悪代官の伏魔殿掲示板別館

初めまして。
お恥ずかしい話ですがPCに関する知識にあまり明るくなく、自力での駆除に限界を感じたので書き込ませて頂きました。
お手数をおかけしますが、よろしくお願いします。

HJT

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:34:22, on 2015/12/29
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17566)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\Sarad\DiCE\dice.exe
C:\Users\Rui\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\BNO\bno_starter.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Rui\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IME14 JPN Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Rui\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rui\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: dice.exe.lnk = C:\Program Files (x86)\Sarad\DiCE\dice.exe
O4 - Startup: Dropbox.lnk = Rui\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: AirStation おたすけナビ.lnk = C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
O4 - Global Startup: クライアントマネージャＶ.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O8 - Extra context menu item: Cube : WEB 検索 - res://C:\Program Files\CubeToolBar\ToolBar.dll/search.html
O8 - Extra context menu item: Cube : リンク文字列を翻訳 - res://C:\Program Files\CubeToolBar\ToolBar.dll/anchor.html
O8 - Extra context menu item: Cube : 選択範囲を翻訳 - res://C:\Program Files\CubeToolBar\ToolBar.dll/translation.html
O9 - Extra button: このコンテンツを引用 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer でこのコンテンツに関する記事を書く(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: OneNote に送る - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote に送る(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: JWord(日本語キーワード) - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://www.jword.jp/intro/?partner=AP&type=lk&frm=iebutton (file missing)
O9 - Extra button: OneNote リンク ノート(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote リンク ノート(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [!CNS] JWord(日本語キーワード)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample9.dmm.co.jp/downloader7/DMMDownloader.cab
O16 - DPF: {1DC420F0-D89A-40D0-B5CC-92B9AD19A1AC} (HGPluginJP28 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP28.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://down.hangame.co.jp/jp/installer/HgRunPub.cab
O16 - DPF: {53F4962A-8E27-4601-8B01-79A82B4D7FC9} (LoadPrg Class) - https://member.gungho.jp/front/member/webgs/LoadPrgAx.CAB
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} (ArarioGameStarter6 Class) - http://userimg.arario.jp/activeX/AraGameStarterW6.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {98FFD412-1A12-4BCE-8AB2-247C78E22227} (NCLoaderCtl Class) - https://ssl.plaync.jp/login/activex/NCLoader.7.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://incaweb.nefficient.jp/inca/nProtect/NC_KeyCrypt/total/npkcx_NC.cab
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} (X-Legend GameStarter Control) - https://hh.x-legend.co.jp/X-LegendGameStarter.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DFC6525-ED5E-4A98-8198-951FFCB017D6}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{9808EB54-C48F-4B73-AD32-781F175533F4}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3086567-CE44-4FBC-A8FF-86B930B11A15}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DFC6525-ED5E-4A98-8198-951FFCB017D6}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{2DFC6525-ED5E-4A98-8198-951FFCB017D6}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.3 95.211.158.130
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\ws-ena~1\assist~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Blade and Soul beta test assistant - Unknown owner - C:\Program Files (x86)\NCSoft\Blade&Soul\bin\ec.exe
O23 - Service: BWH32S - Buffalo Inc. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Windows\SysWOW64\npkcmsvc.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wireless Diagnosis (WirelessDiagnosis) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\WDTool\bwdbackground.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\xsherlock.xem

