マルウェア駆除したく
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:38:43, on 2016/12/24
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Masafumi\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Masafumi\AppData\Roaming\RakutenToolbarHelper\RakutenToolbarHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Users\Masafumi\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
C:\Users\Masafumi\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
C:\Users\Masafumi\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: 楽天ツールバー ブラウザヘルパ オブジェクト - {227B8061-B95B-4092-9C9B-6CE5759EE8E5} - C:\Program Files (x86)\RakutenToolbar\RTBHelper_32.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: 楽天ツールバー - {4FD20E5F-825F-476F-8B45-5E3FF6502692} - C:\Program Files (x86)\RakutenToolbar\RakutenToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [IME14 JPN Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Masafumi\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [RakutenToolbarHelper] C:\Program Files (x86)\RakutenToolbarHelper\RakutenToolbarHelper.exe
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\OLBPre\OLBPre.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: バナー広告対策に追加 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O9 - Extra button: セキュリティキーボード - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: 危険サイト診断 - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Carambis Cleaner Service (CarambisCleanerService) - Unknown owner - C:\Program Files (x86)\Carambis\Cleaner\CleanerServiceInstaller.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Reason Core Security Bundle Protection (rscp) - Unknown owner - C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
O23 - Service: Reason Core Security Engine Service (rsEngineSvc) - Reason Software Company Inc. - C:\Program Files\Reason\Security\rsEngineSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Wondershare - C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 11014 bytes


Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2016/11/06 225 MB 15.020.20042
Adobe Flash Player 24 ActiveX Adobe Systems Incorporated 2016/12/14 18.9 MB 24.0.0.186
Bing Bar Microsoft Corporation 2016/01/05 464 KB 7.1.362.0
Carambis Cleaner MEDIA FOG LTD 2014/09/11 1.1.4.1923
CCleaner Piriform 2016/12/24 5.25
CLIP STUDIO 1.6.3 CELSYS 2016/10/28 1.6.3
CLIP STUDIO PAINT CELSYS 2015/03/05 1.4.1
CLIP STUDIO PAINT 1.6.3 CELSYS 2016/10/28 1.6.3
CyberLink Power2Go 8 CyberLink Corp. 2014/09/03 254 MB 8.0.0.2014
Express Zip ファイル圧縮ソフト NCH Software 2014/09/08 2.29
FileViewPro Solvusoft Corporation 2016/01/05 58.4 MB 1.1.0.0
FileZilla Client 3.9.0.5 Tim Kosse 2014/11/03 22.0 MB 3.9.0.5
Google Chrome Google Inc. 2014/09/08 57.0.2950.4
Google Toolbar for Internet Explorer Google Inc. 2016/12/03 7.5.8231.2252
Inkscape 0.91 inkscape.org 2016/09/25 290 MB 0.91
Intel(R) Management Engine Components Intel Corporation 2014/09/03 10.0.1.1000
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2014/06/27 3.0.0.34
McAfee Security Scan Plus McAfee, Inc. 2016/12/15 10.2 MB 3.11.469.2
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2016/02/12 38.8 MB 4.6.01055
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2014/10/15 1.59 MB 4.0.40804.0
Microsoft Office File Validation Add-In Microsoft Corporation 2016/06/09 10.9 MB 14.0.5130.5003
Microsoft Office IME 2010 (Japanese) Microsoft Corporation 2014/11/06 14.0.6119.5000
Microsoft Office Personal 2007 Microsoft Corporation 2014/09/14 12.0.6612.1000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2014/09/03 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2014/09/11 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2014/09/12 5.11 MB 10.0.30319
MyPC Backup MyPC Backup 2016/07/14
NVIDIA 3D Vision コントローラー ドライバー 352.65 NVIDIA Corporation 2015/07/16 352.65
NVIDIA 3D Vision ドライバー 353.30 NVIDIA Corporation 2015/07/16 353.30
NVIDIA GeForce Experience 2.5.11.45 NVIDIA Corporation 2015/07/16 2.5.11.45
NVIDIA HD オーディオ ドライバー 1.3.34.3 NVIDIA Corporation 2015/07/16 1.3.34.3
NVIDIA PhysX システム ソフトウェア 9.15.0428 NVIDIA Corporation 2015/07/16 9.15.0428
NVIDIA グラフィックス ドライバー 353.30 NVIDIA Corporation 2015/07/16 353.30
Realtek Ethernet Controller Driver Realtek 2014/09/03 7.88.617.2014
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/09/03 6.0.1.7246
Reason Core Security Reason Software Company Inc. 2016/12/24 1.2.0.1
sakura editor(サクラエディタ) サクラエディタ開発チーム 2016/10/09 5.32 MB
TeraPad 2014/11/03
Unity Web Player (x64) (All users) Unity Technologies ApS 2015/03/02 12.0 MB 4.6.3f1
UNRAR32 Common Archivers Library DLL 2014/09/11
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2014/09/26 2.1.0.7
WebTablet FB Plugin 64 bit Wacom Technology Corp. 2014/09/26 2.1.0.7
Wondershare Mobileデータ移行 ( Version 7.6.1 ) Wondershare 2016/07/28 98.0 MB 7.6.1
µTorrent BitTorrent Inc. 2016/12/22 3.4.9.43085
カスペルスキー インターネット セキュリティ Kaspersky Lab 2014/09/03 14.0.0.4651
ワコム タブレット Wacom Technology Corp. 2016/10/27 6.3.17-3
楽天ツールバー 2015/09/24 2015.091401
簡単バックアップ eX.Backup2 2.06 Texim 2014/09/03 2.0.6.0
  • miyabi
  • 2016/12/24 (Sat) 04:55:33
自爆感染ですね
こんばんは、IVNOと申します。
ログを確認させていただいたところ、自らが招いた自爆感染のようです。
以下のURLをご確認ください。
http://www.soumu.go.jp/main_sosiki/joho_tsusin/security/enduser/security02/17.html
上記の確認が終わりましたら、続けて以下URLの確認もお願いいたします。
http://otherplace.html.xdomain.jp/
と言うことで、今回の感染源はµTorrentとなるでしょう。
ただ確かにその他マルウェアの感染も確認できてはいますが、何より問題なのはセキュリティソフトです。
このPCは2014年9月3日にご利用を開始されたか、あるいはリカバリを行っているようですが、
その後セキュリティソフトであるカスペルスキーインターネットセキュリティを更新していないのが分かります。
PCに初期から導入されているセキュリティソフトは体験版のため、有効期限は90日がせいぜいと言ったところですので、
この状態であればまず間違いなくセキュリティソフトの有効期限も切れているでしょう。
eX.Backupも導入されていることですので、全データを破棄して直ちにリカバリを行われてください。
これ以外のご案内につきましては、利用規約違反となるためご案内いたしかねます。
  • IVNO
  • 2016/12/24 (Sat) 23:35:05

返信フォーム※初心者、通りすがり等、重複しやすい名前の利用はご遠慮ください。






プレビュー (投稿前に内容を確認)