC44C73}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D25396BE-E4D6-49F1-86BC-3ACDDBD2E176}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{DBD39752-8792-4A1A-AB35-42A176ABA218}" = lport=137 | protocol=17 | dir=in | app=system |
"{F290A135-77B2-4074-98AC-CF5A3BB0162D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00504783-21A3-4E69-9827-93ED9DF75356}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{00B26D9C-FD1A-47A4-9779-151A55C6566C}" = protocol=17 | dir=in | app=d:\squareenix\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{01B8F9EB-816A-4453-91A7-C9725323A0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{04D1B503-EA20-428D-8815-1B9AA7D0CF92}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe |
"{0677C740-9B64-4AC6-B866-29615AE05C14}" = protocol=6 | dir=in | app=d:\squareenix\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{0813F6C7-932F-407A-8F0E-F47E09A9C836}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\metal slug 3\mslug3.exe |
"{08970853-7070-419F-8E3D-CBDE965306D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3634\agent.exe |
"{0964D79B-CBDF-411F-A0BF-367A27CD7DDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{09F29D4A-CE26-4EBB-B1AC-8409B15C8242}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A3A34E6-7B52-4626-97B9-9B101F959C8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{0B698B0C-B4BB-44DF-A220-481BD470A4B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BABF1A5-661E-486C-A5E5-A59B585DD59D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win32\udk.exe |
"{0BFA90B4-5CB6-4C66-8019-0E8B024D809C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{0C861B10-3288-4F74-B87A-5395176CBA5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CD2186E-5B55-4835-8A34-F67B943CFF9E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3688\agent.exe |
"{0D1960DB-C948-4829-B49B-D7BA1D9A2CFC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win64\udk.exe |
"{0D245A42-C056-4D8B-912D-0FE793F62B5C}" = protocol=17 | dir=in | app=d:\squareenix\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{0E4CF273-FE96-430F-BD16-BD54B8D1B347}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{0E5D1C1D-594A-408D-8A3C-71314366A734}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail santa's rampage\binaries\win32\udk.exe |
"{0E72B20E-FFBE-4368-AE76-749BFF91D519}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\lethalleague\lethalleague.exe |
"{0F1B1075-0EF8-450B-938F-ADFDE4B94D02}" = dir=in | app=d:\janetter2\bin\janettersrv.exe |
"{0FCF832E-5762-4CCE-96A8-25DD09DB0BFF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\udklift.exe |
"{117F6B9F-B0CA-4CFD-97B7-0CEF5ACCDBAE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win32\udk.exe |
"{13D2BC0D-4F30-4509-B240-B28DF2AD3E4B}" = protocol=6 | dir=in | app=d:\origingames\battlefield 4\bf4.exe |
"{13DF7D94-57A3-4338-B1DA-6C7C9B192367}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\don't starve together beta\bin\dontstarve_steam.exe |
"{1466D671-BD74-4861-8925-477CF38C9CCF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win64\udk.exe |
"{15F38093-FB5E-46A5-9C83-7B22D85917F6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{162226DC-9292-4E28-901E-1D457E8DCBF4}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win32\udk.exe |
"{17849FA2-7CF6-4C96-86A6-850929048AEB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win32\udk.exe |
"{17D26EEB-4809-4F55-AC7A-FBE5BEE6875F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe |
"{18C4A086-B1F5-4D95-8EE9-394F68FCC810}" = protocol=17 | dir=in | app=d:\ゲーム\ads\0x1333-20150228-nopics\ygopro.exe |
"{18F3A41F-AA69-4582-AAE0-A236222B262B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{19086630-87A8-4B32-B08F-9E67DE75E640}" = protocol=17 | dir=in | app=d:\origingames\battlefield 3\bf3.exe |
"{1936DB4F-837C-459C-988F-3A178B9271BD}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{1B4A968A-9645-4A2C-937F-7DE41ADDA2B8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B6C05BA-E100-4C8D-A0B0-1D3C02DA9244}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{1BA7B3B7-CDE0-4D49-AD39-F242451895BF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{1DDDFE74-3DD0-491C-9907-BC9A87330CC2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{1E69CD9A-BC31-435A-9AC9-449D8B96D0BB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
"{1F1892E2-F3FA-4240-8EBE-F87C668BAC81}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{1F76E4C1-250F-4030-8831-639FDDDE6DCC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win64\udk.exe |
"{2019FA58-1040-4295-A4EE-DBAB55F899D1}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{21724601-A294-4135-B4B5-90CB5198BACE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{2434AB2E-151F-4C1B-8C04-05CF8E274F07}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{24CBF03E-176F-4697-862D-819F42CDDD05}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{27A91BFD-3065-4C0E-B4F2-48AC6B09B8C9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3715\agent.exe |
"{281F00AD-FBAD-45F5-B7B0-A18D8FA93694}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail santa's rampage\binaries\win64\udk.exe |
"{29585F12-D640-4BE4-B02E-3147026023B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B0B6E26-2242-4B11-96D5-28594B0200A5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe |
"{2F783475-5367-40B3-927E-9DDC21D65EA0}" = protocol=6 | dir=in | app=d:\squareenix\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{2FF59415-C8C2-4467-927A-EDAD921DDE6E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win32\udk.exe |
"{315E3E63-4E30-48D1-A930-81994AD2EF74}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win64\udk.exe |
"{3341C12B-0D7B-46E2-BC9E-3BCFC045C92B}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{33D8C58F-D5BA-4500-9094-62435FA0E4D2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win32\udk.exe |
"{348F886F-9717-41B0-ACD0-3F53D5585CEA}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{36FED3D9-41FA-4114-AA29-21D6AA918510}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win64\udk.exe |
"{3719B9F4-BA18-4BDB-B63A-01A979FA15E8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3715\agent.exe |
"{38A97F22-5757-4339-900C-6B2CA462EC4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38CC152C-CE47-4F7B-ABD6-372F5059B6F5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{3964A7FD-BBCE-44EE-9E17-7E8A4A0705A0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3A2A64AB-0D64-418A-A273-2EEAABB4147F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3A63D1EC-32A3-498C-88F7-2F52AD225512}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\super hexagon\superhexagon.exe |
"{3C937384-DB46-498C-ADD8-B0ACE0F41799}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3427\agent.exe |
"{3CB86B26-A15B-4B29-9A7B-27FE0E92FE79}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe |
"{3FB808D4-4828-4EE9-89B0-FC71ECB239A9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\metal slug 3\mslug3.exe |
"{40FEF890-3D1F-49B6-ABB1-1F94001E273B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\guns of icarus online\workshop\workshop.exe |
"{42D646B7-FCB9-4143-996D-20E112214AAC}" = protocol=17 | dir=in | app=d:\origingames\plants vs. zombies\plantsvszombies.exe |
"{43CDDDC6-8BD7-4AA2-94B2-3B8474366836}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{495B136D-6315-429C-8251-8AB2DEF61B56}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{4B38636B-732F-4F57-B5D3-C44FBC30332A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4BC01486-1307-4621-8ACF-272ACF377BD0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3634\agent.exe |
"{4E7EC14E-6C32-4E99-800E-F17223BC8175}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{4F199A09-4051-46A1-8C14-8E7DDD6CAD7B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win32\udk.exe |
"{4F953103-50F0-4E81-BD0F-1D85F7DEA262}" = protocol=17 | dir=in | app=d:\hamachi\hamachi-2-ui.exe |
"{5029008A-8539-4D2A-9CE9-BE6B4C88128A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win32\udk.exe |
"{5133E822-460B-4C09-BEF6-DBF4B32F4D5B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\robocraft\robocraft.exe |
"{5278EAB6-6369-4932-93AF-5304134603E6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\guns of icarus online\workshop\workshop.exe |
"{52A9D65B-EBC0-4A3D-9B9E-02BDB9721551}" = dir=in | app=c:\program files (x86)\janetter\bin\janettersrv.exe |
"{536F7DCE-9771-45BA-B905-8B8ABF578587}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\monaco\monaco.exe |
"{53D0B519-7EBB-4711-9D42-28DFC0980C33}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\don't starve together beta\bin\dontstarve_steam.exe |
"{5440ADFA-7B2F-47C7-891D-1F975322D2F5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{54682084-3D9B-4E41-9666-664BD81D2DF5}" = protocol=6 | dir=in | app=d:\origingames\plants vs. zombies\plantsvszombies.exe |
"{552A9F2C-B676-4919-997A-FF2FEE7C34CA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{5774EC3D-13D8-4423-9ECF-DF7CCE4FE965}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{57862E5D-4B76-46ED-BEE8-8D96464784E5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{584D83B5-B985-4AFE-8C23-42FEB4B25F77}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
"{5882FF6A-FF70-49FC-AF52-E49427C0A110}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\udklift.exe |
"{5EA84F26-9D52-435A-8757-0BCA982AAEC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{62844466-831A-4BBD-84A1-C568FCFC7864}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe |
"{634C1437-8143-43B1-A871-8FDFBFD28221}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63F5758C-732C-4A90-994F-02A38767F26F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{6568655C-ED19-48EE-B569-973A33A2FD08}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{65E4A006-2929-41C9-8CE0-0E9CD4E23E43}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{69889A98-BD2C-4F83-8062-364B0D1F8D33}" = protocol=6 | dir=in | app=d:\origingames\battlefield 4\bf4x86webhelper.exe |
"{6A0A6300-4E61-4E89-95C5-1AD685BA89F1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{6A6A1BF3-4CFE-46E1-AA9C-585BF1088D35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AEBFCDF-AC19-4010-8373-0548DF77DD8E}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe |
"{6B870040-7F2C-4F83-A4B0-973308525216}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{6C632592-CCC1-4A9D-B513-7EC2DECE9582}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe |
"{6E61818D-117F-4D1A-8429-75065731AF44}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{6E7181AF-6E26-45C8-A3F7-E711340143D0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{6F3D05D1-EAC0-4392-B439-78229BED46F1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3632\agent.exe |
"{720CB7D8-E13B-4101-AAF6-62D6BD546AC8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7355B49D-3493-44F1-BBFE-1B8CD5CB8AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{73CEB7AE-13B8-4391-A087-9C90260AA567}" = protocol=17 | dir=in | app=d:\origingames\battlefield 4\bf4.exe |
"{74C4FE96-AEAF-4649-9BC8-64F63F875B0E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\don't starve together beta\bin\dontstarve_steam.exe |
"{77E2892E-F322-438A-BC19-A451C41ED9D3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win32\udk.exe |
"{77EADBDD-B2C1-4952-9B63-9788CB2805CE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win64\udk.exe |
"{789CCD8A-6719-49AF-BF2F-6BCADE9FFE19}" = protocol=6 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{7D4844D6-E8F8-433E-8149-BA0118AFDC67}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe |
"{7D96E6DE-ACA3-46B5-A085-928BE597496C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8371D573-F796-4379-972E-19B5F3B28CE6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win32\udk.exe |
"{83F21F07-D5F7-4073-9F53-D535A8E5E4CE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{83F91692-734B-4127-8045-CF48443DCF2B}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{84F8925F-8639-477E-A496-9AA327721E9C}" = dir=in | app=c:\program files (x86)\janetter2\bin\janettersrv.exe |
"{851E2173-D7E3-43A1-9047-885566B46ACB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win64\udk.exe |
"{86598171-A7A8-422C-8938-AEC053F0AB8C}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{86804165-4E95-450F-BE87-8D97451C04AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86AE356C-F6BB-47C5-B07E-345833C9E4DE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\robocraft\robocraft.exe |
"{86E0A8AE-1FA6-43DA-B1B7-10D9C1AA2269}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{875B5F0A-A875-4ABD-BF50-F3509FEF811E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\udklift.exe |
"{889A7D42-C11C-4448-A04C-AE977B6E2828}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88B66E72-FC42-40C2-8284-B40B67C1DCFF}" = protocol=6 | dir=out | app=system |
"{8E13E363-9B0D-42F6-B867-886A352A76EF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win64\udk.exe |
"{8E5A0239-CB46-439F-ABB6-EB582D046B83}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{900B98EA-9CD1-492E-B08D-7B37D1641C68}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe |
"{923346E3-8F0D-473C-9CCC-9E20879620A8}" = protocol=6 | dir=in | app=d:\ゲーム\ads\0x1333-20150228-nopics\ygopro.exe |
"{96D178B6-2FF4-4B47-B5D5-A336C6F5B73D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\super hexagon\superhexagon.exe |
"{99E28C4F-AFE7-41D6-B2BD-5209BCF79BE7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dark souls ii\game\darksoulsii.exe |
"{9A7A8A3A-A8C9-47B5-A962-45AA8BD89875}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3427\agent.exe |
"{9B5C0B7D-6E61-478B-BE34-92543FD17721}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win32\udk.exe |
"{9C3A4C98-358A-446D-B32F-55C0F924BFE5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\pool nation\pool.exe |
"{9CA0B475-65C1-4D28-9E02-57A4E9591F63}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe |
"{9F07AD88-F696-4830-BE26-8406EFD7F0B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9F26EE60-0124-4E61-914C-6D9A5FC09913}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F8E0EF4-BDD8-4D11-AE77-DD2FA5E725E5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{A0D5FEC0-7AC4-4BEA-BCBB-492389B4CB39}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{A1FB370A-56CC-4554-A07F-A1FF25DAE89A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{A2DE8909-7B6C-4028-AF09-E3522E0272B7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A370F619-B776-4380-A2A7-72772D0FB7B0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win64\udk.exe |
"{A3E6E7AE-951F-44A6-A7D8-D9C9118781A9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{A6B599FD-A6EA-495E-8EA7-6A764A48975B}" = protocol=6 | dir=in | app=d:\origingames\battlefield 4\bf4_x86.exe |
"{A80F0072-DA96-4A57-8A36-A80E36B43557}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{A8748CCA-0636-4635-9FCF-53B42A49741D}" = dir=out | app=c:\minecraftserver\server.bat |
"{ABBD568E-BD5C-4D68-9DBB-EECCFE32615A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{AE787572-6B36-429D-A3EC-0E9558E43B3A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\udklift.exe |
"{B0313A4F-4E85-4486-A394-633653F44690}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail santa's rampage\binaries\win32\udk.exe |
"{B1CDF2BF-98E3-44C8-9758-8922EB01CFA9}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{B232E67A-55F5-4676-BB06-48EC39BBBEC9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B2BAF7D4-32CE-4E00-9B95-5552AF5CE2E8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{BBA94CCB-43B8-4FCF-ABF8-95D94737CEF0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{BE883A87-E78D-45F9-824C-ABE174CF395C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BF10570F-674A-4A16-B9EC-BAAA47425BD7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win64\udk.exe |
"{C099E257-98ED-4031-ABA6-1EA0E553B340}" = dir=in | app=d:\archeage\gameon\archeage\bin32\patcher.exe |
"{C24E5FBA-3C4B-4624-9CB8-0F97745B2A3E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\lethalleague\lethalleague.exe |
"{C252D1D1-7A20-4580-A5AE-72CA9E7A511F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C77AA94F-2C27-4965-88AC-F0034439B874}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\pool nation\pool.exe |
"{C89780C2-C02D-4185-B704-B22F3F8AD71D}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{CAAB02CB-C7CC-4B36-B49C-69072FB59067}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CD4EE114-323F-4E21-A80B-6CEE88C58317}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{CF2AD5CA-C302-4933-AB66-FB205660B4F0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D2C93E5A-5979-48D7-8AF7-B402C5295EFC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3369873-F192-4FE0-BFC3-9AF1A6BA9D0C}" = protocol=17 | dir=in | app=d:\origingames\battlefield 4\bf4x86webhelper.exe |
"{D5F714FC-A05C-4538-B1B7-EE426F972ED3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3688\agent.exe |
"{D60538F9-FD56-42CB-94DA-FF11FCD69119}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3715\agent.exe |
"{D824F941-8FD4-4868-94B6-60BA393AF3F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{D850C945-E819-4468-B56F-400EA6D9428B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\don't starve together beta\bin\dontstarve_steam.exe |
"{D853E5E0-F117-4217-82F2-AD67CB23F223}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe |
"{DA073799-1C17-4DBB-930F-F99BA044543C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe |
"{DA1853C9-ADEB-4FBE-85D5-C21F0A2D3BAE}" = protocol=17 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{DCD9E354-54B3-4BF9-9F51-70E41215A19F}" = protocol=17 | dir=in | app=d:\origingames\battlefield 4\bf4webhelper.exe |
"{DF144653-5691-4EA6-9744-BBB115AB930F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{E1A2499B-6F87-4603-A6F4-B54CB6E41500}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe |
"{E2EE5852-F973-4A5D-88FF-A0A25C629280}" = protocol=58 | dir=in | app=system |
"{E63947D3-5A98-466B-94AB-AE22E5E41ED0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{E674CF8B-E6A9-446A-A799-B11B069CDB3B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3632\agent.exe |
"{E82626E7-DC22-45BC-BAAE-A34F7925ADE2}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{E840950B-4A3C-4A62-A59D-6BB9AB90D65E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\guns of icarus online\workshop\workshop.exe |
"{E881FF3F-DA8E-49B1-9012-E83D90814EC2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera\binaries\win64\udk.exe |
"{E8D13E43-3227-4470-AA21-CA17E7D91673}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\guns of icarus online\workshop\workshop.exe |
"{EA36D9C3-30EE-4A18-894E-85D7C1D5B8C0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EC95250A-A4DF-43EE-B14A-FD2849EE5289}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{ED545EFA-0F3D-4EAB-9A2C-CA1C541D2676}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{F14A35E8-2836-46FD-B6E1-3523F1D91DF0}" = protocol=6 | dir=in | app=d:\hamachi\hamachi-2-ui.exe |
"{F1BA33A7-1865-4159-962C-1A5EA2E60A4F}" = protocol=6 | dir=in | app=d:\origingames\battlefield 3\bf3.exe |
"{F1CD5C72-FC73-4815-B090-A041D21AF013}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{F2296FDC-6D51-45E2-AB9A-BC9C7AFB6116}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail santa's rampage\binaries\win64\udk.exe |
"{F404EF43-6E4C-4B92-9BDB-206F008AD5EA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win64\udk.exe |
"{F46B3091-B357-4A45-9B01-D62AF04666AC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{F499E1C5-98CB-47CB-92EB-2D8D1D6A64E4}" = protocol=17 | dir=in | app=d:\origingames\battlefield 4\bf4_x86.exe |
"{F588E5DB-2DE5-4E6C-A0CF-FCD53343E496}" = dir=in | app=c:\minecraftserver\server.bat |
"{F5A25C36-F11C-4CE5-9074-25F61A7B539B}" = dir=in | app=c:\users\owner\appdata\local\microsoft\skydrive\skydrive.exe |
"{F7E7979D-CB33-48FA-82F5-03B142F559B8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\viscera cleanup detail shadow warrior\binaries\win32\udk.exe |
"{F8B8E094-D415-4848-92CE-7FE84EFA7FB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F99F89F6-7A47-4F82-949C-44BD2D6138E2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{FA5D54A6-A194-4D0F-87B5-F8A18EE9DF71}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\monaco\monaco.exe |
"{FBD8FD48-396C-4F33-897F-8436A1094B72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC7A617D-BB1C-4712-B6B2-5063A2C3518A}" = protocol=6 | dir=in | app=d:\origingames\battlefield 4\bf4webhelper.exe |
"{FD3B12D8-520E-4E85-B0E1-272E747F9D03}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe |
"{FD68162E-D1FF-455D-9709-7841F4ED212D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3715\agent.exe |
"{FE34868A-CDD5-4944-BA0C-89CD7B5F0B72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0B803AC8-45B7-4FBC-A557-5E52C9EED3B0}D:\hearthstone\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=d:\hearthstone\hearthstone\hearthstone.exe |
"UDP Query User{A6C196D0-237D-4CC0-98F8-B1333C8506E5}D:\hearthstone\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=d:\hearthstone\hearthstone\hearthstone.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}" = paint.net
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2937FD88-C9D6-4B82-B539-37CD0A572F42}" = Apple Application Support(64 ビット)
"{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}" = iCloud
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041" = Microsoft .NET Framework 4.6.1 (日本語)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A31C5565-90D9-4615-AE13-94D86C3836C7}" = iTunes
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision ドライバー 364.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA コントロール パネル 364.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA グラフィックス ドライバー 364.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision コントローラー ドライバー 364.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX システム ソフトウェア 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD オーディオ ドライバー 1.3.34.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D0E18DF2-9E19-3BC5-9D77-5ECB9AC1A346}" = Microsoft .NET Framework 4.6.1 (JPN)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"Pen Tablet Driver" = ワコム
"Steam App 8930" = Sid Meier's Civilization V
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-b4cf8c50-deb9-48ba-9a6e-6600d4d099ae" = Viscera Cleanup Detail: alpha v0.25