--
End of file - 14010 bytes


CCleaner

+Lhaca
Addictive Drums 1.5.2 2012/05/11
Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2015/11/27 210 MB 15.009.20079
Adobe AIR Adobe Systems Incorporated 2015/01/29 16.0.0.245
Adobe Creative Cloud Adobe Systems Incorporated 2.9.1.474
Adobe Download Assistant Adobe Systems Incorporated 2012/12/05 1.2.3
Adobe Flash Media Live Encoder 3.2 Adobe Systems Incorporated 2011/12/18 14.0 MB 3.2.0
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 20.0.0.228
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 20.0.0.235
Adobe Illustrator CC 2014 Adobe Systems Incorporated 18.1.1
Alliance of Valiant Arms 株式会社ゲームオン 250
Amnesia: The Dark Descent Frictional Games
AmvVideoCodec
Antares Auto-Tune 7 VST Antares Audio Technologies 2012/08/16 52.6 MB 7.01.0002
Any Video Converter 5.5.9 Any-Video-Converter.com 2014/05/08
Apple Application Support（32 ビット） Apple Inc. 2015/08/31 96.0 MB 3.2
Apple Application Support（64 ビット） Apple Inc. 2015/08/31 109 MB 3.2
Apple Mobile Device Support Apple Inc. 2015/08/31 27.9 MB 8.2.1.3
Apple Software Update Apple Inc. 2011/12/13 2.38 MB 2.1.3.127
ArcheAge XLGAMES
ArcheAge GameOn 1
ASIO4ALL Michael Tippach 2.13
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Battle.net Blizzard Entertainment
Battlefield 1942™ Electronic Arts 1.6.20.0
Battlefield 4™ Electronic Arts 1.5.2.34169
Battlelog Web Plugins EA Digital Illusions CE AB 2.7.1
Black Desert GameOn 2184152
Blade&Soul NCSoft 2015/03/19 3.00.0000
Bonjour Apple Inc. 2011/12/13 2.00 MB 3.0.0.10
BUFFALO AirStation おたすけナビ BUFFALO INC. 2014/01/08 1.0.0
BUFFALO AirStation倍速設定ツール（アンインストール）
BUFFALO エアステーション設定ツール BUFFALO INC. 2014/01/08 2.0.5
BUFFALO クライアントマネージャＶ をアンインストール Buffalo Inc. 2015/08/27 1.5.4
BUFFALO パソコン環境表示ツール BUFFALO INC. 2014/01/08 1.0.3
CCleaner Piriform 5.13
Combined Community Codec Pack 2011-11-11 CCCP Project 2012/11/28 2011.11.11.0
ComicStudioMini 4.0 CELSYS 2011/05/01 137 MB 4.3.2
Common GameOn 2249992
CrystalDiskInfo 6.1.12 Shizuku Edition Crystal Dew World 2014/05/24 6.1.12
CubePDF 1.0.0RC7 CubeSoft 2015/01/11
Cubeツールバー 64-bit Edition CubeSoft 2015/01/11
Cubic Castles Cosmic Cow LLC
DAEMON Tools Lite Disc Soft Ltd 4.49.1.0356
DiCE DynamicDNS Client Sarad Software 2014/06/11 2.86 MB 1.59.6
DivX H.264 decoder 8.2.0.26 2012/11/05 8.2.0.26
DivXセットアップ DivX, LLC 2.6.1.22
DMM Player DMM.com 2015/11/18 927 KB 1.5.0.6
Dragon's Dogma Online CAPCOM CO., LTD. 2015/09/06 71.4 MB 1.00.0000
Dropbox Dropbox, Inc. 3.12.5
Dying Light Techland
Dynamic-Photo HDR 5 Mediachance 2014/08/16
ELECOM JC-PS101U series 3.0
ELECOM USB to PS/PS2 Gamepad Converter JC-PS20x Series Driver V 2013/02/03
ELSWORD NHN PlayArt Corp. 2015/02/09 1.0
ESN Sonar ESN Social Software AB 0.70.0
Euro Truck Simulator 2 SCS Software
Euro Truck Simulator 2 Multiplayer 0.1.2 R2 Alpha ETS2MP Team 2014/12/29 0.1.2 R2 Alpha
Explzh for Windows
FFsplit version 0.7 FFsplit Team 2014/07/05 0.7
FireAlpaca 1.1.14 firealpaca.com 2015/01/18 1.1.14
Flux_StereoTool Flux:: sound and picture development 2012/05/16 3.33 MB 2.3.4.11942
Focusrite USB 2.0 Audio Driver 2.5.1 Focusrite Audio Engineering Limited. 2015/04/27 2.5.1
foobar2000 v1.3.8 Peter Pawlowski 1.3.8
FreeAnimeStudio ZenmaiHouse@cellga.com 2011/06/08 1.49 MB 7.0.5
FreeStyle2: Street Basketball Joycity
GlaceVerb 1.01 Dasample
Google Talk Plugin Google 2015/12/17 15.1 MB 5.41.3.0
GTA San Andreas Rockstar Games 2012/06/13 1.00.00001
H-Series_ASIO64 ZOOM 2012/02/20 2.86 MB 1.0.2
Hangame
Hearthstone Blizzard Entertainment
HP Support Solutions Framework Hewlett-Packard Company 2014/01/06 6.61 MB 11.50.0000
IllustStudio 1.0 CELSYS 2011/05/01 1.0.5
iLok Client Helper PACE Anti-Piracy, Inc. 2012/08/16 5.9.1
Intel(R) Management Engine Components Intel Corporation 7.0.0.1118
Interlok driver setup x64 PACE Anti-Piracy, Inc. 2012/08/14 1.53 MB 5.9.5
iTunes Apple Inc. 2015/08/31 238 MB 12.2.2.25
Java 8 Update 66 Oracle Corporation 2015/11/24 88.9 MB 8.0.660.18
Java 8 Update 66 (64-bit) Oracle Corporation 2015/11/24 101 MB 8.0.660.18
Killing Floor 2 Tripwire Interactive
Lame ACM MP3 Codec
Left 4 Dead 2 Valve
Left 4 Dead 2 Dedicated Server
LG CyberLink Power2Go CyberLink Corp. 2011/04/16 6.0.3203
LG CyberLink PowerBackup CyberLink Corp. 2.5.5529
LG CyberLink PowerDVD CyberLink Corp. 2011/04/04 8.0.2815d
LG CyberLink PowerProducer CyberLink Corp. 2011/04/04 5.0.2.2028
LG Power Tools CyberLink Corp. 2011/04/04 6.0.2806
Lhaplus
License Support PACE Anti-Piracy, Inc. 2012/08/16 1.2.0.5555
LINE LINE Corporation 4.2.1.678
Line 6 Uninstaller Line 6
LORD of VERMILION ARENA SQUARE ENIX CO., LTD. 2015/06/26 1.0.0.0
MeldaProduction MFreeEffectsBundle64 6 MeldaProduction
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/11/12 4.5.51209
Microsoft .NET Framework 4.5.2 (日本語) Microsoft Corporation 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2014/10/16 1.59 MB 4.0.40804.0
Microsoft Office Home and Business 2010 Microsoft Corporation 14.0.7015.1000
Microsoft Security Essentials Microsoft Corporation 2015/05/13 4.8.204.0
Microsoft Silverlight Microsoft Corporation 2015/12/10 398 MB 5.1.41105.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2011/04/04 1.72 MB 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 2011/04/04 625 KB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 2011/04/04 1.44 MB 1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 2011/05/23 260 KB 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 2011/05/23 252 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2012/08/14 2.61 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2011/06/16 572 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2014/01/12 252 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 2012/12/05 788 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/12/06 778 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 2012/01/08 1.41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 2012/08/14 232 KB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 2012/12/05 230 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2011/10/01 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/04/23 232 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2011/10/03 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2015/02/23 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/02/23 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 Microsoft Corporation 14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 Microsoft Corporation 14.0.23026.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2015/02/12 10.0.50903
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 10.0.50903
Microsoft Windows Media Video 9 VCM
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 2013/10/16 8.03 MB 4.0.20823.0
MIDI Yoke JOConnell 2011/06/03 25.0 KB 1.75.53
MixMeister BPM Analyzer 1.0 MixMeister Technology LLC 2012/08/28
MotioninJoy Gamepad tool 0.7.1001 www.motioninjoy.com 2013/01/16 0.7.1001
My Game Long Name Epic Games, Inc.
NCLauncher (NCSOFT) NCSOFT
Neffy 1,2,5,0 CDNetworks 1,2,5,0
NETDUETTO β Yamaha Corporation 2015/05/19 3.32 MB 1.3.01
Niconico Live Encoder niwango, inc. 2015/01/21 2.0.4
nProtect KeyCrypt
Nursery Rhyme
NVIDIA 3D Vision コントローラー ドライバー 352.65 NVIDIA Corporation 2015/10/08 352.65
NVIDIA 3D Vision ドライバー 358.50 NVIDIA Corporation 2015/10/08 358.50
NVIDIA GeForce Experience 2.5.14.5 NVIDIA Corporation 2015/10/08 2.5.14.5
NVIDIA HD オーディオ ドライバー 1.3.34.3 NVIDIA Corporation 2015/10/08 1.3.34.3
NVIDIA PhysX システム ソフトウェア 9.15.0428 NVIDIA Corporation 2015/10/08 9.15.0428
NVIDIA グラフィックス ドライバー 358.50 NVIDIA Corporation 2015/10/08 358.50
OpenOffice 4.1.1 Apache Software Foundation 2015/01/19 335 MB 4.11.9775
OpenSSL 1.0.1e Light (64-bit) OpenSSL Win64 Installer Team 2013/08/15
Opera 12.17 Opera Software ASA 12.17.1863
Origin Electronic Arts, Inc. 9.7.2.53208
PHANTASY STAR ONLINE 2 SEGA 2012/06/11
PHANTASY STAR UNIVERSE イルミナスの野望 SEGA SONIC TEAM 2011/04/16
PlayNCLauncher NCsoft
Pmangインストールマネージャー GameOn,Pmang 1.0.1.1
Portal 2 Publishing Tool
PunkBuster Services Even Balance, Inc. 0.993
QUAD-CAPTURE Driver Roland Corporation
QuickTime Apple Inc. 2013/02/10 73.1 MB 7.73.80.64
RadioLine Free Coderium 2011/05/05 1.10
Realtek Ethernet Controller Driver Realtek 2011/04/16 7.32.1111.2010
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2011/04/16 6.0.1.7373
REAPER
REAPER (x64)
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 2011/04/04 2.0.20.0
Revo Uninstaller 1.95 VS Revo Group 1.95
rgc:audio sfz VSTi v1.96
RGSS-RTP Standard Enterbrain 2012/02/24 1.03
Robocraft Freejam
Rocket League Psyonix
RPGツクール2000 ランタイムパッケージ
Scarlett MixControl 1.8 Focusrite Audio Engineering Limited 2015/04/27 1.8
SChatLogViewer Rhein-strasse.de 0.2.4.12
sfArk
SkeedReceiver Dreamboat co.,ltd. 2011/04/16 1.45 MB 1.09.081
Skype Click to Call Skype Technologies S.A. 2013/08/01 34.3 MB 6.9.12585
Skype(TM) 7.17 Skype Technologies S.A. 2015/12/20 79.2 MB 7.17.105
SoundEngine Free Coderium 2011/04/25 4.58 rc 2
SPEAR v0.7.4 r.148 Michael Klingbeil 2013/01/10
STAR WARS™ Battlefront™ Beta Electronic Arts 1.0.3.51560
Starbound
Starbound - Unstable
Steam Valve Corporation 2012/09/03 1.59 MB 1.0.0.0
Strike Vector Ragequit Corporation
System Requirements Lab
TeamSpeak 3 Client TeamSpeak Systems GmbH 3.0.15
TERA GameOn 11258416
Terraria Re-Logic
The Crew (Worldwide) Ubisoft
The Crew Wild Run Beta Ubisoft
The Tower of AION NCSoft 2013/09/15 4.03.0403
Trove Trion Worlds
TuxGuitar 1.2
Unity Web Player Unity Technologies ApS 4.6.1f1
Universal Extractor 1.6.1 Jared Breland 2011/07/05 1.6.1
Unturned Nelson Sexton
Uplay Ubisoft 4.9
UTAU 歌声合成ツール 飴屋プロジェクト 2011/06/01 4.67 MB 1.0.77
Vegas Pro 12.0 (64-bit) Sony 2014/09/29 591 MB 12.0.770
VertexDSP MultiInspectorFree 1.2.0 VertexDSP 2012/10/04 1.2.0
VirtualCloneDrive Elaborate Bytes
Visual Basic 6.0 SP6 ランタイムライブラリ 第4版 NTSOFT 2011/06/05 8.25 MB 1.0.0.4
Visual C++ 64-bit Redistributables PACE Anti-Piracy, Inc. 2012/08/16 1.2.0.5555
Visual C++ Redistributables PACE Anti-Piracy, Inc. 2012/08/16 1.2.0.5555
VOCALOID2 Editor V2.0.12.2J Yamaha Corporation 2011/10/05 0.0.0.1
VOCALOID2 Expression DB (Standard) Yamaha Corporation 2011/10/05 0.0.0.1
VOCALOID2 Voice DB (Luka_ENG) Crypton Future Media Inc 2011/10/05 0.0.0.1
VOCALOID2 Voice DB (Luka_JPN) Crypton Future Media Inc 2011/10/05 0.0.0.1
VOCALOID2 VSTi V2.0.12.3 Yamaha Corporation 2011/10/05 0.0.0.1
VP6 Decoder
VTFEdit 1.3.3 Neil Jedrzejewski & Ryan Gregg 2013/12/29
Warframe Digital Extremes
Warframe Digital Extremes 2015/02/20 188 MB 1.0.0
Waves Complete V9r14 Waves 2013/12/01 9.1.14
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2.1.0.7
WebTablet FB Plugin 64 bit Wacom Technology Corp. 2.1.0.7
WebTablet IE Plugin Wacom Technology Corp. 1.1.0.7
WebTablet Netscape Plugin Wacom Technology Corp. 1.1.0.5
Windows Live Sync Microsoft Corporation 2011/04/04 2.76 MB 14.0.8089.726
Windows Live おすすめパック Microsoft Corporation 2011/04/04 14.0.8089.0726
Windows Live アップロード ツール Microsoft Corporation 2011/04/04 224 KB 14.0.8014.1029
Windows Live サインイン アシスタント Microsoft Corporation 2011/04/04 1.93 MB 5.000.818.5
Windows XP Mode Microsoft Corporation 2011/04/04 1.13 GB 1.3.7600.16422
Windows ドライバ パッケージ - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) Focusrite 03/17/2014 2.5.128.1
WinRAR 5.01 (64ビット) win.rar GmbH 5.01.0
Woopie Assistant http://www.woopiedesktop.com 2010
WORLD END ECONOMiCA -I- 体験版 1.00 2011/09/06
WS-Enabler PremiumSoft 2013/02/08 4.0.0.1197
WS-Supporter 1.80 Verified Publisher 2013/02/08
X-Downloader X-Legend 2014/10/29 1.0000
Xilisoft MOV変換 6 Xilisoft 6.5.2.0216
Yahoo!ツールバー Yahoo! JAPAN. 7.3.0.14
YoutubeAdblocker YoutubeAdblocker 2013/02/08 4.2.0.1447
♪超録 - パソコン長時間録音機 フリーウェア版
しめじ 2.2 Personal Edition Group Finity 2011/12/28 5.69 MB 2.2
すけがぞーS & すけふれーむ
グリーフシンドローム Ver1.10 黄昏フロンティア 2011/09/10
サドンアタック
ニコ生アラート(本家) UNKNOWN 2012/04/10 1.2.0
ニコ生デスクトップキャプチャー(XP) SEASON2 Consolas 2011/05/15 1.38 MB 1.13
ハンターヒーロー X-Legend 2014/10/29 1.0000
バッファロー らくらくアップデートツール Buffalo Inc. 1.12
バトルフィールド 3 Electronic Arts 1.6.0.0
バンダイナムコオンライン ランチャー 株式会社バンダイナムコオンライン 1.0.1
マビノギ(Hangame) devCAT
モンスターハンター フロンティアG CAPCOM CO., LTD. 2014/04/07 1.25.3003
ワコム Wacom Technology Corp. 5.3.5-3
星界神話 X-Legend 2015/11/12 1.0000
東方心綺楼 Ver1.02 黄昏フロンティア 2013/06/04
東方非想天則 Ver1.10aアップデート 黄昏フロンティア 2012/01/16
機動戦士ガンダムオンライン 株式会社バンダイナムコオンライン 2014/08/21 1.0.0.1
簡単バックアップ eX.Backup 1.0.0.8 Texim 2011/04/04 1.0.0.8
貼り付けver 4 attyu 2011/11/13

こんばんは。
見るからに悪党なIDの悪代官です。
でも正体は甘党です。その証拠に日アサのスイートな美少女戦隊にお仕置きされてます。
つまづくはオタやかましい修羅場！（違

DNSUnlockerでのトラブルですか。
ログも見せてもらいましたが、それ以外にも色々問題点見えてますね。
時間はかかっても構いませんので、落ち着いてひとつずつ確実に進めてください。

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓）
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」（通称：GU）
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」（通称：CC）
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

>Platform: Windows 7 SP1 (WinNT 6.00.3505)
>MSIE: Internet Explorer v10.0 (10.00.9200.17566)
Win7用のIEの最新版は現在11です。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

また、少なくとも下記のアプリは旧バージョンです。
>OpenOffice 4.1.1 Apache Software Foundation 2015/01/19 335 MB 4.11.9775

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

>Yahoo!ツールバー Yahoo! JAPAN. 7.3.0.14
>Cubeツールバー 64-bit Edition CubeSoft 2015/01/11
ツールバーの複数併用はそれだけで不具合のもとになります。
使うならひとつだけ残して、他はGUを使ってアンインストールしてください。
事前にブラウザや他のプログラムを終了してから削除してください。

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

GUを使って、下記をアンインストールしておいてください。

Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2015/11/27 210 MB 15.009.20079

Adobe AIR Adobe Systems Incorporated 2015/01/29 16.0.0.245

Java 8 Update 66 Oracle Corporation 2015/11/24 88.9 MB 8.0.660.18

Java 8 Update 66 (64-bit) Oracle Corporation 2015/11/24 101 MB 8.0.660.18

今度はPCをセーフモードで起動してください（やり方↓）
http://www.pc-master.jp/sousa/s-safemode.html

セーフモードで再度GUを使って、下記をアンインストールしてください。
DAEMON Tools Lite Disc Soft Ltd 4.49.1.0356

DMM Player DMM.com 2015/11/18 927 KB 1.5.0.6

WinRAR 5.01 (64ビット) win.rar GmbH 5.01.0

Woopie Assistant http://www.woopiedesktop.com 2010

X-Downloader X-Legend 2014/10/29 1.0000

Xilisoft MOV変換 6 Xilisoft 6.5.2.0216

YoutubeAdblocker YoutubeAdblocker 2013/02/08 4.2.0.1447

続いてセーフモードのままでスタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

HJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O9 - Extra button: JWord(日本語キーワード) - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://www.jword.jp/intro/?partner=AP&type=lk&frm=iebutton (file missing)

O11 - Options group: [!CNS] JWord(日本語キーワード)

O20 - AppInit_DLLs: c:\progra~2\ws-ena~1\assist~1.dll

必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。

ここでPCを通常モードで再起動してから、今度はCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

続いて「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。

現在の進捗です。

一通りの作業を完了しました。

Openofficeに関しては使う機会がなくなったのでアンインストール

ツールバーの類もどちらもアンインストール

復元ポイントの作成

GUでの項目のアンインストール

ディスククリーンアップ

HTJでのスキャン
O4 - HKCU\..\Run: [DAEMON Tools Lite]は見つかりませんでしたのでそのまま続行

この後通常モードにて起動後、ログをとりIEを起動したところ
タスクバーのアイコンが一時的に表示されるもののすぐに消えてしまい、起動することができませんでした。(windows updateで11にアップデートしてありました)

一度インストールされた更新プログラムよりInternet Explorerをアンインストール
再度11にアップデートを試みたところ、インストールに失敗してしまうようになってしまいました。
現在Internet Explorerのバージョンは10で起動しています。
なお、DNSUnlockerの広告は変わらず検索ボックスの下に表示されています。

一先その後のログを貼ります。

HJT

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:39:59, on 2015/12/30
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17566)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Users\Rui\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Rui\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IME14 JPN Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Rui\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rui\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: dice.exe.lnk = C:\Program Files (x86)\Sarad\DiCE\dice.exe
O4 - Startup: Dropbox.lnk = Rui\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: AirStation おたすけナビ.lnk = C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
O4 - Global Startup: クライアントマネージャＶ.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O9 - Extra button: このコンテンツを引用 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer でこのコンテンツに関する記事を書く(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: OneNote に送る - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote に送る(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote リンク ノート(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote リンク ノート(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample9.dmm.co.jp/downloader7/DMMDownloader.cab
O16 - DPF: {1DC420F0-D89A-40D0-B5CC-92B9AD19A1AC} (HGPluginJP28 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP28.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} (HgRunPub Class) - http://down.hangame.co.jp/jp/installer/HgRunPub.cab
O16 - DPF: {53F4962A-8E27-4601-8B01-79A82B4D7FC9} (LoadPrg Class) - https://member.gungho.jp/front/member/webgs/LoadPrgAx.CAB
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} (ArarioGameStarter6 Class) - http://userimg.arario.jp/activeX/AraGameStarterW6.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {98FFD412-1A12-4BCE-8AB2-247C78E22227} (NCLoaderCtl Class) - https://ssl.plaync.jp/login/activex/NCLoader.7.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://incaweb.nefficient.jp/inca/nProtect/NC_KeyCrypt/total/npkcx_NC.cab
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} (HgTAgent2 Extension Class) - http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} (X-Legend GameStarter Control) - https://hh.x-legend.co.jp/X-LegendGameStarter.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DFC6525-ED5E-4A98-8198-951FFCB017D6}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{9808EB54-C48F-4B73-AD32-781F175533F4}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3086567-CE44-4FBC-A8FF-86B930B11A15}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DFC6525-ED5E-4A98-8198-951FFCB017D6}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{2DFC6525-ED5E-4A98-8198-951FFCB017D6}: NameServer = 82.163.142.3 95.211.158.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.3 95.211.158.130
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Blade and Soul beta test assistant - Unknown owner - C:\Program Files (x86)\NCSoft\Blade&Soul\bin\ec.exe
O23 - Service: BWH32S - Buffalo Inc. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Windows\SysWOW64\npkcmsvc.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wireless Diagnosis (WirelessDiagnosis) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\WDTool\bwdbackground.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\xsherlock.xem