"VulkanRT1.0.5.1" = Vulkan Run Time Libraries 1.0.5.1
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"バッファロー らくらくアップデートツール" = バッファロー らくらくアップデートツール

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{0BA50887-995D-47D7-A621-20CD150347DB}" = CoreMasters
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{19687AD5-7E54-4C5E-A796-125C95079C1D}" = Adobe AIR
"{19F00CA3-338D-497C-BA31-0507101F2BBB}" = XSplit Broadcaster
"{1EC0AF35-6DCF-4F9E-8D84-888B15930D4B}" = StationTV S
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{236BB7C4-4419-42FD-0411-1E257A25E34D}" = Adobe Photoshop CS2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update
"{2749c485-3a8b-4533-92ff-7cf6e8221cff}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2E037507-E75B-4AAE-A419-2AE25C87B6A2}" = Windows Live Writer Resources
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{4034B4C1-E9A0-4F10-B86C-CFDCB9F1759A}_is1" = BUFFALO AirStation おたすけナビ
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer
"{464847E7-6960-407E-A710-8AC3B1D448E3}" = フォト ギャラリー
"{4905245D-56E7-4176-BE68-962728B803D6}" = ROCCAT Kone Pure Mouse Driver
"{4BEADFC8-669B-0C15-15C7-835F8C2CCFC2}" = Saezuri
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform
"{5B345EEE-351C-4BA7-B16B-559E6A2CD78D}" = League of Legends
"{5D9A58F8-ADE0-431A-BB8D-AD248683C13E}" = Windows Live メール
"{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Plants vs. Zombies™
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 3.2.1
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{6F6873E3-5C92-4049-B511-231A138DD090}" = カスペルスキー インターネット セキュリティ
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = バトルフィールド 3
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B0AEAF4-3C01-4169-9036-45573CF767D6}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8515A2F4-5571-4F52-8085-814E30716C48}" = FMEAutomator 3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88B0F0DE-6937-440D-B5CA-6E69003E55F7}_is1" = Caesium バージョン 1.7.0
"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F5320EB-DC7C-46EF-9ACC-A58669001BDE}" = Photo Common
"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink Medi@Show 6
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0121-0411-0000-0000000FF1CE}" = Microsoft Office IMESS (Japanese) 2010
"{90140000-0122-0000-0000-0000000FF1CE}" = Microsoft Office IME 2010
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer
"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common
"{9864624D-FE15-422F-BDBB-5DC0D9AA904A}" = Gamepot Web実行環境
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9FB24678-AF65-4B2D-B5B0-88BAFDBC68F0}" = Dragon's Dogma Online
"{a290e635-65ea-4997-b85b-2f352a3b93fb}" = osu!
"{A59A15E8-2B9B-490D-916E-D608A9D0D295}" = Windows Live Writer
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AEDA8B17-9571-4839-9240-F93E41198E19}" = Windows Live Sync
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B6DCCCD3-520D-4485-B642-FCC136CE12C3}" = Amazon 1Button App
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BB6B0C1F-B935-46CC-8BDF-C567D15A9DD9}" = Windows Live Messenger
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C4ADB67B-C908-4D94-B85E-585D2F3F9118}" = TweetDeck
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D508605F-300D-42A4-B288-FC1D2E29158D}" = Movie Maker
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D1594B-8077-42C9-8541-B8438F52F283}" = Niconico Live Encoder
"{E5E83E00-1144-4821-B6B6-7A16C41EFC39}" = Windows Live Messenger
"{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}" = MorphVOX Junior
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A273BD-6A9E-41D8-A111-5E56ACD286F8}" = Gaming mouse Driver
"{F1FB514E-F90C-4CFC-B381-B2D98856FC0C}" = Windows Live UX Platform Language Pack
"{F3B6C28C-2DC7-4EA9-A573-645ACDA7AC36}" = Windows Live Writer
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F70BCE36-25F2-4475-A918-6209B3D85BF3}" = Intel(R) C++ Redistributables on Intel(R) 64
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype(TM) 7.22
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}" = Apple Application Support(32 ビット)
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0411-1E257A25E34D}" = Adobe Photoshop CS2
"ApplicationManager" = ApplicationManager 2011.4.27.209
"ArcheAge" = ArcheAge
"Bamboo Dock" = Bamboo Dock
"Battle.net" = Battle.net
"Battlelog Web Plugins" = Battlelog Web Plugins
"BUFFALO_AirSet2_is1" = BUFFALO エアステーション設定ツール
"BUFFALO_BPCEnv_is1" = BUFFALO パソコン環境表示ツール
"DC-Bass Source" = DC-Bass Source 1.3.0
"DivX Setup" = DivXセットアップ
"Dxtory2.0_is1" = Dxtory バージョン 2.0.126
"Glyph" = Glyph
"Glyph Trove" = Trove
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hearthstone" = Hearthstone
"http://pso2.jp/appid/release_is1" = PHANTASY STAR ONLINE 2
"IME14SS.1041" = Microsoft Office IME 2010 (Japanese)
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}" = カスペルスキー インターネット セキュリティ
"Janetter2_is1" = Janetter 4.3.1.0
"jp.playwell.Saezuri.58F200D7EEA7AA1DF3962E867638EFEED92471BE.1" = Saezuri
"Kingsoft Office" = Kingsoft Office 2013 (9.1.0.4586)
"LAME_is1" = LAME v3.99.3 (for Windows)
"League of Legends 3.0.1" = League of Legends
"LINE" = LINE
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware バージョン 2.2.1.1043
"Mozilla Firefox 46.0.1 (x86 ja)" = Mozilla Firefox 46.0.1 (x86 ja)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"Origin" = Origin
"Overwolf" = Overwolf
"Picasa 3" = Picasa 3
"Pmang" = Pmangインストールマネージャー
"Pmang_archeage" = ArcheAge
"Pmang_AVA" = Alliance of Valiant Arms
"Pmang_common" = Common
"PunkBusterSvc" = PunkBuster Services
"Steam" = Steam
"Steam App 113020" = Monaco
"Steam App 207230" = Archeblade
"Steam App 209080" = Guns of Icarus Online
"Steam App 218620" = PAYDAY 2
"Steam App 221640" = Super Hexagon
"Steam App 236430" = DARK SOULS™ II
"Steam App 244850" = Space Engineers
"Steam App 246900" = Viscera Cleanup Detail
"Steam App 250180" = METAL SLUG 3
"Steam App 252950" = Rocket League
"Steam App 254440" = Pool Nation
"Steam App 255520" = Viscera Cleanup Detail: Shadow Warrior
"Steam App 261180" = Lethal League
"Steam App 265210" = Viscera Cleanup Detail: Santa's Rampage
"Steam App 301520" = Robocraft
"Steam App 322330" = Don't Starve Together Beta
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 65800" = Dungeon Defenders
"Steam App 730" = Counter-Strike: Global Offensive
"UN900119" = BUFFALO クライアントマネージャV
"UN900119_is1" = BUFFALO クライアントマネージャV をアンインストール
"UN900120" = BUFFALO AirStation倍速設定ツール(アンインストール)
"vsfilter_is1" = DirectVobSub 2.40.4209
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
"やりますアンコちゃん" = やります!アンコちゃん