--
End of file - 12343 bytes


CCleaner

+Lhaca 2014/05/29
Addictive Drums 1.5.2 2012/05/11
Adobe Creative Cloud Adobe Systems Incorporated 2015/02/23 201 MB 2.9.1.474
Adobe Download Assistant Adobe Systems Incorporated 2012/12/05 1.2.3
Adobe Flash Media Live Encoder 3.2 Adobe Systems Incorporated 2011/12/18 14.0 MB 3.2.0
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2015/12/30 8.47 MB 20.0.0.267
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2015/12/10 9.05 MB 20.0.0.235
Adobe Illustrator CC 2014 Adobe Systems Incorporated 2015/02/23 907 MB 18.1.1
Alliance of Valiant Arms 株式会社ゲームオン 2015/09/26 250
Amnesia: The Dark Descent Frictional Games 2014/06/22
AmvVideoCodec 2013/04/16
Antares Auto-Tune 7 VST Antares Audio Technologies 2012/08/16 52.6 MB 7.01.0002
Any Video Converter 5.5.9 Any-Video-Converter.com 2014/05/08 99.8 MB
Apple Application Support（32 ビット） Apple Inc. 2015/08/31 96.0 MB 3.2
Apple Application Support（64 ビット） Apple Inc. 2015/08/31 109 MB 3.2
Apple Mobile Device Support Apple Inc. 2015/08/31 27.9 MB 8.2.1.3
Apple Software Update Apple Inc. 2011/12/13 2.38 MB 2.1.3.127
ArcheAge XLGAMES 2014/05/17
ArcheAge GameOn 2015/09/26 1
ASIO4ALL Michael Tippach 2015/12/07 2.13
AviSynth 2.5 2012/04/05
Bandisoft MPEG-1 Decoder 2011/09/16
Battle.net Blizzard Entertainment 2015/11/27
Battlefield 1942™ Electronic Arts 2013/10/05 1.21 GB 1.6.20.0
Battlefield 4™ Electronic Arts 2015/10/05 28.5 GB 1.5.2.34169
Battlelog Web Plugins EA Digital Illusions CE AB 2015/08/13 2.7.1
Black Desert GameOn 2015/09/26 2184152
Blade&Soul NCSoft 2015/03/19 3.00.0000
Bonjour Apple Inc. 2011/12/13 2.00 MB 3.0.0.10
BUFFALO AirStation おたすけナビ BUFFALO INC. 2014/01/08 2.99 MB 1.0.0
BUFFALO AirStation倍速設定ツール（アンインストール） 2011/04/16
BUFFALO エアステーション設定ツール BUFFALO INC. 2014/01/08 2.84 MB 2.0.5
BUFFALO クライアントマネージャＶ をアンインストール Buffalo Inc. 2015/08/27 13.2 MB 1.5.4
BUFFALO パソコン環境表示ツール BUFFALO INC. 2014/01/08 1.0.3
CCleaner Piriform 2015/12/29 5.13
Combined Community Codec Pack 2011-11-11 CCCP Project 2012/11/28 24.4 MB 2011.11.11.0
ComicStudioMini 4.0 CELSYS 2011/05/01 137 MB 4.3.2
Common GameOn 2015/09/26 2249992
CrystalDiskInfo 6.1.12 Shizuku Edition Crystal Dew World 2014/05/24 43.0 MB 6.1.12
CubePDF 1.0.0RC7 CubeSoft 2015/01/11 26.4 MB
Cubic Castles Cosmic Cow LLC 2015/09/17
DiCE DynamicDNS Client Sarad Software 2014/06/11 2.86 MB 1.59.6
DivX H.264 decoder 8.2.0.26 2012/11/05 8.2.0.26
DivXセットアップ DivX, LLC 2012/11/28 2.6.1.22
DMM Player 2015/11/18
Dragon's Dogma Online CAPCOM CO., LTD. 2015/09/06 71.4 MB 1.00.0000
Dropbox Dropbox, Inc. 2015/12/13 3.12.5
Dying Light Techland 2015/09/23
Dynamic-Photo HDR 5 Mediachance 2014/08/16 51.7 MB
ELECOM JC-PS101U series 3.0 2013/02/01
ELECOM USB to PS/PS2 Gamepad Converter JC-PS20x Series Driver V 2013/02/03
ELSWORD NHN PlayArt Corp. 2015/02/09 3.33 MB 1.0
ESN Sonar ESN Social Software AB 2011/10/01 0.70.0
Euro Truck Simulator 2 SCS Software 2015/10/14
Euro Truck Simulator 2 Multiplayer 0.1.2 R2 Alpha ETS2MP Team 2014/12/29 179 MB 0.1.2 R2 Alpha
Explzh for Windows 2012/11/05
FFsplit version 0.7 FFsplit Team 2014/07/05 10.0 MB 0.7
FireAlpaca 1.1.14 firealpaca.com 2015/01/18 35.2 MB 1.1.14
Flux_StereoTool Flux:: sound and picture development 2012/05/16 3.33 MB 2.3.4.11942
Focusrite USB 2.0 Audio Driver 2.5.1 Focusrite Audio Engineering Limited. 2015/04/27 2.49 MB 2.5.1
foobar2000 v1.3.8 Peter Pawlowski 2015/04/23 9.96 MB 1.3.8
FreeAnimeStudio ZenmaiHouse@cellga.com 2011/06/08 1.49 MB 7.0.5
FreeStyle2: Street Basketball Joycity 2015/12/11
GlaceVerb 1.01 Dasample 2012/04/28
Google Talk Plugin Google 2015/12/17 15.1 MB 5.41.3.0
GTA San Andreas Rockstar Games 2012/06/13 1.00.00001
H-Series_ASIO64 ZOOM 2012/02/20 2.86 MB 1.0.2
Hangame 2011/09/23
Hearthstone Blizzard Entertainment 2015/11/27
HP Support Solutions Framework Hewlett-Packard Company 2014/01/06 6.61 MB 11.50.0000
IllustStudio 1.0 CELSYS 2011/05/01 1.0.5
iLok Client Helper PACE Anti-Piracy, Inc. 2012/08/16 4.25 MB 5.9.1
Intel(R) Management Engine Components Intel Corporation 2010/10/06 7.0.0.1118
Interlok driver setup x64 PACE Anti-Piracy, Inc. 2012/08/14 1.53 MB 5.9.5
iTunes Apple Inc. 2015/08/31 238 MB 12.2.2.25
Killing Floor 2 Tripwire Interactive 2015/05/06
Lame ACM MP3 Codec 2012/11/28
Left 4 Dead 2 Valve 2013/11/28
Left 4 Dead 2 Dedicated Server 2014/09/02
LG CyberLink Power2Go CyberLink Corp. 2011/04/16 108 MB 6.0.3203
LG CyberLink PowerBackup CyberLink Corp. 2011/04/15 2.5.5529
LG CyberLink PowerDVD CyberLink Corp. 2011/04/04 79.8 MB 8.0.2815d
LG CyberLink PowerProducer CyberLink Corp. 2011/04/04 323 MB 5.0.2.2028
LG Power Tools CyberLink Corp. 2011/04/04 14.4 MB 6.0.2806
Lhaplus 2012/10/10
License Support PACE Anti-Piracy, Inc. 2012/08/16 4.33 MB 1.2.0.5555
LINE LINE Corporation 2015/11/16 4.2.1.678
Line 6 Uninstaller Line 6 2011/06/04
LORD of VERMILION ARENA SQUARE ENIX CO., LTD. 2015/06/26 6.02 MB 1.0.0.0
MeldaProduction MFreeEffectsBundle64 6 MeldaProduction 2012/04/12
Microsoft .NET Framework 4.5.2 Microsoft Corporation 2015/03/09 38.8 MB 4.5.51209
Microsoft .NET Framework 4.5.2 (日本語) Microsoft Corporation 2015/10/22 2.93 MB 4.5.51209
Microsoft ASP.NET MVC 4 Runtime Microsoft Corporation 2014/10/16 1.59 MB 4.0.40804.0
Microsoft Office Home and Business 2010 Microsoft Corporation 2013/12/11 14.0.7015.1000
Microsoft Security Essentials Microsoft Corporation 2015/05/13 4.8.204.0
Microsoft Silverlight Microsoft Corporation 2015/12/10 398 MB 5.1.41105.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2011/04/04 1.72 MB 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 2011/04/04 625 KB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 2011/04/04 1.44 MB 1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 2011/05/23 260 KB 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 2011/05/23 252 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2015/03/09 2.38 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2015/03/09 3.85 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2014/01/12 252 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 2012/12/05 788 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2012/12/06 778 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 2012/01/08 1.41 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 2012/08/14 232 KB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 2012/12/05 230 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2011/10/01 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2012/04/23 232 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2011/10/03 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2015/02/23 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2015/02/23 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/08/17 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2015/08/17 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2015/10/08 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2015/08/17 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 Microsoft Corporation 2015/08/31 24.3 MB 14.0.23026.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 Microsoft Corporation 2015/08/31 20.6 MB 14.0.23026.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2015/02/12 10.0.50903
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 Microsoft Corporation 2015/02/12 10.0.50903
Microsoft Windows Media Video 9 VCM 2012/11/28
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 2013/10/16 8.03 MB 4.0.20823.0
MIDI Yoke JOConnell 2011/06/03 25.0 KB 1.75.53
MixMeister BPM Analyzer 1.0 MixMeister Technology LLC 2012/08/28
MotioninJoy Gamepad tool 0.7.1001 www.motioninjoy.com 2013/01/16 3.89 MB 0.7.1001
My Game Long Name Epic Games, Inc. 2015/09/20
NCLauncher (NCSOFT) NCSOFT 2015/03/19
Neffy 1,2,5,0 CDNetworks 2013/09/15 1,2,5,0
NETDUETTO β Yamaha Corporation 2015/05/19 3.32 MB 1.3.01
Niconico Live Encoder niwango, inc. 2015/01/21 2.0.4
nProtect KeyCrypt 2011/04/18
Nursery Rhyme 2013/01/19
NVIDIA 3D Vision コントローラー ドライバー 352.65 NVIDIA Corporation 2015/10/08 352.65
NVIDIA 3D Vision ドライバー 358.91 NVIDIA Corporation 2015/12/30 358.91
NVIDIA GeForce Experience 2.5.14.5 NVIDIA Corporation 2015/10/08 2.5.14.5
NVIDIA HD オーディオ ドライバー 1.3.34.3 NVIDIA Corporation 2015/10/08 1.3.34.3
NVIDIA PhysX システム ソフトウェア 9.15.0428 NVIDIA Corporation 2015/10/08 9.15.0428
NVIDIA グラフィックス ドライバー 358.91 NVIDIA Corporation 2015/12/30 358.91
OpenSSL 1.0.1e Light (64-bit) OpenSSL Win64 Installer Team 2013/08/15 3.62 MB
Origin Electronic Arts, Inc. 2015/08/26 9.7.2.53208
PHANTASY STAR ONLINE 2 SEGA 2012/06/11 3.33 GB
PHANTASY STAR UNIVERSE イルミナスの野望 SEGA SONIC TEAM 2011/04/16
PlayNCLauncher NCsoft 2011/04/18
Pmangインストールマネージャー GameOn,Pmang 2015/09/26 1.0.1.1
Portal 2 Publishing Tool 2013/11/30
PunkBuster Services Even Balance, Inc. 2015/04/11 0.993
QUAD-CAPTURE Driver Roland Corporation 2013/02/04
QuickTime Apple Inc. 2013/02/10 73.1 MB 7.73.80.64
RadioLine Free Coderium 2011/05/05 1.10
Realtek Ethernet Controller Driver Realtek 2011/04/16 7.32.1111.2010
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2011/04/16 6.0.1.7373
REAPER 2011/07/18
REAPER (x64) 2012/09/17
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 2011/04/04 1.00 MB 2.0.20.0
Revo Uninstaller 1.95 VS Revo Group 2015/02/03 1.95
rgc:audio sfz VSTi v1.96 2011/08/21
RGSS-RTP Standard Enterbrain 2012/02/24 1.03
Robocraft Freejam 2014/10/15
Rocket League Psyonix 2015/12/01
RPGツクール2000 ランタイムパッケージ 2012/03/10
Scarlett MixControl 1.8 Focusrite Audio Engineering Limited 2015/04/27 8.09 MB 1.8
SChatLogViewer Rhein-strasse.de 2012/10/30 0.2.4.12
sfArk 2011/11/06
SkeedReceiver Dreamboat co.,ltd. 2011/04/16 1.45 MB 1.09.081
Skype Click to Call Skype Technologies S.A. 2013/08/01 34.3 MB 6.9.12585
Skype(TM) 7.17 Skype Technologies S.A. 2015/12/20 79.2 MB 7.17.105
SoundEngine Free Coderium 2011/04/25 4.58 rc 2
SPEAR v0.7.4 r.148 Michael Klingbeil 2013/01/10
STAR WARS™ Battlefront™ Beta Electronic Arts 2015/10/08 10.8 GB 1.0.3.51560
Starbound 2013/12/07
Starbound - Unstable 2015/05/20
Steam Valve Corporation 2012/09/03 1.59 MB 1.0.0.0
Strike Vector Ragequit Corporation 2014/06/18
System Requirements Lab 2011/10/02
TeamSpeak 3 Client TeamSpeak Systems GmbH 2014/06/24 3.0.15
TERA GameOn 2015/09/26 11258416
Terraria Re-Logic 2013/10/16
The Crew (Worldwide) Ubisoft 2014/12/06
The Crew Wild Run Beta Ubisoft 2015/10/17
The Tower of AION NCSoft 2013/09/15 4.03.0403
Trove Trion Worlds 2015/08/02
TuxGuitar 1.2 2014/08/05
Unity Web Player Unity Technologies ApS 2015/01/29 12.0 MB 4.6.1f1
Universal Extractor 1.6.1 Jared Breland 2011/07/05 11.8 MB 1.6.1
Unturned Nelson Sexton 2014/07/22
Uplay Ubisoft 2014/12/06 4.9
UTAU 歌声合成ツール 飴屋プロジェクト 2011/06/01 4.67 MB 1.0.77
Vegas Pro 12.0 (64-bit) Sony 2014/09/29 591 MB 12.0.770
VertexDSP MultiInspectorFree 1.2.0 VertexDSP 2012/10/04 1.2.0
VirtualCloneDrive Elaborate Bytes 2013/01/19
Visual Basic 6.0 SP6 ランタイムライブラリ 第4版 NTSOFT 2011/06/05 8.25 MB 1.0.0.4
Visual C++ 64-bit Redistributables PACE Anti-Piracy, Inc. 2012/08/16 12.1 MB 1.2.0.5555
Visual C++ Redistributables PACE Anti-Piracy, Inc. 2012/08/16 20.2 MB 1.2.0.5555
VOCALOID2 Editor V2.0.12.2J Yamaha Corporation 2011/10/05 0.0.0.1
VOCALOID2 Expression DB (Standard) Yamaha Corporation 2011/10/05 0.0.0.1
VOCALOID2 Voice DB (Luka_ENG) Crypton Future Media Inc 2011/10/05 0.0.0.1
VOCALOID2 Voice DB (Luka_JPN) Crypton Future Media Inc 2011/10/05 0.0.0.1
VOCALOID2 VSTi V2.0.12.3 Yamaha Corporation 2011/10/05 0.0.0.1
VP6 Decoder 2012/11/28
VTFEdit 1.3.3 Neil Jedrzejewski & Ryan Gregg 2013/12/29 4.32 MB
Warframe Digital Extremes 2015/11/29
Warframe Digital Extremes 2015/02/20 188 MB 1.0.0
Waves Complete V9r14 Waves 2013/12/01 9.1.14
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2015/03/16 2.1.0.7
WebTablet FB Plugin 64 bit Wacom Technology Corp. 2015/03/16 2.1.0.7
WebTablet IE Plugin Wacom Technology Corp. 2011/05/01 1.1.0.7
WebTablet Netscape Plugin Wacom Technology Corp. 2011/05/01 1.1.0.5
Windows Live Sync Microsoft Corporation 2011/04/04 2.76 MB 14.0.8089.726
Windows Live おすすめパック Microsoft Corporation 2011/04/04 14.0.8089.0726
Windows Live アップロード ツール Microsoft Corporation 2011/04/04 224 KB 14.0.8014.1029
Windows Live サインイン アシスタント Microsoft Corporation 2011/04/04 1.93 MB 5.000.818.5
Windows XP Mode Microsoft Corporation 2011/04/04 1.13 GB 1.3.7600.16422
Windows ドライバ パッケージ - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) Focusrite 2015/04/27 03/17/2014 2.5.128.1
WORLD END ECONOMiCA -I- 体験版 1.00 2011/09/06 311 MB
WS-Enabler PremiumSoft 2013/02/08 4.0.0.1197
WS-Supporter 1.80 Verified Publisher 2013/02/08
♪超録 - パソコン長時間録音機 フリーウェア版 2011/07/18
しめじ 2.2 Personal Edition Group Finity 2011/12/28 5.69 MB 2.2
すけがぞーS & すけふれーむ 2013/03/20
グリーフシンドローム Ver1.10 黄昏フロンティア 2011/09/10 5.85 MB
サドンアタック 2014/07/27
ニコ生アラート(本家) UNKNOWN 2012/04/10 1.2.0
ニコ生デスクトップキャプチャー(XP) SEASON2 Consolas 2011/05/15 1.38 MB 1.13
ハンターヒーロー X-Legend 2014/10/29 1.0000
バッファロー らくらくアップデートツール Buffalo Inc. 2014/05/02 11.0 MB 1.12
バトルフィールド 3 Electronic Arts 2013/08/16 1.6.0.0
バンダイナムコオンライン ランチャー 株式会社バンダイナムコオンライン 2014/08/21 1.0.1
マビノギ(Hangame) devCAT 2014/09/30
モンスターハンター フロンティアG CAPCOM CO., LTD. 2014/04/07 1.25.3003
ワコム Wacom Technology Corp. 2015/03/16 5.3.5-3
星界神話 X-Legend 2015/11/12 1.0000
東方心綺楼 Ver1.02 黄昏フロンティア 2013/06/04 15.9 MB
東方非想天則 Ver1.10aアップデート 黄昏フロンティア 2012/01/16
機動戦士ガンダムオンライン 株式会社バンダイナムコオンライン 2014/08/21 1.27 MB 1.0.0.1
簡単バックアップ eX.Backup 1.0.0.8 Texim 2011/04/04 1.0.0.8
貼り付けver 4 attyu 2011/11/13

再起動後にCCで取った各タブのログです。

スタートアップ
windows

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run Dropbox Update Dropbox, Inc. "C:\Users\Rui\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
無効 HKCU:Run DS3 Tool www.motioninjoy.com C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
有効 HKCU:Run Google Update Google Inc. "C:\Users\Rui\AppData\Local\Google\Update\GoogleUpdate.exe" /c
無効 HKCU:Run msnmsgr Microsoft Corporation "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
有効 HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
無効 HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
無効 HKCU:Run swg "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
有効 HKLM:Run Adobe Creative Cloud Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
有効 HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
無効 HKLM:Run CLMLServer CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
無効 HKLM:Run DivXUpdate DivX, LLC "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
有効 HKLM:Run IME14 JPN Setup Microsoft Corporation C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
無効 HKLM:Run jwdsrch C:\Program Files (x86)\JWord\Plugin2\jwdsrch_64.exe
無効 HKLM:Run K7SystemTray "C:\Program Files (x86)\K7 Computing\Common\K7SysTry.exe"
無効 HKLM:Run LogMeIn Hamachi Ui "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
有効 HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
無効 HKLM:Run NUSB3MON Renesas Electronics Corporation "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
有効 HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
無効 HKLM:Run PDVD8LanguageShortcut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
有効 HKLM:Run QuickTime Task Apple Inc. "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
無効 HKLM:Run RemoteControl8 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
有効 HKLM:Run ShadowPlay Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
無効 HKLM:Run UCam_Menu "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
無効 HKLM:Run UpdateP2GoShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
無効 HKLM:Run UpdatePPShortCut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
無効 HKLM:Run VirtualCloneDrive Elaborate Bytes AG "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
無効 HKLM:Run WLMailPlugin C:\Program Files (x86)\PC Tools\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
有効 Startup Common AirStation おたすけナビ.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
有効 Startup Common クライアントマネージャＶ.lnk Buffalo Inc. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup User dice.exe.lnk Sarad Software C:\Program Files (x86)\Sarad\DiCE\dice.exe
有効 Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Rui\AppData\Roaming\Dropbox\bin\Dropbox.exe
有効 Startup User らくらくアップデートツール.lnk Buffalo Inc. C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe

InternetExplorer

有効 Extension OneNote に送る Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
有効 Extension OneNote に送る Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
有効 Extension OneNote リンク ノート(K) Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
有効 Extension OneNote リンク ノート(K) Microsoft Corporation C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
無効 Extension Skype Click to Call Skype Technologies S.A. C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
無効 Extension Skype Click to Call Skype Technologies S.A. C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
無効 Helper Office Document Cache Handler Microsoft Corporation C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
無効 Helper Office Document Cache Handler Microsoft Corporation C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

スケジュールされたタスク

有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task AdobeAAMUpdater-1.0-Rui-PC-Rui Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
有効 Task ASC8_PerformanceMonitor C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe /Task
有効 Task ASC8_SkipUac_Rui "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task Driver Booster SkipUAC (Rui) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac
有効 Task DropboxUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000Core Dropbox, Inc. C:\Users\Rui\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
有効 Task DropboxUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000UA Dropbox, Inc. C:\Users\Rui\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
有効 Task GoogleUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000Core Google Inc. C:\Users\Rui\AppData\Local\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000UA Google Inc. C:\Users\Rui\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task {2CFD0C34-CCBF-4DC8-A760-813568851284} Microsoft Corporation msiexec.exe /package "C:\Users\Rui\Desktop\MidiYokeSetup.msi"
有効 Task {32513ABC-F3C7-49FE-AAB0-2A1D023FE692} Microsoft Corporation C:\Windows\system32\pcalua.exe -a D:\Driver\WDR\3_LAN\REALTEK\setup.exe -d C:\Users\Rui\Desktop
有効 Task {52525BD2-338B-4360-964C-A25374B625DC} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Rui\Downloads\ASIO4ALL_2_13_English.exe -d C:\Users\Rui\Downloads
有効 Task {5AF92935-1A4B-4CAC-BF7E-0C937E598A08} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Rui\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBRUMBC5\reaper0999-install[1].exe" -d C:\Users\Rui\Desktop
有効 Task {936BC2FA-2461-4973-ADD5-204810DCFCBC} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Rui\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LRNUM4E\ASIO4ALL_2_13_English.exe" -d C:\Users\Rui\Desktop
有効 Task {936DBC97-DC19-4A37-AB24-BC37507A4989} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Rui\Downloads\HijackThis.exe -d C:\Users\Rui\Downloads
有効 Task {99A70063-8A01-4CEA-9F80-B49C22172D35} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Rui\Downloads\SpyHunter-Installer.exe -d C:\Users\Rui\Downloads
有効 Task {E1DA8B57-325F-4BF1-A497-8705D8876097} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Rui\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RK40GD81\MP10_EnergyBlissViz.exe" -d C:\Users\Rui\Desktop
有効 Task {E42221B8-4915-4C36-887D-EA19D8CE0355} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Rui\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWBWA412\colorcubesviz.exe" -d C:\Users\Rui\Desktop
有効 Task {F50EA871-0D10-4BF6-85B5-3BCF83CBF6FD} Microsoft Corporation C:\Windows\system32\pcalua.exe -a "C:\Users\Rui\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXF1Z14K\ASIO4ALL_2_10_English[1].exe" -d C:\Users\Rui\Desktop
有効 Task {FA43D6B4-5D5B-4545-B1C2-E695C3F4E533} Skype Technologies S.A. C:\Program Files (x86)\Skype\\Phone\Skype.exe