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2016/05/20 19:48:17 | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/05/21 22:47:55 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 4 Owner-PC.local.
Addr 192.168.0.10

Error - 2016/05/21 22:47:55 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Owner-PC.local.
Addr 192.168.0.15

Error - 2016/05/21 22:47:55 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Owner-PC.local already in use; will try Owner-PC-2.local
instead

Error - 2016/05/21 22:49:37 | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/05/22 9:48:03 | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = プログラム rads_user_kernel.exe バージョン 0.0.0.0 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センター コントロール パネルで、問題の履歴をクリックしてください。 プロセス ID: 107c 開始時刻: 01d1b43088251c15 終了時刻: 1 アプリケーション
パス: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe レポート ID: c9a53b27-2023-11e6-8686-7c05073ac49d


Error - 2016/05/22 12:17:09 | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: NvStreamNetworkService.exe、バージョン: 7.1.2071.1338、タイム
スタンプ: 0x5726e00c 障害が発生しているモジュール名: NvMdnsPlugin.dll_unloaded、バージョン: 0.0.0.0、タイム スタンプ:
0x5726e510 例外コード: 0xc0000005 障害オフセット: 0x000007feef3745a0 障害が発生しているプロセス ID: 0x1e10 障害が発生しているアプリケーションの開始時刻:
0x01d1b3d45b284fce 障害が発生しているアプリケーション パス: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
障害が発生しているモジュール
パス: NvMdnsPlugin.dll レポート ID: a19dab2f-2038-11e6-8686-7c05073ac49d

Error - 2016/05/23 6:58:00 | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/05/25 1:09:18 | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/05/25 1:14:46 | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
のアクティブ化コンテキストの生成に失敗しました。マニフェストまたはポリシー ファイル "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll" 行 2 のエラーです。 無効な XML 構文です。

Error - 2016/05/25 1:20:31 | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
のアクティブ化コンテキストの生成に失敗しました。マニフェストまたはポリシー ファイル "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll" 行 2 のエラーです。 無効な XML 構文です。

[ Media Center Events ]
Error - 2014/03/23 21:45:04 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 10:45:02 - インターネットの接続中にエラーが発生しました。 10:45:02 - サーバーと通信できません。.

Error - 2014/03/23 22:45:09 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 11:45:09 - インターネットの接続中にエラーが発生しました。 11:45:09 - サーバーと通信できません。.

Error - 2014/03/23 23:45:19 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 12:45:17 - インターネットの接続中にエラーが発生しました。 12:45:17 - サーバーと通信できません。.

Error - 2014/03/24 0:45:24 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 13:45:24 - インターネットの接続中にエラーが発生しました。 13:45:24 - サーバーと通信できません。.

Error - 2014/04/04 21:22:26 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 10:22:26 - インターネットの接続中にエラーが発生しました。 10:22:26 - サーバーと通信できません。.

Error - 2014/04/04 21:22:58 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 10:22:55 - インターネットの接続中にエラーが発生しました。 10:22:55 - サーバーと通信できません。.

Error - 2014/04/06 1:04:23 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 14:04:23 - インターネットの接続中にエラーが発生しました。 14:04:23 - サーバーと通信できません。.

Error - 2014/04/06 1:04:30 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 14:04:28 - インターネットの接続中にエラーが発生しました。 14:04:28 - サーバーと通信できません。.

Error - 2014/04/06 3:17:22 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 16:17:22 - MCESpotlight を取得できませんでした (エラー: 基礎になる接続が閉じられました: 接続が予期せずに閉じられました)


Error - 2014/04/11 23:40:05 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 12:40:05 - MCESpotlight を取得できませんでした (エラー: リモート サーバーに接続できません。)

[ System Events ]
Error - 2016/05/20 19:46:31 | Computer Name = Owner-
  • らすかる
  • 2016/05/25 (Wed) 15:53:24
返信フォームへ 
Re: 広告やポップアップに悩まされています
Extras.txtの続きになります。


[ System Events ]
Error - 2016/05/20 19:46:31 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :0" は、IP アドレス 192.168.0.15 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.0.10 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2016/05/20 19:46:37 | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = ネットワークの別のコンピューターが同じ名前を使用しているため、サーバーはトランスポート \Device\NetBT_Tcpip_{685E7831-4A25-4E59-98CC-518F857F5C43}
にバインドできませんでした。サーバーを起動できませんでした。

Error - 2016/05/20 19:46:37 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :20" は、IP アドレス 192.168.0.15 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.0.10 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2016/05/21 18:25:26 | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 2016/05/21 22:47:54 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :0" は、IP アドレス 192.168.0.15 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.0.10 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2016/05/21 22:47:56 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :0" は、IP アドレス 192.168.0.15 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.0.10 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2016/05/21 22:48:01 | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = ネットワークの別のコンピューターが同じ名前を使用しているため、サーバーはトランスポート \Device\NetBT_Tcpip_{685E7831-4A25-4E59-98CC-518F857F5C43}
にバインドできませんでした。サーバーを起動できませんでした。

Error - 2016/05/21 22:48:01 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :20" は、IP アドレス 192.168.0.15 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.0.10 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2016/05/21 23:21:17 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :0" は、IP アドレス 192.168.0.15 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.0.10 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2016/05/23 10:23:35 | Computer Name = Owner-PC | Source = volsnap | ID = 393252
Description = ユーザーが設定した制限値のためにシャドウ コピーの記憶域を拡張できなかったためにボリューム C: のシャドウ コピーが中止しました。


< End of report >
  • らすかる
  • 2016/05/25 (Wed) 15:54:43
返信フォームへ 
素性不明のトロイ。安全優先でリカバリを
作業と報告、ご苦労様です。
OTLのログを見せてもらいました。

そのうえで安全優先のレスします。

残念ですが今回はリカバリをお勧めします。
素性不明なトロイらしいものが見つかってます。

下手に時間かけて調べている間にも傷口広げる恐れが大なので、これ以上時間かけるのは避けるべきです。

必要なデータのバックアップ後、それが済み次第速やかにリカバリです。
リカバリできたらすぐにWindowsupdateやセキュリティソフトを含む各種更新も最新まで持っていき、そこで一度フルスキャンして、異常や感染が出なければリカバリ成功でしょう。

そこでまたHJTログと、CCでインストール情報ログと各タブのログも取り直して、それらをリカバリ後の状態報告とともにレスください。

単純にリカバリしただけでは解決できない恐れもありえます。
まずはバックアップとリカバリの準備からかかってください
  • 悪代官
  • 2016/05/25 (Wed) 21:35:20
返信フォームへ 
Re: 広告やポップアップに悩まされています
ご返信ありがとうございます。

ご指示ありがとうございます、作業完了いたしました。

このパソコンは店舗で組み立てれれたもので、今回は一緒に入っていたシステムイメージディスクを使ってリカバリ作業をおこないました。
リカバリの終了後、カスペルスキー2013でのスキャンとWindowsUpdataを終わらせ、ログの取り直しを行いました。

以下にログを貼ります、よろしくお願いします。


●HJTのログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:52:33, on 2016/05/27
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Owner\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKCU\..\Run: [ApplicationManager] C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: バナー広告対策に追加 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O9 - Extra button: セキュリティキーボード - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 危険サイト診断 - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: CyberLink Product - 2014/03/21 12:59:01 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10017 bytes