コンテキストメニュー

有効 Directory Advanced SystemCare C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll
有効 Directory DropboxExt Dropbox, Inc. C:\Users\Rui\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
有効 Directory ShExplzh pon software C:\Windows\system32\ShExplzh.dll
有効 Directory UnLockerMenu C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Directory 書庫内検索(I)... pon software C:\Program Files (x86)\Explzh\Explzh.exe /f %1
有効 Drive Advanced SystemCare C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll
有効 Drive Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll
有効 Drive VirtualCloneDrive Elaborate Bytes AG C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
有効 Drive 書庫内検索(I)... pon software C:\Program Files (x86)\Explzh\Explzh.exe /f %1
有効 File AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 File Advanced SystemCare C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll
有効 File DropboxExt Dropbox, Inc. C:\Users\Rui\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
有効 File Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll
有効 File ShExplzh pon software C:\Windows\system32\ShExplzh.dll
有効 File UnLockerMenu C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 File VirtualCloneDrive Elaborate Bytes AG C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
有効 Folder AccExt C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
有効 Folder Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll
有効 Folder UnLockerMenu C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll

作業と報告、ご苦労様です。

続きで見せてもらったCCログで、隠れていたものがあぶり出されてきました。
ではまた説明に沿って次の作業です。

CCを起動して「スケジュールされたタスク」タブ内の下記を右クリックから「無効」にしたあと続けて「エントリの削除」してください。無効にできないときはそのまま削除です。
有効 Task Driver Booster SkipUAC (Rui) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac

有効 Task {99A70063-8A01-4CEA-9F80-B49C22172D35} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\Rui\Downloads\SpyHunter-Installer.exe -d C:\Users\Rui\Downloads

次に「コンテキストメニュー」タブの下記も同様に処置です。
有効 Directory Advanced SystemCare C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll

有効 Drive Advanced SystemCare C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll

有効 File Advanced SystemCare C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll

CCを終了したら下記のツールを準備してください。
「AdwCleaner」（通称：AC）
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware（通称・MBAM）
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://www.japan-secure.com/entry/blog-entry-7.html

以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。

注）インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

両ツールのアップデートができたらPCをセーフモードで再起動してから、ディスククリーンアップを使ってゴミファイルの掃除してください。

続いてPCをセーフモード起動してから、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

ACでの作業ができたら次はMBAMの作業です。
セーフモードのままMBAM起動してスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」です。
対象ドライブはCを含めて全ドライブを選択してください。
ですが、もし「フルスキャン」というボタンが表示されない場合はMBAMを最新版に更新してしまった可能性があるので、この時は「カスタムスキャン」を選択してください。
この操作が最新版MBAMでのフルスキャンにあたります。
スキャン対象は全ドライブを選択（チェック）してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」（隔離）したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとしばらくPC状態を様子見後、作業後に保存したACとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。

年の瀬にご迷惑おかけしています。現状報告です。
googleなどの検索ボックスの下に出ていたDNSUnlockerの表示は消えていました。
今のところ目立った異常はありません。

ACログ

# AdwCleaner v5.026 - ログファイルの作成日 31/12/2015 作成時間 01:27:58
# 更新日 21/12/2015 作成元 Xplode
# データベース : 2015-12-29.1 [サーバー]
# オペレーティングシステム : Windows 7 Home Premium Service Pack 1 (x64)
# ユーザー名 : Rui - RUI-PC
# 実行場所 : C:\Users\Rui\Desktop\AdwCleaner.exe
# オプション : 削除
# サポート : http://toolslib.net/forum

***** [ サービス ] *****


***** [ フォルダ ] *****

[-] フォルダ 削除済み項目 : C:\Program Files (x86)\DigiSaver
[-] フォルダ 削除済み項目 : C:\Program Files (x86)\ws-enabler
[-] フォルダ 削除済み項目 : C:\Program Files (x86)\DDownSave
[!] フォルダ ノット 削除済み項目 : C:\Program Files (x86)\DigiSaver
[-] フォルダ 削除済み項目 : C:\Program Files (x86)\DoWnSave
[-] フォルダ 削除済み項目 : C:\Program Files (x86)\DownSSavE
[-] フォルダ 削除済み項目 : C:\Program Files (x86)\ExstraSaviNGss
[-] フォルダ 削除済み項目 : C:\Program Files (x86)\GreatSSave4U
[-] フォルダ 削除済み項目 : C:\ProgramData\SetApp
[-] フォルダ 削除済み項目 : C:\ProgramData\3bc7868086a638e1
[-] フォルダ 削除済み項目 : C:\ProgramData\4307559455176145121UL
[-] フォルダ 削除済み項目 : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidhjidnleahgmkmpanemedfklcohod
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\icllknpmlnallpehadphcbjiodajncpf
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkpejmjpainfghgbbagicjijkfnjbdm
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nifcijhcjpipimcpdbjaiddabjlnfffa
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidhjidnleahgmkmpanemedfklcohod
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\icllknpmlnallpehadphcbjiodajncpf
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkpejmjpainfghgbbagicjijkfnjbdm
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nifcijhcjpipimcpdbjaiddabjlnfffa
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidhjidnleahgmkmpanemedfklcohod
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icllknpmlnallpehadphcbjiodajncpf
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkpejmjpainfghgbbagicjijkfnjbdm
[-] フォルダ 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nifcijhcjpipimcpdbjaiddabjlnfffa
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidhjidnleahgmkmpanemedfklcohod
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\icllknpmlnallpehadphcbjiodajncpf
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkpejmjpainfghgbbagicjijkfnjbdm
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nifcijhcjpipimcpdbjaiddabjlnfffa
[-] フォルダ 削除済み項目 : C:\Users\Rui\Favorites\Search
[!] フォルダ ノット 削除済み項目 : C:\Users\Rui\Favorites\Search

***** [ ファイル ] *****

[-] ファイル 削除済み項目 : C:\Windows\uninstaller.exe

***** [ DLLs ] *****


***** [ ショートカット ] *****


***** [ スケジュールタスク ] *****

[-] タスク 削除済み項目 : BitGuard
[-] タスク 削除済み項目 : EPUpdater
[-] タスク 削除済み項目 : WS-Enabler-S-1404196680
[-] タスク 削除済み項目 : WS-Enabler-S-1404196680

***** [ レジストリ ] *****

[-] 値 削除済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [BackgroundHost.exe]
[-] 値 削除済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD [BackgroundHost.exe]
[-] キー 削除済み項目 : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1404196680
[-] キー 削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{cfb41c29}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Interface\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Interface\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Interface\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}
[!] キー ノット 削除済み項目 : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
[-] キー 削除済み項目 : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] 値 削除済み項目 : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}
[!] キー ノット 削除済み項目 : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] キー 削除済み項目 : HKCU\Software\Softonic
[-] キー 削除済み項目 : HKCU\Software\usyndication.com
[-] キー 削除済み項目 : HKCU\Software\USyndication
[-] キー 削除済み項目 : HKCU\Software\Microsoft\Tinstalls
[-] キー 削除済み項目 : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[!] キー ノット 削除済み項目 : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] キー 削除済み項目 : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] キー 削除済み項目 : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] キー 削除済み項目 : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] キー 削除済み項目 : HKLM\SOFTWARE\WS-Enabler
[-] キー 削除済み項目 : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] キー 削除済み項目 : HKU\.DEFAULT\Software\IBUpdaterService
[-] キー 削除済み項目 : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] キー 削除済み項目 : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] キー 削除済み項目 : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
[-] キー 削除済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
[-] データ 復元済み項目 : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] データ 復元済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] データ 復元済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] データ 復元済み項目 : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2DFC6525-ED5E-4A98-8198-951FFCB017D6} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9808EB54-C48F-4B73-AD32-781F175533F4} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C3086567-CE44-4FBC-A8FF-86B930B11A15} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2DFC6525-ED5E-4A98-8198-951FFCB017D6} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9808EB54-C48F-4B73-AD32-781F175533F4} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C3086567-CE44-4FBC-A8FF-86B930B11A15} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{2DFC6525-ED5E-4A98-8198-951FFCB017D6} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{9808EB54-C48F-4B73-AD32-781F175533F4} [NameServer]
[-] データ 復元済み項目 : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C3086567-CE44-4FBC-A8FF-86B930B11A15} [NameServer]

***** [ Webブラウザ ] *****


*************************

:: "Tracing"キーは削除します
:: Winsock設定を初期化しました

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11873 バイト] ##########



MBAMログ

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

定義バージョン： v2015.12.30.03

Windows 7 Service Pack 1 x64 NTFS (セーフモード)
Internet Explorer 10.0.9200.17566
Rui :: RUI-PC [管理者]

2015/12/31 1:34:10
mbam-log-2015-12-31 (01-34-10).txt

スキャンタイプ： フルスキャン (C:\|)
有効なスキャン領域： メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン　 | ヒューリスティック/Shuriken　エンジンを使用してスキャン　 | 不審なプログラム　（PUP） | 不審な変更　（PUM）
無効なスキャン領域: ピア・ツー・ピアプログラム（P2P）
スキャンしたアイテム数: 979203
経過時間： 3 時間, 32 分, 32 秒

メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)

メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリキーの検出: 9
HKCR\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} (Adware.CnsMin) -> 正常に隔離され削除されました。
HKCR\TypeLib\{AAB6BCE3-1DF6-4930-9B14-9CA79DC8C267} (Adware.CnsMin) -> 正常に隔離され削除されました。
HKCR\Interface\{DF692509-D9EF-48A0-9CD0-3AA5B81F6F68} (Adware.CnsMin) -> 正常に隔離され削除されました。
HKCR\CnsHelper.CH.1 (Adware.CnsMin) -> 正常に隔離され削除されました。
HKCR\CnsHelper.CH (Adware.CnsMin) -> 正常に隔離され削除されました。
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B83FC273-3522-4CC6-92EC-75CC86678DA4} (Adware.CnsMin) -> 正常に隔離され削除されました。
HKCU\SOFTWARE\3721 (PUP.Optional.BitSpirit) -> 正常に隔離され削除されました。
HKLM\SOFTWARE\3721 (PUP.Optional.BitSpirit) -> 正常に隔離され削除されました。
HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE (PUM.Optional.DisableChromeUpdates) -> 正常に隔離され削除されました。

レジストリ値の検出: 1
HKLM\SOFTWARE\Policies\Google\Update|DisableAutoUpdateChecksCheckboxValue (PUM.Optional.DisableChromeUpdates) -> データ: 1 -> 正常に隔離され削除されました。