●CCのログ

Adobe AIR Adobe Systems Incorporated 2014/03/21 4.0.0.1390
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 2016/05/26 18.5 MB 21.0.0.242
Adobe Reader XI (11.0.16) - Japanese Adobe Systems Incorporated 2016/05/26 208 MB 11.0.16
Adobe Shockwave Player 12.1 Adobe Systems, Inc. 2014/03/21 12.1.0.150
ApplicationManager 2011.4.27.209 kingsoft 2013/06/19 2011.4.27.209
CCleaner Piriform 2016/05/27 5.18
CyberLink BD_3D Advisor 2.0 CyberLink Corp. 2014/03/21 2.0.5425
CyberLink Media Suite 10 CyberLink Corp. 2014/03/21 904 MB 10.0
CyberLink PowerProducer 5.5 CyberLink Corp. 2014/03/21 168 MB 5.5.3.4118
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/06/19 54.8 MB 1.0.0.35342
Intel(R) Management Engine Components Intel Corporation 2012/01/20 8.0.1.1399
Intel(R) OpenCL CPU Runtime Intel Corporation 2013/06/19
Intel(R) Processor Graphics Intel Corporation 2013/06/19 9.17.10.2932
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2012/01/27 1.0.3.214
Intel® Trusted Connect Service Client Intel Corporation 2013/06/19 10.6 MB 1.23.219.2
Java 7 Update 51 Oracle 2014/03/21 118 MB 7.0.510
Kingsoft Office 2013 (9.1.0.4256) Kingsoft Corp. 2014/03/21 9.1.0.4256
Microsoft .NET Framework 4.5.1 (日本語) Microsoft Corporation 2014/03/21 2.93 MB 4.5.50938
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/05/27 38.8 MB 4.6.01055
Microsoft OneDrive Microsoft Corporation 2014/03/21 26.7 MB 17.0.4024.1220
Microsoft Silverlight Microsoft Corporation 2016/05/27 100 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/06/19 1.72 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014/03/21 300 KB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2014/03/21 594 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2014/03/21 598 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2014/03/21 13.7 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2014/03/21 12.1 MB 10.0.30319
NVIDIA 3D Vision コントローラー ドライバー 335.21 NVIDIA Corporation 2014/03/21 335.21
NVIDIA 3D Vision ドライバー 335.23 NVIDIA Corporation 2014/03/21 335.23
NVIDIA GeForce Experience 1.8.2.1 NVIDIA Corporation 2014/03/21 1.8.2.1
NVIDIA HD オーディオ ドライバー 1.3.30.1 NVIDIA Corporation 2014/03/21 1.3.30.1
NVIDIA PhysX システム ソフトウェア 9.13.1220 NVIDIA Corporation 2014/03/21 9.13.1220
NVIDIA Virtual Audio 1.2.20 NVIDIA Corporation 2014/03/21 1.2.20
NVIDIA グラフィックス ドライバー 335.23 NVIDIA Corporation 2014/03/21 335.23
Realtek Ethernet Controller Driver Realtek 2013/06/19 7.48.823.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/06/19 6.0.1.6482
Skype(TM) 7.3 Skype Technologies S.A. 2016/05/27 49.2 MB 7.3.101
Windows Live Essentials Microsoft Corporation 2014/03/21 16.4.3522.0110
Windows Live Sync Microsoft Corporation 2013/06/19 2.76 MB 14.0.8089.726
カスペルスキー インターネット セキュリティ Kaspersky Lab 2014/03/21 14.0.0.4651
  • らすかる
  • 2016/05/27 (Fri) 18:00:02
返信フォームへ 
各種更新と、続きのCCログを
レスが遅くなってすみません。
リカバリは無事できたようですね。

>このパソコンは店舗で組み立てれれたもので、今回は一緒に入っていたシステムイメージディスクを使ってリカバリ作業をおこないました。
>リカバリの終了後、カスペルスキー2013でのスキャンとWindowsUpdataを終わらせ、ログの取り直しを行いました。

カスペのスキャンでも検出はなかったということならそれはいいです。
現在異常も出てませんか?

ログを見たところ、各種更新がまだできてないのでその修正をしましょう。

下記は現在まだ最新になってないので、使うなら更新必須です。更新しないならアンインストールが安全です。
Adobe AIR Adobe Systems Incorporated 2014/03/21 4.0.0.1390
Skype(TM) 7.3 Skype Technologies S.A. 2016/05/27 49.2 MB 7.3.101

カスペも2013版ということなので、使用期限内なら最新バージョンに更新しておいてください。

次に下記はGUを使ってアンインストール推奨です。
Adobe Reader XI (11.0.16) - Japanese Adobe Systems Incorporated 2016/05/26 208 MB 11.0.16

Adobe Shockwave Player 12.1 Adobe Systems, Inc. 2014/03/21 12.1.0.150

ApplicationManager 2011.4.27.209 kingsoft 2013/06/19 2011.4.27.209

Java 7 Update 51 Oracle 2014/03/21 118 MB 7.0.510

次にPCをセーフモードで、HJTでスキャンしてから、表示された中の下記をfixです。
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ApplicationManager] C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

これができたらPCを通常モードで再起動後、そこでまたHJTとインストール情報ログ、それにCCでの各タブのログを取り直して、それらをレスで見せてください。
  • 悪代官
  • 2016/05/27 (Fri) 20:45:06
返信フォームへ 
Re: 広告やポップアップに悩まされています
ご返信ありがとうございます。

作業完了いたしました。
現在も特に異常は見られない状態です。
カスペルスキーの方も最新版にしてからスキャンを行いましたが何も検知されませんでした。

以下に各ログを貼っておきます、よろしくお願いします。


●HJTのログ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:33, on 2016/05/29
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\,Download\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6}
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: CyberLink Product - 2014/03/21 12:59:01 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9953 bytes


●CC インストール情報のログ

Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 2016/05/26 18.5 MB 21.0.0.242
Adobe Flash Player 21 NPAPI Adobe Systems Incorporated 2016/05/27 19.0 MB 21.0.0.242
CCleaner Piriform 2016/05/27 5.18
CyberLink BD_3D Advisor 2.0 CyberLink Corp. 2014/03/21 2.0.5425
CyberLink Media Suite 10 CyberLink Corp. 2014/03/21 904 MB 10.0
CyberLink PowerProducer 5.5 CyberLink Corp. 2014/03/21 168 MB 5.5.3.4118
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/06/19 54.8 MB 1.0.0.35342
Intel(R) Management Engine Components Intel Corporation 2012/01/20 8.0.1.1399
Intel(R) OpenCL CPU Runtime Intel Corporation 2013/06/19
Intel(R) Processor Graphics Intel Corporation 2013/06/19 9.17.10.2932
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2012/01/27 1.0.3.214
Intel® Trusted Connect Service Client Intel Corporation 2013/06/19 10.6 MB 1.23.219.2
Java 8 Update 91 Oracle Corporation 2016/05/27 89.3 MB 8.0.910.15
Kingsoft Office 2013 (9.1.0.4256) Kingsoft Corp. 2014/03/21 9.1.0.4256
League of Legends Riot Games 2016/05/27 3.0.1
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/05/27 38.8 MB 4.6.01055
Microsoft .NET Framework 4.6.1 (日本語) Microsoft Corporation 2016/05/28 2.93 MB 4.6.01055
Microsoft OneDrive Microsoft Corporation 2014/03/21 26.7 MB 17.0.4024.1220
Microsoft Silverlight Microsoft Corporation 2016/05/27 100 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/06/19 1.72 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014/03/21 300 KB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2014/03/21 594 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2014/03/21 598 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2014/03/21 13.7 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2014/03/21 12.1 MB 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 2016/05/28 20.5 MB 12.0.21005.1
Mozilla Firefox 46.0.1 (x86 ja) Mozilla 2016/05/27 91.5 MB 46.0.1
NVIDIA 3D Vision コントローラー ドライバー 335.21 NVIDIA Corporation 2014/03/21 335.21
NVIDIA 3D Vision ドライバー 335.23 NVIDIA Corporation 2014/03/21 335.23
NVIDIA GeForce Experience 2.11.3.5 NVIDIA Corporation 2016/05/28 2.11.3.5
NVIDIA HD オーディオ ドライバー 1.3.30.1 NVIDIA Corporation 2014/03/21 1.3.30.1
NVIDIA PhysX システム ソフトウェア 9.13.1220 NVIDIA Corporation 2014/03/21 9.13.1220
NVIDIA グラフィックス ドライバー 335.23 NVIDIA Corporation 2014/03/21 335.23
Realtek Ethernet Controller Driver Realtek 2013/06/19 7.48.823.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/06/19 6.0.1.6482
Saezuri UNKNOWN 2016/05/27 1.0.0
Skype(TM) 7.24 Skype Technologies S.A. 2016/05/27 78.7 MB 7.24.104
TeamSpeak 3 Client TeamSpeak Systems GmbH 2016/05/27 3.0.19
Windows Live Essentials Microsoft Corporation 2014/03/21 16.4.3522.0110
Windows Live Sync Microsoft Corporation 2013/06/19 2.76 MB 14.0.8089.726
カスペルスキー インターネット セキュリティ Kaspersky Lab 2016/05/29 16.0.0.614


●CC Windowsのログ

無効 HKCU:Run ApplicationManager C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
無効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
無効 HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
無効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
無効 HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
無効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
無効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"


●CC スケジュールされたタスクのログ

有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
有効 Task Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} AO Kaspersky Lab C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
有効 Task WpsUpdateTask_Owner Zhuhai Kingsoft Office Software Co.,Ltd C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task


●CC コンテキストメニューのログ

有効 Directory Kaspersky Anti-Virus 16.0.0 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll
有効 Directory SkyDriveEx Microsoft Corporation C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
有効 Drive Kaspersky Anti-Virus 16.0.0 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll
有効 File Kaspersky Anti-Virus 16.0.0 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll
有効 File SkyDriveEx Microsoft Corporation C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
有効 Folder Kaspersky Anti-Virus 16.0.0 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll
  • らすかる
  • 2016/05/29 (Sun) 11:38:40
返信フォームへ 
Javaは今後も使う予定ですか?
作業と報告、ご苦労様です。
続きのログを見せてもらいました。
指示した箇所はそれぞれ修正できているようですが、Java本体はまだ残ってますか。
>Java 8 Update 91 Oracle Corporation 2016/05/27 89.3 MB 8.0.910.15

これはご自身で必要として残したならそのままでもいいので、今後使うならこまめに更新をチェックしていってください。

では再度確認を兼ねてもう少し調べましょうか。
リカバリ後に油断して何か感染受けていないかを調べます。

先に使ったはずのOTLを再度準備して、それでまたスキャンしてください。
スキャンできたらその結果ログ全文をまた複数回に分けてレスで見せてください。
  • 悪代官
  • 2016/05/29 (Sun) 17:08:47
返信フォームへ 
Re: 広告やポップアップに悩まされています
ご返信ありがとうございます。

Javaは自分で残したものです。
こまめな更新のチェック、気を付けておきます。

OTLのログをスキャンしたので、以下に貼っておきます。
お忙しいところすいません。


●OTLのログ

OTL Extras logfile created on: 2016/05/30 17:29:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\,Download
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.96 Gb Total Physical Memory | 13.28 Gb Available Physical Memory | 83.22% Memory free
31.92 Gb Paging File | 29.52 Gb Available in Paging File | 92.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 46.07 Gb Free Space | 41.25% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1263.87 Gb Free Space | 67.84% Space Free | Partition Type: NTFS
Drive G: | 2794.52 Gb Total Space | 2579.98 Gb Free Space | 92.32% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36887CDE-BE34-4595-A0C6-5D2EB7217EC0}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{3BF8E9E9-4FB8-4AE2-ADD5-A1604F8FBFCC}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{4BD69DB2-B92E-45C3-AB8F-D0989E1AC223}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{5675DAB0-F49A-4F53-AD38-8E7EF5669CA0}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A5AB5840-FB2B-4858-92CA-DACA45B69FE8}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A9B05214-34CD-4102-B57A-A19B9EA6F9DF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A9D3610E-F0AE-48AD-B7BB-3D236E82711B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AFC2DEDC-2160-4D77-B7C5-A9C07A107269}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{C14497AB-67C6-4E1A-A470-3BAB8096073D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E00A0DC1-A3AB-47DD-A507-92D5417C2C6E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{F290A135-77B2-4074-98AC-CF5A3BB0162D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B8F9EB-816A-4453-91A7-C9725323A0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0C426104-3AB5-4FFD-A7CC-31C351102755}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe |
"{1852CB3A-E5E1-491F-A8AE-CCAE81062D78}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{2BF4FC57-65D0-4439-A0A5-4670E976E48B}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{43CDDDC6-8BD7-4AA2-94B2-3B8474366836}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4DFA4218-A6BE-4375-8661-D3A5B6956A6E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{87895AE1-721C-4C91-B518-8193D0131214}" = protocol=6 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{87C5EACD-45D2-4759-A232-F897010F9011}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{95F06628-BEAC-4587-B44E-60C48FAF9052}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{99BA2E0C-C4AC-4749-B6FD-14C22949D2D1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{ADA32B81-83F8-41D7-AD9B-4B1A94577CFC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe |
"{BB45442F-5C1B-427E-813B-C0CFA015B8C1}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{BBA94CCB-43B8-4FCF-ABF8-95D94737CEF0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{CD8B67C7-EE40-4C1D-BB9D-AF1638DDB33E}" = protocol=17 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{DCB313FE-96BD-416B-AD09-BC0C260DF293}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{EA36D9C3-30EE-4A18-894E-85D7C1D5B8C0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F0851497-D9CF-4B8A-BD75-D1DFE7AB57AD}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F5A25C36-F11C-4CE5-9074-25F61A7B539B}" = dir=in | app=c:\users\owner\appdata\local\microsoft\skydrive\skydrive.exe |
"{F6A3C270-40A1-44D5-B71C-57BBFA28FADE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041" = Microsoft .NET Framework 4.6.1 (日本語)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision ドライバー 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA コントロール パネル 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA グラフィックス ドライバー 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision コントローラー ドライバー 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX システム ソフトウェア 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD オーディオ ドライバー 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0E18DF2-9E19-3BC5-9D77-5ECB9AC1A346}" = Microsoft .NET Framework 4.6.1 (JPN)
"{D25743FE-FD3B-482A-8419-14F349D17308}" = Google 日本語入力
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update
"{26A24AE4-039D-4CA4-87B4-2F83218091F0}" = Java 8 Update 91
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2E037507-E75B-4AAE-A419-2AE25C87B6A2}" = Windows Live Writer Resources
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer
"{464847E7-6960-407E-A710-8AC3B1D448E3}" = フォト ギャラリー
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BEADFC8-669B-0C15-15C7-835F8C2CCFC2}" = Saezuri
"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform
"{5B345EEE-351C-4BA7-B16B-559E6A2CD78D}" = League of Legends
"{5D9A58F8-ADE0-431A-BB8D-AD248683C13E}" = Windows Live メール
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail
"{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}" = カスペルスキー インターネット セキュリティ
"{7B0AEAF4-3C01-4169-9036-45573CF767D6}" = Windows Live Essentials
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F5320EB-DC7C-46EF-9ACC-A58669001BDE}" = Photo Common
"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink Medi@Show 6
"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform
"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer
"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A59A15E8-2B9B-490D-916E-D608A9D0D295}" = Windows Live Writer
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform
"{AEDA8B17-9571-4839-9240-F93E41198E19}" = Windows Live Sync
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BB6B0C1F-B935-46CC-8BDF-C567D15A9DD9}" = Windows Live Messenger
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D508605F-300D-42A4-B288-FC1D2E29158D}" = Movie Maker
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5E83E00-1144-4821-B6B6-7A16C41EFC39}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FB514E-F90C-4CFC-B381-B2D98856FC0C}" = Windows Live UX Platform Language Pack
"{F3B6C28C-2DC7-4EA9-A573-645ACDA7AC36}" = Windows Live Writer
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype(TM) 7.24
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}" = カスペルスキー インターネット セキュリティ
"jp.playwell.Saezuri.58F200D7EEA7AA1DF3962E867638EFEED92471BE.1" = Saezuri
"Kingsoft Office" = Kingsoft Office 2013 (9.1.0.4256)
"League of Legends 3.0.1" = League of Legends
"Mozilla Firefox 46.0.1 (x86 ja)" = Mozilla Firefox 46.0.1 (x86 ja)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2016/05/26 8:37:30 | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 2016/05/26 8:37:30 | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 2016/05/26 8:37:30 | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 2016/05/26 8:37:30 | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 2016/05/26 8:37:30 | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 2016/05/26 8:37:30 | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 2016/05/26 8:39:16 | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/05/26 8:45:00 | Computer Name = Owner-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 2016/05/26 10:47:41 | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 2016/05/26 12:36:50 | Computer Name = Owner-PC | Source = SideBySide | ID = 16842811
Description = "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
のアクティブ化コンテキストの生成に失敗しました。マニフェストまたはポリシー ファイル "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll" 行 2 のエラーです。 無効な XML 構文です。

[ System Events ]
Error - 2014/03/20 22:35:25 | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = Superfetch サービスは、次のエラーで終了しました: %%1062

Error - 2014/03/20 22:50:20 | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = ネットワークの別のコンピューターが同じ名前を使用しているため、サーバーはトランスポート \Device\NetBT_Tcpip_{685E7831-4A25-4E59-98CC-518F857F5C43}
にバインドできませんでした。サーバーを起動できませんでした。

Error - 2014/03/20 22:50:20 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :0" は、IP アドレス 192.168.24.73 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.24.92 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2014/03/20 22:50:20 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :20" は、IP アドレス 192.168.24.73 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.24.92 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2014/03/20 23:33:14 | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = ネットワークの別のコンピューターが同じ名前を使用しているため、サーバーはトランスポート \Device\NetBT_Tcpip_{685E7831-4A25-4E59-98CC-518F857F5C43}
にバインドできませんでした。サーバーを起動できませんでした。

Error - 2014/03/20 23:33:14 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :20" は、IP アドレス 192.168.24.73 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.24.92 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2014/03/20 23:33:14 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :0" は、IP アドレス 192.168.24.73 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.24.92 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2014/03/20 23:52:49 | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = ネットワークの別のコンピューターが同じ名前を使用しているため、サーバーはトランスポート \Device\NetBT_Tcpip_{685E7831-4A25-4E59-98CC-518F857F5C43}
にバインドできませんでした。サーバーを起動できませんでした。

Error - 2014/03/20 23:52:49 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :0" は、IP アドレス 192.168.24.73 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.24.92 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。

Error - 2014/03/20 23:52:49 | Computer Name = Owner-PC | Source = NetBT | ID = 4321
Description = 名前 "OWNER-PC :20" は、IP アドレス 192.168.24.73 のインターフェイスに登録できませんでした。
IP
アドレス 192.168.24.92 のコンピューターは、その名前がこのコンピューターに付くことを 許可しませんでした。


< End of report >
  • らすかる
  • 2016/05/31 (Tue) 00:18:27
返信フォームへ 
Re: 広告やポップアップに悩まされています
すいません、前レスのログがExtrasの方のものでした。
以下にはOTLのログを貼っておきます。


●OTLのログ

OTL logfile created on: 2016/05/30 17:29:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\,Download
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