レジストリデータ項目の検出: 1
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3086567-CE44-4FBC-A8FF-86B930B11A15}|DhcpNameServer (Trojan.DNSChanger) -> 悪: (82.163.142.3) 良: () -> 正常に隔離され修復されました。

フォルダの検出: 1
C:\Users\Rui\AppData\LocalLow\DataMngr (PUP.Optional.DataMngr.AppFlsh) -> 正常に隔離され削除されました。

ファイルの検出: 5
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ws-enabler\Assistant.dll.vir (Trojan.SProtector) -> 正常に隔離され削除されました。
C:\Program Files\JWord_pino\CnsMin.dll (Adware.CnsMin) -> 正常に隔離され削除されました。
C:\Users\Rui\Downloads\SoftonicDownloader_for_dynamic-photo-hdr.exe (PUP.Optional.SofTonic) -> 正常に隔離され削除されました。
C:\Users\Rui\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED} (PUP.Optional.DataMngr.AppFlsh) -> 正常に隔離され削除されました。
C:\Users\Rui\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64 (PUP.Optional.DataMngr.AppFlsh) -> 正常に隔離され削除されました。

(終)

作業と報告、ご苦労様です。

>googleなどの検索ボックスの下に出ていたDNSUnlockerの表示は消えていました。
>今のところ目立った異常はありません。

はい、異常沈静化したのは何よりです。
両ログも見せてもらいましたが、また大漁でしたね。
それら全部ツール上から隔離処置していればそれでいいです。

では大詰めの解析にかかります。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで分割して、複数回に分けてレス送信してください。

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです

あけましておめでとうございます。
新年早々お世話になりますがよろしくお願いします。

OTL logfile created on: 2016/01/01 0:27:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rui\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17566)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.98 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 71.20% Memory free
15.96 Gb Paging File | 13.57 Gb Available in Paging File | 85.04% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 604.25 Gb Free Space | 43.25% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RUI-PC | User Name: Rui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/01/01 00:24:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rui\Desktop\OTL.exe
PRC - [2015/12/09 06:36:58 | 024,952,456 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2015/11/05 23:41:22 | 000,417,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2015/10/03 14:06:17 | 002,634,872 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/10/03 14:06:17 | 001,872,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/07/14 15:14:24 | 000,212,952 | ---- | M] (Buffalo Inc.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
PRC - [2015/07/06 14:55:42 | 000,139,568 | ---- | M] (Buffalo Inc.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
PRC - [2015/04/11 05:06:20 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/09/10 12:37:16 | 000,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2014/03/06 19:00:14 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\NCSoft\Blade&Soul\bin\ec.exe
PRC - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2012/10/09 08:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/04/18 20:54:19 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWOW64\npkcmsvc.exe
PRC - [2011/03/31 11:54:08 | 000,216,440 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\WDTool\bwdnotification.exe
PRC - [2011/03/31 11:53:58 | 000,230,776 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\WDTool\bwdbackground.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/12/09 06:36:50 | 000,024,904 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
MOD - [2015/12/09 06:36:50 | 000,021,840 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
MOD - [2015/12/09 06:36:50 | 000,021,320 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
MOD - [2015/12/09 06:36:48 | 000,023,376 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
MOD - [2015/12/09 06:36:48 | 000,020,800 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
MOD - [2015/12/09 06:36:46 | 000,381,752 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
MOD - [2015/12/09 06:36:46 | 000,019,760 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
MOD - [2015/12/09 06:36:42 | 003,891,504 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
MOD - [2015/12/09 06:36:40 | 000,225,080 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
MOD - [2015/12/09 06:36:40 | 000,133,936 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
MOD - [2015/12/09 06:36:38 | 000,486,704 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
MOD - [2015/12/09 06:36:38 | 000,357,680 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
MOD - [2015/12/09 06:36:36 | 001,950,000 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
MOD - [2015/12/09 06:36:36 | 000,519,984 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
MOD - [2015/12/09 06:36:36 | 000,207,672 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
MOD - [2015/12/09 06:36:34 | 001,826,608 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
MOD - [2015/12/09 06:36:32 | 000,052,024 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
MOD - [2015/12/09 06:36:32 | 000,024,392 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
MOD - [2015/12/09 06:36:30 | 000,038,696 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\fastpath.pyd
MOD - [2015/12/09 06:36:28 | 001,737,032 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
MOD - [2015/12/09 06:36:28 | 000,084,792 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
MOD - [2015/12/09 06:36:28 | 000,020,808 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
MOD - [2015/12/09 06:36:26 | 000,023,352 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
MOD - [2015/12/09 06:36:26 | 000,020,816 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
MOD - [2015/12/09 06:36:24 | 000,022,848 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2015/12/09 06:36:24 | 000,021,304 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
MOD - [2015/12/09 06:36:22 | 000,117,056 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
MOD - [2015/12/09 06:36:22 | 000,042,296 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
MOD - [2015/12/09 06:36:22 | 000,020,280 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
MOD - [2015/10/31 10:01:00 | 000,019,920 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
MOD - [2015/10/31 10:00:58 | 000,786,904 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2015/10/31 10:00:58 | 000,063,448 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2015/10/31 10:00:58 | 000,019,408 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
MOD - [2015/10/31 10:00:26 | 000,036,296 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\librsync.dll
MOD - [2015/10/31 10:00:24 | 000,350,152 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\winxpgui.pyd
MOD - [2015/10/31 10:00:22 | 000,048,592 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32service.pyd
MOD - [2015/10/31 10:00:22 | 000,028,616 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32ts.pyd
MOD - [2015/10/31 10:00:20 | 000,114,640 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32security.pyd
MOD - [2015/10/31 10:00:20 | 000,043,472 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32process.pyd
MOD - [2015/10/31 10:00:20 | 000,024,016 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32profile.pyd
MOD - [2015/10/31 10:00:18 | 000,175,560 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32gui.pyd
MOD - [2015/10/31 10:00:18 | 000,030,160 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32pipe.pyd
MOD - [2015/10/31 10:00:16 | 000,124,880 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32file.pyd
MOD - [2015/10/31 10:00:16 | 000,024,528 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32event.pyd
MOD - [2015/10/31 10:00:14 | 000,105,928 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32api.pyd
MOD - [2015/10/31 10:00:14 | 000,024,016 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
MOD - [2015/10/31 10:00:14 | 000,020,936 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\mmapfile.pyd
MOD - [2015/10/31 10:00:10 | 000,109,520 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
MOD - [2015/10/31 10:00:08 | 000,240,584 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\jpegtran.pyd
MOD - [2015/10/31 10:00:08 | 000,083,912 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\sip.pyd
MOD - [2015/10/31 10:00:06 | 000,019,408 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\faulthandler.pyd
MOD - [2015/10/31 09:59:54 | 000,134,608 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\_elementtree.pyd
MOD - [2015/10/31 09:59:54 | 000,034,768 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
MOD - [2015/10/31 09:59:52 | 000,692,688 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\unicodedata.pyd
MOD - [2015/10/31 09:59:52 | 000,093,640 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\_ctypes.pyd
MOD - [2015/10/31 09:59:50 | 000,134,088 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\pyexpat.pyd
MOD - [2015/10/31 09:59:50 | 000,018,376 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\select.pyd
MOD - [2015/10/31 09:59:48 | 000,392,144 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\pythoncom27.dll
MOD - [2015/10/31 09:59:48 | 000,116,688 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Dropbox\bin\pywintypes27.dll
MOD - [2015/10/03 14:06:17 | 000,011,896 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/10/03 14:06:17 | 005,544,568 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2015/10/03 14:06:17 | 001,155,192 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:[b]64bit:[/b] - [2015/07/23 09:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/04/30 01:53:40 | 000,366,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2015/04/30 01:53:40 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2015/04/11 05:39:48 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:[b]64bit:[/b] - [2014/08/20 04:12:17 | 000,656,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2015/12/31 06:05:14 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/12/15 05:01:12 | 000,836,176 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/11/05 23:41:22 | 000,417,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2015/10/05 16:47:40 | 002,078,216 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015/10/03 14:06:17 | 001,872,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/07/30 20:19:38 | 002,909,472 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/07/06 14:55:42 | 000,139,568 | ---- | M] (Buffalo Inc.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2015/04/11 05:06:20 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/11/19 03:18:56 | 000,182,304 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/06 19:00:14 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NCSoft\Blade&Soul\bin\ec.exe -- (Blade and Soul beta test assistant)
SRV - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/09/04 16:43:28 | 004,679,152 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/11/05 04:12:12 | 000,673,808 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\xsherlock.xem -- (xsherlock)
SRV - [2011/04/18 20:54:19 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\npkcmsvc.exe -- (npkcmsvc)
SRV - [2011/03/31 11:53:58 | 000,230,776 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\WDTool\bwdbackground.exe -- (WirelessDiagnosis)
SRV - [2009/06/19 16:12:18 | 000,068,120 | ---- | M] (Texim Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Texim\ExBackup\TxHDDSvc.exe -- (TeximTxHDDSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/11/12 05:34:42 | 000,085,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\xjsh64.sys -- (xjshg)
DRV:[b]64bit:[/b] - [2015/10/03 14:06:17 | 000,204,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2015/10/03 14:06:17 | 000,050,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2015/10/03 14:06:17 | 000,019,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:[b]64bit:[/b] - [2015/03/12 17:22:16 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV:[b]64bit:[/b] - [2015/03/04 19:34:52 | 000,124,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2015/01/29 08:06:04 | 000,942,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2015/01/29 08:03:31 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2015/01/29 08:03:00 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2014/10/29 15:25:29 | 000,086,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\slzj64.sys -- (slzjs)
DRV:[b]64bit:[/b] - [2014/08/07 03:15:50 | 000,102,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:[b]64bit:[/b] - [2014/08/07 03:15:50 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:[b]64bit:[/b] - [2014/08/07 03:15:50 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:[b]64bit:[/b] - [2014/03/17 11:38:32 | 000,127,280 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:[b]64bit:[/b] - [2013/10/02 11:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/05/31 01:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:[b]64bit:[/b] - [2012/10/31 07:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:[b]64bit:[/b] - [2012/10/02 16:12:20 | 000,017,920 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netduetto.sys -- (duetto_simple)
DRV:[b]64bit:[/b] - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/08/16 10:40:02 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:[b]64bit:[/b] - [2012/05/16 11:13:34 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:[b]64bit:[/b] - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:[b]64bit:[/b] - [2012/04/08 15:21:05 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:[b]64bit:[/b] - [2012/03/27 06:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:[b]64bit:[/b] - [2012/03/27 05:00:24 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6POD64.sys -- (L6POD)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/03/09 08:11:24 | 000,043,520 | ---- | M] (ZOOM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\zmhhpau.sys -- (ZMHHPAudioSrv)
DRV:[b]64bit:[/b] - [2011/02/18 22:10:04 | 000,268,672 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RDWM1117.sys -- (RDID1117)
DRV:[b]64bit:[/b] - [2011/01/16 01:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2010/12/17 07:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010/11/20 22:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:[b]64bit:[/b] - [2010/11/20 22:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:[b]64bit:[/b] - [2010/11/20 22:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 20:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:[b]64bit:[/b] - [2010/11/20 20:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:[b]64bit:[/b] - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2010/07/27 09:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2009/11/24 10:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/24 10:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2009/11/18 08:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:[b]64bit:[/b] - [2009/08/05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ucgnstax.sys -- (ucgnsta)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:[b]64bit:[/b] - [2008/12/11 14:10:40 | 000,018,456 | ---- | M] (Texim Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TxDevCmd.sys -- (TxDevCmd)
DRV:[b]64bit:[/b] - [2007/05/17 01:25:44 | 000,026,408 | ---- | M] (TigerGame.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MayFL.sys -- (MayFL)
DRV - [2014/12/27 02:01:02 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2011/04/18 20:54:18 | 000,047,136 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npkcft64.sys -- (npkcft64)
DRV - [2011/04/18 20:54:18 | 000,040,992 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npkuft64.sys -- (npkuft64)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OCustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OSearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.jp/
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 77 EB 35 24 AC CF 01 [binary data]
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\..\SearchScopes,DefaultScope = {36C97336-558E-40D1-A216-5C8E1F0A4D4D}
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\..\SearchScopes\{36C97336-558E-40D1-A216-5C8E1F0A4D4D}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.1: C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@gamechu.jp/gamechusupport-4: C:\GameOn\Common files\plugin\npgamechusupport.dll File not found
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kunlun.com/Launcher: C:\X-Legend\HH\npLauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.co.jp/NxGame: C:\ProgramData\NexonJP\NGM\npnxgameJP.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@skeedtools.com/NpSric, version=1.0: C:\Program Files (x86)\Dreamboat\SkeedReceiver\npsric.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangdiagnostic-1: C:\GameOn\Common files\nppmangdiagnostic.dll (gameon)
FF - HKLM\Software\MozillaPlugins\pmang.jp/pmangsupport-1: C:\GameOn\TERA\nppmangsupport.dll (gameon)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rui\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Rui\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rui\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rui\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rui\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2014/03/19 06:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/20 21:15:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/02 00:18:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/09/14 02:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/31 02:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/06/20 21:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/20 21:15:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