15.96 Gb Total Physical Memory | 13.28 Gb Available Physical Memory | 83.22% Memory free
31.92 Gb Paging File | 29.52 Gb Available in Paging File | 92.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 46.07 Gb Free Space | 41.25% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1263.87 Gb Free Space | 67.84% Space Free | Partition Type: NTFS
Drive G: | 2794.52 Gb Total Space | 2579.98 Gb Free Space | 92.32% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/05/30 17:28:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\,Download\OTL.exe
PRC - [2016/05/29 23:39:17 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016/05/27 00:15:46 | 000,835,512 | ---- | M] (NVIDIA Corporation) -- C:\Users\Owner\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
PRC - [2016/05/02 15:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/05/02 14:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/12/30 11:00:44 | 055,175,056 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
PRC - [2015/12/30 11:00:42 | 001,378,192 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
PRC - [2015/12/30 11:00:42 | 000,840,080 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
PRC - [2015/12/16 11:56:32 | 000,211,712 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
PRC - [2015/12/16 11:56:32 | 000,194,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
PRC - [2015/11/05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2014/03/04 20:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/27 02:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/20 17:35:24 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/01/20 17:35:22 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/01/20 17:35:18 | 000,128,280 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/01/20 17:35:08 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2016/05/02 15:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2016/05/02 14:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:[b]64bit:[/b] - [2016/05/02 14:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2016/05/02 14:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:[b]64bit:[/b] - [2016/04/23 13:47:35 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2015/07/23 09:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/01/10 21:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/05/27 18:53:26 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/05/02 14:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016/04/30 09:10:40 | 000,835,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016/03/23 19:08:24 | 000,327,808 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/12/30 11:00:42 | 000,840,080 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe -- (GoogleIMEJaCacheService)
SRV - [2015/12/16 11:56:32 | 000,194,000 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe -- (AVP16.0.0)
SRV - [2015/11/05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2015/07/09 00:02:50 | 000,144,640 | ---- | M] (AO Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe -- (vssbrigde64)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/04 20:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/05/09 16:03:26 | 000,242,664 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012/01/20 17:35:24 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 17:35:22 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/01/20 17:35:18 | 000,128,280 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/01/20 17:35:08 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2016/05/29 11:23:05 | 000,943,536 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2016/05/29 11:23:05 | 000,049,240 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2016/05/29 11:23:04 | 000,077,728 | ---- | M] (AO Kaspersky Lab) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk)
DRV:[b]64bit:[/b] - [2016/05/29 11:14:00 | 000,237,480 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:[b]64bit:[/b] - [2016/05/02 14:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:[b]64bit:[/b] - [2016/04/14 14:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2015/12/16 11:56:28 | 000,041,352 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:[b]64bit:[/b] - [2015/12/16 11:56:24 | 000,181,640 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:[b]64bit:[/b] - [2015/07/06 00:10:20 | 000,389,816 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km.sys -- (cm_km)
DRV:[b]64bit:[/b] - [2015/06/27 01:30:00 | 000,070,000 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klbackupflt.sys -- (klbackupflt)
DRV:[b]64bit:[/b] - [2015/06/23 18:30:50 | 000,187,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:[b]64bit:[/b] - [2015/06/22 20:40:04 | 000,478,392 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:[b]64bit:[/b] - [2015/06/16 21:56:32 | 000,103,096 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp)
DRV:[b]64bit:[/b] - [2015/06/11 15:56:56 | 000,065,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:[b]64bit:[/b] - [2015/06/07 01:50:04 | 000,041,648 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2015/06/06 08:48:24 | 000,053,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbackupdisk.sys -- (klbackupdisk)
DRV:[b]64bit:[/b] - [2015/06/06 08:31:42 | 000,041,144 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:[b]64bit:[/b] - [2013/11/28 22:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2013/10/02 11:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 23:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/01/27 02:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2012/01/27 02:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012/01/27 02:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2011/08/23 22:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://applied.starthome.jp
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.jp/
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\SearchScopes\{C0FF055D-678C-4F1B-AC0C-A3433BE31106}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016/05/29 11:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 46.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2016/05/27 18:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2016/05/27 20:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\ko5jabam.default\extensions
[2016/05/27 20:46:48 | 001,036,367 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ko5jabam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/05/28 22:56:52 | 000,006,303 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ko5jabam.default\features\{a0b92426-efdc-40ff-bdca-36a0499fdc39}\e10srollout@mozilla.org.xpi
[2016/05/28 22:56:53 | 000,686,304 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ko5jabam.default\features\{a0b92426-efdc-40ff-bdca-36a0499fdc39}\firefox@getpocket.com.xpi
[2016/05/28 22:56:56 | 002,043,369 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ko5jabam.default\features\{a0b92426-efdc-40ff-bdca-36a0499fdc39}\loop@mozilla.org.xpi
[2016/05/27 18:26:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Kaspersky Protection plugin) - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O2 - BHO: (Kaspersky Protection plugin) - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Kaspersky Protection toolbar) - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Kaspersky Protection toolbar) - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll (AO Kaspersky Lab)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Google Japanese Input Prelauncher] C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe (Google Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 220.152.39.11 220.152.39.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{685E7831-4A25-4E59-98CC-518F857F5C43}: DhcpNameServer = 220.152.39.11 220.152.39.12
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/06 19:24:38 | 000,000,031 | RH-- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/05/30 01:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2016/05/29 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2016/05/29 23:32:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2016/05/29 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\.mono
[2016/05/29 15:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2016/05/29 11:08:58 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2016/05/29 11:05:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Geek Uninstaller
[2016/05/29 11:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\カスペルスキー インターネット セキュリティ
[2016/05/29 11:04:01 | 000,943,536 | ---- | C] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2016/05/29 11:04:01 | 000,181,640 | ---- | C] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2016/05/28 22:53:51 | 001,756,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016/05/28 22:53:51 | 001,316,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016/05/28 22:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2016/05/28 22:53:13 | 000,102,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2016/05/28 22:53:13 | 000,056,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2016/05/28 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\League of Legends
[2016/05/28 08:23:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\GWX
[2016/05/27 22:58:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\LolClient
[2016/05/27 21:27:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2016/05/27 21:27:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2016/05/27 21:27:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2016/05/27 21:27:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2016/05/27 21:27:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2016/05/27 21:27:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2016/05/27 21:27:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2016/05/27 21:27:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2016/05/27 21:27:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2016/05/27 21:27:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2016/05/27 21:24:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\jp.playwell.Saezuri
[2016/05/27 21:24:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\jp.playwell.Saezuri.58F200D7EEA7AA1DF3962E867638EFEED92471BE.1
[2016/05/27 21:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Saezuri
[2016/05/27 21:20:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TS3Client
[2016/05/27 21:20:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Overwolf
[2016/05/27 21:20:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\TeamSpeak 3 Client
[2016/05/27 19:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2016/05/27 19:24:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2016/05/27 19:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2016/05/27 19:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2016/05/27 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2016/05/27 19:14:37 | 000,000,000 | ---D | C] -- C:\Riot Games
[2016/05/27 19:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2016/05/27 19:14:22 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2016/05/27 19:14:22 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2016/05/27 19:14:22 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2016/05/27 19:13:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Riot Games
[2016/05/27 18:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016/05/27 18:42:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Sun
[2016/05/27 18:42:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\.oracle_jre_usage
[2016/05/27 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Games
[2016/05/27 18:41:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CEF
[2016/05/27 18:41:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Steam
[2016/05/27 18:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2016/05/27 18:26:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2016/05/27 18:26:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2016/05/27 18:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/05/27 18:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ROCCAT
[2016/05/27 18:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
[2016/05/27 18:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXELA
[2016/05/27 18:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2016/05/27 18:09:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Blizzard
[2016/05/27 18:06:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA
[2016/05/27 18:06:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Blizzard Entertainment
[2016/05/27 18:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2016/05/27 18:06:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Battle.net
[2016/05/27 18:06:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Battle.net
[2016/05/27 18:03:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Tracing
[2016/05/27 17:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2016/05/27 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/05/27 17:45:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Diagnostics
[2016/05/27 17:42:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Skype
[2016/05/27 17:42:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Skype
[2016/05/27 17:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2016/05/27 17:30:25 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icaapi.dll
[2016/05/27 17:30:20 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2016/05/27 17:30:20 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2016/05/27 17:30:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2016/05/27 17:30:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2016/05/27 17:30:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2016/05/27 17:30:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2016/05/27 17:30:20 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2016/05/27 17:30:20 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2016/05/27 17:30:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/05/27 17:30:17 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016/05/27 17:30:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/05/27 17:30:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016/05/27 17:30:17 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016/05/27 17:30:17 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016/05/27 17:30:17 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/05/27 17:30:17 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2016/05/27 17:30:17 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/05/27 17:30:17 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016/05/27 17:30:17 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2016/05/27 17:30:17 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016/05/27 17:30:17 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016/05/27 17:30:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/05/27 17:30:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016/05/27 17:30:17 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/05/27 17:30:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016/05/27 17:30:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016/05/27 17:30:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016/05/27 17:30:15 | 003,231,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2016/05/27 17:30:15 | 002,973,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2016/05/27 17:30:15 | 001,867,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2016/05/27 17:30:15 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2016/05/27 17:29:26 | 003,243,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2016/05/27 17:29:26 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2016/05/27 17:29:26 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2016/05/27 17:29:26 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2016/05/27 17:29:26 | 000,114,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2016/05/27 17:29:25 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2016/05/27 17:29:25 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2016/05/27 17:29:25 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2016/05/27 17:29:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2016/05/27 17:29:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2016/05/27 03:55:47 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2016/05/27 03:55:47 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2016/05/27 03:55:47 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2016/05/27 03:55:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2016/05/27 03:33:10 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2016/05/27 03:33:10 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2016/05/27 03:01:07 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2016/05/27 03:01:07 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2016/05/27 03:01:07 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2016/05/27 03:01:07 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2016/05/27 03:01:07 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2016/05/27 03:01:07 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2016/05/27 03:01:05 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2016/05/27 03:01:05 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2016/05/27 03:00:39 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2016/05/27 03:00:39 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2016/05/27 02:57:13 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2016/05/27 02:57:13 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2016/05/27 02:57:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2016/05/27 02:57:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2016/05/27 02:57:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2016/05/27 02:56:56 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cewmdm.dll
[2016/05/27 02:56:56 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cewmdm.dll
[2016/05/27 02:56:39 | 007,077,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2016/05/27 02:56:39 | 006,131,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2016/05/27 02:56:39 | 001,057,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2016/05/27 02:56:39 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2016/05/27 02:56:39 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2016/05/27 02:56:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2016/05/27 02:56:39 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2016/05/27 02:55:54 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2016/05/27 02:55:38 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2016/05/27 02:55:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll
[2016/05/27 02:55:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll
[2016/05/27 02:54:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2016/05/27 02:54:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2016/05/27 02:53:46 | 002,084,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2016/05/27 02:53:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2016/05/27 02:52:35 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe
[2016/05/27 02:52:35 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2016/05/27 02:52:35 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2016/05/27 02:52:35 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2016/05/27 02:52:35 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2016/05/27 02:52:35 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe
[2016/05/27 02:52:35 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2016/05/27 02:52:35 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe
[2016/05/27 02:52:35 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2016/05/27 02:52:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe
[2016/05/27 02:52:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe
[2016/05/27 02:51:28 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2016/05/27 02:50:55 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2016/05/27 02:50:55 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2016/05/27 02:50:55 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2016/05/27 02:50:55 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2016/05/27 02:50:55 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2016/05/27 02:50:55 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2016/05/27 02:50:55 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/05/27 02:50:55 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2016/05/27 02:50:55 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2016/05/27 02:50:55 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2016/05/27 02:50:55 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2016/05/27 02:50:55 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2016/05/27 02:50:55 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2016/05/27 02:50:55 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2016/05/27 02:50:55 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2016/05/27 02:50:55 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2016/05/27 02:50:55 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2016/05/27 02:50:55 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2016/05/27 02:50:55 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2016/05/27 02:50:55 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2016/05/27 02:50:55 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/05/27 02:50:55 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2016/05/27 02:50:55 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2016/05/27 02:50:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2016/05/27 02:50:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2016/05/27 02:50:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2016/05/27 02:50:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2016/05/27 02:50:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2016/05/27 02:50:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2016/05/27 02:50:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2016/05/27 02:50:55 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2016/05/27 02:50:36 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2016/05/27 02:50:36 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2016/05/27 02:50:23 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2016/05/27 02:50:23 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2016/05/27 02:50:23 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2016/05/27 02:50:23 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2016/05/27 02:50:22 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2016/05/27 02:50:22 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2016/05/27 02:50:22 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2016/05/27 02:50:22 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2016/05/27 02:50:22 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2016/05/27 02:50:22 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2016/05/27 02:50:21 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2016/05/27 02:50:21 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2016/05/27 02:50:21 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2016/05/27 02:50:21 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2016/05/27 02:50:21 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2016/05/27 02:50:21 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2016/05/27 02:50:21 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2016/05/27 02:50:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2016/05/27 02:50:21 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2016/05/27 02:50:21 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2016/05/27 02:50:21 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2016/05/27 02:50:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2016/05/27 02:50:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe
[2016/05/27 02:50:21 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2016/05/27 02:50:20 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2016/05/27 02:49:07 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2016/05/27 02:49:07 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2016/05/27 02:49:07 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2016/05/27 02:49:07 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2016/05/27 02:49:07 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2016/05/27 02:49:07 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2016/05/27 02:48:50 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2016/05/27 02:48:50 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2016/05/27 02:48:50 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmapi.dll
[2016/05/27 02:48:33 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2016/05/27 02:46:57 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basesrv.dll
[2016/05/27 02:46:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2016/05/27 02:45:53 | 003,169,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016/05/27 02:45:53 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016/05/27 02:45:53 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016/05/27 02:45:53 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016/05/27 02:45:53 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016/05/27 02:45:53 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016/05/27 02:45:53 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016/05/27 02:45:53 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016/05/27 02:45:53 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2016/05/27 02:45:53 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2016/05/27 02:45:53 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016/05/27 02:45:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2016/05/27 02:45:53 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016/05/27 02:45:53 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2016/05/27 02:45:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2016/05/27 02:44:34 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2016/05/27 02:44:34 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2016/05/27 02:44:17 | 000,264,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2016/05/27 02:44:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2016/05/27 02:43:40 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2016/05/27 02:43:40 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2016/05/27 02:43:05 | 002,543,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2016/05/27 02:42:48 | 000,451,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2016/05/27 02:42:48 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2016/05/27 02:42:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tbs.dll
[2016/05/27 02:42:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tbs.dll
[2016/05/27 02:42:31 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2016/05/27 02:42:30 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2016/05/27 02:42:10 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2016/05/27 02:41:02 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2016/05/27 02:40:29 | 000,862,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2016/05/27 02:40:12 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2016/05/27 02:40:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2016/05/27 02:40:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2016/05/27 02:39:56 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2016/05/27 02:39:56 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2016/05/27 02:39:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2016/05/27 02:39:38 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2016/05/27 02:39:38 | 000,698,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/05/27 02:39:37 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/05/27 02:39:37 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/05/27 02:39:37 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/05/27 02:39:37 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/05/27 02:39:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2016/05/27 02:39:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016/05/27 02:39:37 | 000,038,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2016/05/27 02:39:06 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2016/05/27 02:39:06 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2016/05/27 02:39:06 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2016/05/27 02:39:06 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2016/05/27 02:38:49 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2016/05/27 02:38:49 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2016/05/27 02:38:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2016/05/27 02:38:16 | 003,180,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2016/05/2
  • らすかる
  • 2016/05/31 (Tue) 00:22:54
返信フォームへ 
Re: 広告やポップアップに悩まされています
ログの続きです。

[2016/05/27 02:38:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2016/05/27 02:37:39 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2016/05/27 02:37:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2016/05/27 02:37:20 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2016/05/27 02:37:20 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2016/05/27 02:37:20 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2016/05/27 02:37:20 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2016/05/27 02:37:20 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2016/05/27 02:37:20 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2016/05/27 02:37:20 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2016/05/27 02:37:20 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2016/05/27 02:37:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2016/05/27 02:37:20 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2016/05/27 02:37:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2016/05/27 02:37:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2016/05/27 02:37:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2016/05/27 02:37:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2016/05/27 02:36:55 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2016/05/27 02:36:33 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2016/05/27 02:36:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2016/05/27 02:36:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2016/05/27 02:36:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2016/05/27 02:36:12 | 000,372,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016/05/27 02:36:12 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/05/27 02:36:12 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016/05/27 02:36:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016/05/27 02:36:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016/05/27 02:36:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016/05/27 02:36:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016/05/27 02:36:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016/05/27 02:35:58 | 001,390,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2016/05/27 02:35:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll
[2016/05/27 02:35:57 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2016/05/27 02:35:57 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2016/05/27 02:35:26 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2016/05/27 02:35:10 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2016/05/27 02:35:10 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2016/05/27 02:34:35 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2016/05/27 02:34:35 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2016/05/27 02:34:18 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2016/05/27 02:33:45 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2016/05/27 02:33:26 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2016/05/27 02:33:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2016/05/27 02:32:51 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2016/05/27 02:32:51 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2016/05/27 02:32:50 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2016/05/27 02:32:50 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2016/05/27 02:32:50 | 001,955,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2016/05/27 02:32:50 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2016/05/27 02:32:50 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2016/05/27 02:32:50 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2016/05/27 02:32:50 | 001,573,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2016/05/27 02:32:50 | 001,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2016/05/27 02:32:50 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2016/05/27 02:32:50 | 001,307,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2016/05/27 02:32:50 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2016/05/27 02:32:50 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2016/05/27 02:32:50 | 001,153,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2016/05/27 02:32:50 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2016/05/27 02:32:50 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2016/05/27 02:32:50 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2016/05/27 02:32:50 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2016/05/27 02:32:50 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2016/05/27 02:32:50 | 000,829,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2016/05/27 02:32:50 | 000,815,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2016/05/27 02:32:50 | 000,740,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2016/05/27 02:32:50 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2016/05/27 02:32:50 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2016/05/27 02:32:50 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2016/05/27 02:32:50 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2016/05/27 02:32:50 | 000,632,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2016/05/27 02:32:50 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2016/05/27 02:32:50 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2016/05/27 02:32:50 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2016/05/27 02:32:50 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2016/05/27 02:32:50 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2016/05/27 02:32:50 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2016/05/27 02:32:50 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2016/05/27 02:32:50 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2016/05/27 02:32:49 | 001,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2016/05/27 02:32:49 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2016/05/27 02:32:49 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2016/05/27 02:32:49 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2016/05/27 02:32:49 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2016/05/27 02:32:49 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2016/05/27 02:32:49 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2016/05/27 02:32:49 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2016/05/27 02:32:49 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2016/05/27 02:32:49 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2016/05/27 02:32:49 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2016/05/27 02:32:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2016/05/27 02:32:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2016/05/27 02:32:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2016/05/27 02:32:49 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2016/05/27 02:32:49 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2016/05/27 02:32:49 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2016/05/27 02:32:49 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2016/05/27 02:32:49 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2016/05/27 02:32:49 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2016/05/27 02:32:49 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2016/05/27 02:32:49 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2016/05/27 02:32:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2016/05/27 02:32:49 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2016/05/27 02:32:49 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2016/05/27 02:32:49 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2016/05/27 02:32:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2016/05/27 02:32:49 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2016/05/27 02:32:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2016/05/27 02:32:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2016/05/27 02:32:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2016/05/27 02:32:49 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2016/05/27 02:32:49 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2016/05/27 02:32:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2016/05/27 02:32:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksuser.dll
[2016/05/27 02:32:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2016/05/27 02:32:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2016/05/27 02:32:06 | 000,069,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2016/05/27 02:31:13 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2016/05/27 02:31:13 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2016/05/27 02:31:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2016/05/27 02:31:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2016/05/27 02:30:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2016/05/27 02:30:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2016/05/27 02:30:07 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2016/05/27 02:30:07 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2016/05/27 02:29:50 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2016/05/27 02:29:34 | 001,067,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2016/05/27 02:29:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2016/05/27 02:29:17 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2016/05/27 02:29:03 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2016/05/27 02:29:03 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2016/05/27 02:29:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2016/05/27 02:29:03 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2016/05/27 02:28:31 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2016/05/27 02:28:31 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2016/05/27 02:28:31 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2016/05/27 02:28:31 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2016/05/27 02:28:31 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2016/05/27 02:28:31 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2016/05/27 02:28:31 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2016/05/27 02:28:31 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2016/05/27 02:28:14 | 014,634,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2016/05/27 02:28:14 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2016/05/27 02:28:14 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2016/05/27 02:28:14 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2016/05/27 02:28:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2016/05/27 02:28:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2016/05/27 02:28:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2016/05/27 02:28:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2016/05/27 02:28:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2016/05/27 02:28:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2016/05/27 02:26:44 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2016/05/27 02:26:11 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2016/05/27 02:26:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2016/05/27 02:25:55 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2016/05/27 02:25:55 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2016/05/27 02:25:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2016/05/27 02:25:08 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2016/05/27 02:25:08 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2016/05/27 02:24:51 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2016/05/27 02:24:51 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2016/05/27 02:24:35 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2016/05/27 02:24:35 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2016/05/27 02:24:24 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016/05/27 02:24:24 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/05/27 02:24:24 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016/05/27 02:24:24 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016/05/27 02:24:24 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/05/27 02:24:24 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016/05/27 02:24:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/05/27 02:24:24 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/05/27 02:24:24 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/05/27 02:24:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016/05/27 02:24:24 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/05/27 02:24:24 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016/05/27 02:24:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/05/27 02:24:23 | 002,056,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/05/27 02:24:23 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016/05/27 02:24:23 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/05/27 02:24:23 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/05/27 02:24:23 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/05/27 02:24:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016/05/27 02:24:23 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/05/27 02:24:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016/05/27 02:24:22 | 002,131,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/05/27 02:24:22 | 000,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/05/27 02:24:22 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/05/27 02:24:22 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/05/27 02:24:22 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016/05/27 02:24:22 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016/05/27 02:24:21 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/05/27 02:24:21 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016/05/27 02:24:21 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/05/27 02:24:21 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016/05/27 02:24:21 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/05/27 02:24:21 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/05/27 02:24:21 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/05/27 02:24:20 | 006,052,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/05/27 02:24:20 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016/05/27 02:24:20 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/05/27 02:24:20 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016/05/27 02:24:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016/05/27 02:24:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016/05/27 02:24:20 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/05/27 02:24:20 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016/05/27 02:24:19 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016/05/27 02:21:19 | 005,546,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/05/27 02:21:19 | 003,998,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/05/27 02:21:19 | 003,943,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/05/27 02:21:19 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/05/27 02:21:19 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/05/27 02:21:19 | 000,706,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2016/05/27 02:21:19 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2016/05/27 02:21:19 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2016/05/27 02:21:19 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/05/27 02:21:18 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016/05/27 02:21:18 | 000,634,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2016/05/27 02:21:18 | 000,546,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2016/05/27 02:21:18 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016/05/27 02:21:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016/05/27 02:21:18 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016/05/27 02:21:18 | 000,298,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2016/05/27 02:21:18 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016/05/27 02:21:18 | 000,251,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2016/05/27 02:21:18 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016/05/27 02:21:18 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016/05/27 02:21:18 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2016/05/27 02:21:18 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016/05/27 02:21:18 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2016/05/27 02:21:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2016/05/27 02:21:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2016/05/27 02:21:18 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016/05/27 02:21:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016/05/27 02:21:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/05/27 02:21:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2016/05/27 02:21:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016/05/27 02:21:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/05/27 02:21:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016/05/27 02:21:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/05/27 02:21:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/05/27 02:21:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016/05/27 02:21:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/05/27 02:21:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016/05/27 02:21:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/05/27 02:21:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016/05/27 02:21:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/05/27 02:21:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/05/27 02:21:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/05/27 02:21:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016/05/27 02:21:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/05/27 02:20:35 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfsw32.dll
[2016/05/27 02:20:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll
[2016/05/27 02:19:20 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2016/05/27 02:19:00 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2016/05/27 02:19:00 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2016/05/26 22:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/05/30 17:26:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Owner.job
[2016/05/30 17:25:55 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/05/30 17:25:53 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2016/05/30 17:25:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/05/30 17:25:48 | 4264,603,646 | -HS- | M] () -- C:\hiberfil.sys
[2016/05/30 00:44:00 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/05/30 00:12:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/29 22:07:16 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/05/29 22:07:16 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/05/29 15:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2016/05/29 11:23:05 | 000,943,536 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2016/05/29 11:23:05 | 000,049,240 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klim6.sys
[2016/05/29 11:23:04 | 000,077,728 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\kldisk.sys
[2016/05/29 11:18:53 | 001,313,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/05/29 11:18:53 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/05/29 11:18:53 | 000,411,162 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2016/05/29 11:18:53 | 000,122,208 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2016/05/29 11:18:53 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/05/29 11:14:00 | 000,237,480 | ---- | M] (AO Kaspersky Lab) -- C:\Windows\SysNative\drivers\klhk.sys
[2016/05/29 11:13:06 | 000,002,372 | ---- | M] () -- C:\Users\Owner\Desktop\ネット決済保護.lnk
[2016/05/29 11:04:21 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\カスペルスキー インターネット セキュリティ.lnk
[2016/05/28 03:02:46 | 001,292,014 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/05/27 21:24:46 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Saezuri.lnk
[2016/05/27 21:20:55 | 000,001,173 | ---- | M] () -- C:\Users\Owner\Desktop\TeamSpeak 3 Client.lnk
[2016/05/27 19:23:56 | 000,278,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/05/27 18:53:26 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/05/27 18:53:26 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/05/27 18:42:30 | 000,267,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2016/05/27 18:42:30 | 000,097,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2016/05/02 14:39:01 | 001,377,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2016/05/02 14:39:01 | 001,316,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2016/05/02 14:38:42 | 001,767,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2016/05/02 14:38:42 | 001,756,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2016/05/02 14:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/05/29 23:32:50 | 000,000,690 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/05/29 23:32:50 | 000,000,686 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/05/29 11:13:06 | 000,002,372 | ---- | C] () -- C:\Users\Owner\Desktop\ネット決済保護.lnk
[2016/05/29 11:04:38 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\カスペルスキー インターネット セキュリティ.lnk
[2016/05/28 22:53:51 | 000,112,032 | ---- | C] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[2016/05/27 21:24:46 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saezuri.lnk
[2016/05/27 21:24:46 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Saezuri.lnk
[2016/05/27 21:20:55 | 000,001,173 | ---- | C] () -- C:\Users\Owner\Desktop\TeamSpeak 3 Client.lnk
[2016/05/27 21:20:55 | 000,001,131 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
[2016/05/27 02:24:24 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2016/05/27 02:24:23 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2016/05/26 21:37:19 | 4264,603,646 | -HS- | C] () -- C:\hiberfil.sys

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/04/09 15:58:02 | 014,186,496 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/04/09 15:54:53 | 012,881,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2013/06/19 16:33:18 | 000,000,000 | -H-D | M] -- C:\Applied
[2016/05/29 15:18:48 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2014/03/21 13:00:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/06/19 15:44:11 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2014/03/21 12:59:02 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\BDNAV
[2016/05/27 18:22:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2016/05/27 18:22:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\CyberLink BD Advisor\2.0
[2014/03/21 12:56:32 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\MediaShow\6.0
[2014/03/21 13:00:47 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\PowerStarter\10.0
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2011/04/12 17:00:57 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2013/06/19 16:35:15 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2014/03/21 12:59:02 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\BDNAV
[2016/05/27 18:22:18 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2016/05/27 18:22:18 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\CyberLink BD Advisor\2.0
[2014/03/21 12:56:32 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\MediaShow\6.0
[2014/03/21 13:00:47 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\PowerStarter\10.0
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2011/04/12 17:00:57 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2009/07/14 12:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2014/03/21 09:43:51 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData
[2014/03/21 09:44:03 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2014/03/21 10:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2014/03/21 13:28:58 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2014/03/21 09:44:07 | 000,000,000 | RH-D | M] -- C:\Users\Owner\AppData\Local\Microsoft\Windows\Burn\Burn
[2014/03/21 12:56:29 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\CyberLink\MediaCache
[2014/03/21 09:44:07 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2016/05/29 11:04:38 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 11:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/07/14 13:54:24 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2014/03/21 13:45:55 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2009/07/14 13:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2014/03/21 11:17:09 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2016/05/30 00:12:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/05/30 17:25:55 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/05/30 00:44:00 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/05/30 17:25:53 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2016/05/29 15:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2016/05/30 17:26:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Owner.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST2000DM001-1CH164 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SuperSSpeed S306 120GB ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: BUFFALO External HDD USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic STORAGE DEVICE USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 112.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2,795.00GB
Starting Offset: 524288
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/10/30 02:50:29 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2016/04/15 01:42:29 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2016/04/12 09:42:20 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2015/04/28 04:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2015/04/28 04:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2016/02/03 03:57:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2012/02/11 15:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2016/04/12 09:42:20 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2016/02/03 03:57:35 | 000,511,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2016/02/09 18:55:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2016/04/12 09:42:20 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/06 02:56:14 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2016/04/15 00:19:07 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2016/04/15 00:11:09 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2016/02/13 03:22:06 | 002,610,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >
  • らすかる
  • 2016/05/31 (Tue) 00:25:03
返信フォームへ 
リカバリ後でもネットバンキングしていますか?
今夜もレスが遅くなってすみません。
でも人生は手遅れなのでこれが芸風と思っておいてください(謎

>Javaは自分で残したものです。
>こまめな更新のチェック、気を付けておきます。

はい、ではそこはいいです。
OTLのスキャンログも見せてもらいました。

ここでひとつ確認ですが、リカバリ前とリカバリ後それぞれで、該当PCでネットバンキングしたことがありますか?
OTLスキャンでカスペルスキーのネット決済保護機能のエントリが見えてるので。

リカバリしているのでその点はかなり危険度は少なくなっていますが、もしバンキングしていたことがあればその点は特に慎重な対処が必要です。
とりあえずリカバリ前のPCで入力したことのある各種パスワードは全部変更したかとは思いますが、まだ変更してないならできるだけ早く変更推奨です。
そしてバンキング使用の有無についてのお返事をレスください
  • 悪代官
  • 2016/05/31 (Tue) 19:36:15
返信フォームへ 
Re: 広告やポップアップに悩まされています
ご返信ありがとうございます。

リカバリ前では、PCゲームの購入などはやっていましたが、電子マネーなどを利用していたので銀行口座の番号やクレジットカードの番号を入力したことなどはありません。
銀行口座やクレジットーカードの情報などにアクセスしたこともないです。
リカバリ後は購入手続きなどはやっていません。
パスワードも一通り変更はしています。

カスペルスキーのネット決済保護なのですが、リカバリが終了した後にカスペルスキー本体とカスペルスキーのネット決済保護ページのショートカットが作られていまして、それでショートカットをクリックしたことがあります。

ネットバンキングなどの意味があやふやでしてお返事になっていなかったらすいません。
  • らすかる
  • 2016/05/31 (Tue) 22:05:02
返信フォームへ 
ではOTLで掃除にかかります
またレスが遅くなってすみません。
さっきまで風呂に入ってました(うちの風呂には由○かおるはいません

説明を見せていただきました。
該当PCではネットバンキング等は行ってないとのことですね。
それなら何とか危険も少なくなるでしょう。

では本題の作業の続きに入ります。
先のOTLスキャンで少しゴミが見つかってるのでそれをOTLから掃除しましょうか。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE - HKU\S-1-5-21-3789204616-4169482505-2587553410-1002\..\SearchScopes\{C0FF055D-678C-4F1B-AC0C-A3433BE31106}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
  • 悪代官
  • 2016/06/01 (Wed) 20:51:35
返信フォームへ 
Re: 広告やポップアップに悩まされています
すいません、レスが遅れました。

OTLでの処置が終了しました。

最近はアドウェアらしき異常も無いです。

以下に今回の作業で保存したログを貼っておきます。
今回もよろしくお願いします。


●OTLのログ

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3789204616-4169482505-2587553410-1002\Software\Microsoft\Internet Explorer\SearchScopes\{C0FF055D-678C-4F1B-AC0C-A3433BE31106}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0FF055D-678C-4F1B-AC0C-A3433BE31106}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 306293508 bytes
->Temporary Internet Files folder emptied: 84033084 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 377893763 bytes
->Flash cache emptied: 42136 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138286506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 262 bytes
RecycleBin emptied: 3366619 bytes

Total Files Cleaned = 868.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 06042016_172146

Files\Folders moved on Reboot...
File move failed. C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • らすかる
  • 2016/06/04 (Sat) 18:05:33
返信フォームへ 
あとは様子見の結果待ちですね
作業と報告、ご苦労様です。

>最近はアドウェアらしき異常も無いです。

異常は治まっているようで何よりです。
ログを見せてもらいましたが、対象の箇所も掃除できているようですね。

ではOTLは導入時の説明に沿って片付けていいです。

異常も治まっているなら、ここからは様子見をお願いします。
普通にPCを使いながらでいいので1週間様子見です。

そして1週間後にHJTのログと、CCでインストール情報ログと各タブのログを取り直して、それらを様子見中の状態報告とともにレスください。

この時点のログと状態で異常が完全に消えていればいいですが、何か異常再発でも出たら1週間待たずにいいのでそこでレスください。

何事もなく無事様子見が終わるよう深夜に五寸釘打ちながら祈ってます(違
  • 悪代官
  • 2016/06/04 (Sat) 21:22:56
返信フォームへ 
Re: 広告やポップアップに悩まされています
ご返信有り難うございます。返信が遅くなってすいません。

一週間様子見をしていましたが、特に異常は見られませんでした。

以下にログを貼っておきます、よろしくお願いします。


●HJTのログ
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:11:19, on 2016/06/13
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
D:\,Download\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Microsoft アカウント サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [LINE] "D:\LINE\LINE.exe" --booting
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: CyberLink Product - 2014/03/21 12:59:01 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe,-100 (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9023 bytes


●CC インストール情報
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 2016/05/26 18.5 MB 21.0.0.242
Adobe Flash Player 21 NPAPI Adobe Systems Incorporated 2016/05/27 19.0 MB 21.0.0.242
CCleaner Piriform 2016/05/27 5.18
CyberLink BD_3D Advisor 2.0 CyberLink Corp. 2014/03/21 2.0.5425
CyberLink Media Suite 10 CyberLink Corp. 2014/03/21 904 MB 10.0
CyberLink PowerProducer 5.5 CyberLink Corp. 2014/03/21 168 MB 5.5.3.4118
Google 日本語入力 Google Inc. 2016/05/29 86.9 MB 2.17.2400.0
Gyazo 3.2.2 Nota Inc. 2016/06/07 27.6 MB
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 2013/06/19 54.8 MB 1.0.0.35342
Intel(R) Management Engine Components Intel Corporation 2012/01/20 8.0.1.1399
Intel(R) OpenCL CPU Runtime Intel Corporation 2013/06/19
Intel(R) Processor Graphics Intel Corporation 2013/06/19 9.17.10.2932
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2012/01/27 1.0.3.214
Intel® Trusted Connect Service Client Intel Corporation 2013/06/19 10.6 MB 1.23.219.2
Java 8 Update 91 Oracle Corporation 2016/05/27 89.3 MB 8.0.910.15
Kingsoft Office 2013 (9.1.0.4256) Kingsoft Corp. 2014/03/21 9.1.0.4256
League of Legends Riot Games 2016/05/27 3.0.1
LINE LINE Corporation 2016/06/04 4.6.2.933
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/05/27 38.8 MB 4.6.01055
Microsoft .NET Framework 4.6.1 (日本語) Microsoft Corporation 2016/05/28 2.93 MB 4.6.01055
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2016/05/30 1.59 MB 4.0.40804.0
Microsoft OneDrive Microsoft Corporation 2014/03/21 26.7 MB 17.0.4024.1220
Microsoft Silverlight Microsoft Corporation 2016/05/27 100 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2013/06/19 1.72 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014/03/21 300 KB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2014/03/21 594 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2014/03/21 598 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2014/03/21 13.7 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2014/03/21 12.1 MB 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 2016/05/28 20.5 MB 12.0.21005.1
Mozilla Firefox 47.0 (x86 ja) Mozilla 2016/06/11 92.0 MB 47.0
NVIDIA 3D Vision コントローラー ドライバー 335.21 NVIDIA Corporation 2014/03/21 335.21
NVIDIA 3D Vision ドライバー 335.23 NVIDIA Corporation 2014/03/21 335.23
NVIDIA GeForce Experience 2.11.3.5 NVIDIA Corporation 2016/05/28 2.11.3.5
NVIDIA HD オーディオ ドライバー 1.3.30.1 NVIDIA Corporation 2014/03/21 1.3.30.1
NVIDIA PhysX システム ソフトウェア 9.13.1220 NVIDIA Corporation 2014/03/21 9.13.1220
NVIDIA グラフィックス ドライバー 335.23 NVIDIA Corporation 2014/03/21 335.23
Realtek Ethernet Controller Driver Realtek 2013/06/19 7.48.823.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2013/06/19 6.0.1.6482
Saezuri UNKNOWN 2016/05/27 1.0.0
Skype(TM) 7.24 Skype Technologies S.A. 2016/05/27 78.7 MB 7.24.104
TeamSpeak 3 Client TeamSpeak Systems GmbH 2016/05/27 3.0.19
Windows Live Essentials Microsoft Corporation 2014/03/21 16.4.3522.0110
Windows Live Sync Microsoft Corporation 2013/06/19 2.76 MB 14.0.8089.726
カスペルスキー インターネット セキュリティ Kaspersky Lab 2016/05/29 16.0.0.614


●CC スタートアップ Windows
無効 HKCU:Run ApplicationManager C:\Users\Administrator\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
無効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run Gyazo Nota Inc. C:\Program Files (x86)\Gyazo\GyStation.exe
有効 HKCU:Run LINE LINE Corporation "D:\LINE\LINE.exe" --booting
無効 HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
無効 HKLM:Run BDRegion cyberlink C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
無効 HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
有効 HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
無効 HKLM:Run RemoteControl10 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run ShadowPlay Microsoft Corporation "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
無効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"


●CC スタートアップ スケジュールされたタスク
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task GyazoUpdateTaskMachine Nota Inc. "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
有効 Task GyazoUpdateTaskMachineDaily Nota Inc. "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d Intel Corporation C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
有効 Task ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon Intel Corporation C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
有効 Task Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} AO Kaspersky Lab C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
有効 Task WpsUpdateTask_Owner Zhuhai Kingsoft Office Software Co.,Ltd C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task


●CC スタートアップ コンテキストメニュー
有効 Directory Kaspersky Anti-Virus 16.0.0 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll
有効 Directory SkyDriveEx Microsoft Corporation C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
有効 Drive Kaspersky Anti-Virus 16.0.0 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll
有効 File Kaspersky Anti-Virus 16.0.0 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll
有効 File SkyDriveEx Microsoft Corporation C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
有効 Folder Kaspersky Anti-Virus 16.0.0 Kaspersky Lab ZAO C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\shellex.dll


●CC ブラウザプラグイン IE
有効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Helper Kaspersky Protection plugin AO Kaspersky Lab C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
有効 Helper Kaspersky Protection plugin AO Kaspersky Lab C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll
有効 Helper Microsoft アカウント サインイン ヘルパー Microsoft Corp. C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
有効 Helper Search Helper Microsoft Corp. C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
有効 Helper Windows Live ID Sign-in Helper Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
有効 Toolbar Kaspersky Protection toolbar AO Kaspersky Lab C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
有効 Toolbar Kaspersky Protection toolbar AO Kaspersky Lab C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll


●CC ブラウザプラグイン FireFox
有効 Extension Adblock Plus 2.7.3 Wladimir Palant default Firefox 47.0 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ko5jabam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
有効 Extension Firefox Hello 1.3.2 Mozilla default Firefox 47.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi
有効 Extension Kaspersky Protection 4.6.2-40 default Firefox 47.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
有効 Extension Multi-process staged rollout 1.0 default Firefox 47.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.2 default Firefox 47.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Plugin 0 default Firefox 47.0
有効 Plugin Google Update 1.3.30.3 Google Inc. default Firefox 47.0 C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll
有効 Plugin Intel® Identity Protection Technology 2.0.59.0 Intel Corporation default Firefox 47.0 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin Intel® Identity Protection Technology 2.0.59.0 Intel Corporation default Firefox 47.0 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
有効 Plugin Java Deployment Toolkit 8.0.910.15 11.91.2.15 Oracle Corporation default Firefox 47.0 C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
有効 Plugin Java(TM) Platform SE 8 U91 11.91.2.15 Oracle Corporation default Firefox 47.0 C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
有効 Plugin NVIDIA 3D Vision 7.17.13.3523 NVIDIA Corporation default Firefox 47.0 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
有効 Plugin NVIDIA 3D VISION 7.17.13.3523 NVIDIA Corporation default Firefox 47.0 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
有効 Plugin OpenH264 Video Codec 1.5.3 Mozilla Corporation default Firefox 47.0 C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ko5jabam.default\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
有効 Plugin Photo Gallery 16.4.3522.110 Microsoft Corporation default Firefox 47.0 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin Shockwave Flash 21.0.0.242 Adobe Systems Incorporated default Firefox 47.0 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
有効 Plugin Silverlight Plug-In 5.1.41212.0 Microsoft Corporation default Firefox 47.0 C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll
  • らすかる
  • 2016/06/13 (Mon) 01:14:49
返信フォームへ 
異常は消えても以後の自衛は怠りなく
こんばんは。
様子見後の報告ですね。
各ログも見せてもらいました。

>一週間様子見をしていましたが、特に異常は見られませんでした。

異常は亡くなっているようで何よりです。
ログ上でも不審な痕跡はなさそうですね。

では本題の処置は終了ということでいいでしょう。
各ツールは導入時の説明に沿って片付けてください。

異常は消えても以後の再被害を防ぐための自衛はここからが始まりということをお忘れなく。

「俺たちの自衛は、まだ始まったばかりだ!」
【らすかる先生の次回作にご期待ください】(←縁起でもないエンディング持ってくんな

ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

なお、DNSUnlockerはまだはっきりした素性や挙動でつかめていない部分もあるので、削除できたといっても油断はしないでください。
念のためそのPCで入力したことのある各種パスワード等の個人情報は可能な限り変更もお勧めしておきます。
特にネットショッピングやネットバンキングしたことがあればその情報は最優先で変更を。

PCセキュリティの上では覚えておくべきことも多数ありますが、最初から全部頭に詰め込む必要はないので、わかる範囲からひとつずつ消化しながらPC環境とセキュリティ意識を再構築していってください。
一夜漬けで劇的にセキュリティ環境が向上することはありません。ユーザー自身による地道な積み重ねによって改善ができます。

慣れない作業を長期間頑張ってくれてお疲れ様でした。
以後は安全で快適なPCライフを
  • 悪代官
  • 2016/06/13 (Mon) 21:47:09
返信フォームへ 

返信フォーム
プレビュー (投稿前に内容を確認)
  
Template by  マシマロック