O1 HOSTS File: ([2011/11/24 00:00:34 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\..\Toolbar\WebBrowser: (no name) - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2257892403-709555731-1166873500-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-2257892403-709555731-1166873500-1000..\Run: [Dropbox Update] C:\Users\Rui\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dice.exe.lnk = C:\Program Files (x86)\Sarad\DiCE\dice.exe (Sarad Software)
O4 - Startup: C:\Users\Rui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rui\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\らくらくアップデートツール.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} http://sample9.dmm.co.jp/downloader7/DMMDownloader.cab (DMM Downloader)
O16 - DPF: {1DC420F0-D89A-40D0-B5CC-92B9AD19A1AC} http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP28.cab (HGPluginJP28 Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5082D9B5-5538-4C50-BDB1-C5F44BFB98CC} http://down.hangame.co.jp/jp/installer/HgRunPub.cab (HgRunPub Class)
O16 - DPF: {53F4962A-8E27-4601-8B01-79A82B4D7FC9} https://member.gungho.jp/front/member/webgs/LoadPrgAx.CAB (LoadPrg Class)
O16 - DPF: {7216BF69-1FB3-438C-9A51-9DA82B676BC0} http://userimg.arario.jp/activeX/AraGameStarterW6.cab (ArarioGameStarter6 Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {98FFD412-1A12-4BCE-8AB2-247C78E22227} https://ssl.plaync.jp/login/activex/NCLoader.7.cab (NCLoaderCtl Class)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.cdnetworks.co.jp/cdndist/neffy/NeffyLauncher.cab_1.0.1.8 (NeffyLauncherCtl Class)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://incaweb.nefficient.jp/inca/nProtect/NC_KeyCrypt/total/npkcx_NC.cab (NPKCX Control)
O16 - DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} http://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab (HgTAgent2 Extension Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F4C75105-84BB-414D-AE37-4F0EEEEDE881} https://hh.x-legend.co.jp/X-LegendGameStarter.cab (X-Legend GameStarter Control)
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab (PubPlugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DFC6525-ED5E-4A98-8198-951FFCB017D6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B6FCAD-2971-4CC8-A3EC-D39161A60C6E}: DhcpNameServer = 192.168.11.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {26784146-6E05-3FF9-9335-786C7C0FB5BE} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/01/01 00:24:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rui\Desktop\OTL.exe
[2015/12/31 15:31:54 | 000,110,176 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2015/12/31 15:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/12/31 15:28:44 | 000,097,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/12/31 15:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/12/31 06:04:00 | 007,077,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015/12/31 06:04:00 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2015/12/31 06:03:59 | 006,131,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015/12/31 06:03:59 | 001,057,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2015/12/31 06:03:59 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2015/12/31 06:03:59 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2015/12/31 06:03:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2015/12/31 01:23:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/31 00:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/12/31 00:36:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/12/31 00:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/12/31 00:34:37 | 000,000,000 | ---D | C] -- C:\Users\Rui\AppData\Roaming\Malwarebytes
[2015/12/31 00:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/12/31 00:33:01 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rui\Desktop\mbam-setup-1.75.0.1300.exe
[2015/12/30 21:13:44 | 003,180,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/12/30 21:13:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015/12/30 21:13:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015/12/30 21:12:59 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015/12/30 01:50:03 | 000,102,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015/12/30 01:03:14 | 000,000,000 | ---D | C] -- C:\Users\Rui\AppData\Local\Opera Software
[2015/12/30 01:02:52 | 000,000,000 | ---D | C] -- C:\Users\Rui\AppData\Roaming\Opera Software
[2015/12/30 00:01:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2015/12/30 00:01:53 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2015/12/30 00:01:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2015/12/30 00:01:52 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2015/12/30 00:01:51 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2015/12/30 00:01:51 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2015/12/30 00:01:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2015/12/30 00:01:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2015/12/30 00:01:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2015/12/30 00:01:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2015/12/29 23:32:23 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2015/12/29 23:32:21 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2015/12/29 23:32:20 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2015/12/29 22:48:36 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icaapi.dll
[2015/12/29 22:14:08 | 000,000,000 | ---D | C] -- C:\Users\Rui\AppData\Roaming\Geek Uninstaller
[2015/12/29 03:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/12/29 03:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/12/29 03:35:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rui\Desktop\HijackThis.exe
[2015/12/29 02:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{029cb15b-0064-0}
[2015/12/29 02:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\{03fd1f2b-3064-1}
[2015/12/20 23:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/12/20 23:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/12/13 03:03:20 | 000,000,000 | ---D | C] -- C:\Users\Rui\AppData\Local\Blizzard
[2015/12/13 02:05:43 | 000,000,000 | ---D | C] -- C:\Users\Rui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2015/12/11 16:28:52 | 000,000,000 | ---D | C] -- C:\FS2Log
[2015/12/10 15:03:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu
[2015/12/09 21:28:51 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2015/12/09 21:28:41 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/12/09 21:28:41 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/12/09 21:28:40 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/12/09 21:28:40 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/12/09 21:28:40 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/12/09 21:28:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/12/09 21:28:40 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/12/09 21:28:40 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/12/09 21:28:40 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/12/09 21:28:40 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/12/09 21:28:40 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/12/09 21:28:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/12/09 21:28:40 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/12/09 21:28:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/12/09 21:28:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/12/09 21:28:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2015/12/09 21:28:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2015/12/09 21:28:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2015/12/09 21:28:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2015/12/09 21:28:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2015/12/09 21:28:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2015/12/09 21:28:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2015/12/09 21:28:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2015/12/09 21:28:05 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/12/09 21:28:03 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015/12/09 21:27:53 | 003,806,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/12/09 21:27:50 | 000,857,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/12/09 21:27:50 | 000,715,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/12/09 21:27:50 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/12/09 21:27:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/12/09 21:27:48 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/12/09 21:27:48 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/12/09 21:27:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/12/09 21:27:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/12/09 21:27:48 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/12/09 21:27:48 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2015/12/09 21:27:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2015/12/09 21:27:48 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/12/09 21:27:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/12/09 21:27:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/12/09 21:27:47 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/12/09 21:27:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/12/09 21:27:46 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/12/09 21:27:46 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/12/09 21:27:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/12/09 21:27:46 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2015/12/09 21:27:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/12/09 21:27:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/12/09 21:27:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/12/09 21:27:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/12/09 21:27:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2015/12/09 21:26:22 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015/12/09 21:26:22 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2015/12/09 21:26:22 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2015/12/09 21:26:20 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/12/09 21:26:20 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/12/09 21:26:18 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/12/09 21:26:18 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/12/09 21:26:15 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2015/12/09 21:26:14 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2015/12/06 21:53:43 | 006,340,384 | ---- | C] (Geek Uninstaller) -- C:\Users\Rui\Desktop\geek.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/01/01 00:24:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rui\Desktop\OTL.exe
[2016/01/01 00:05:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/01/01 00:03:00 | 000,000,692 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000UA.job
[2015/12/31 23:37:27 | 000,000,688 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000UA.job
[2015/12/31 18:03:00 | 000,000,640 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000Core.job
[2015/12/31 15:31:45 | 000,110,176 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2015/12/31 15:28:34 | 000,097,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/12/31 15:23:48 | 000,022,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/12/31 15:23:48 | 000,022,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/12/31 15:06:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/31 15:05:51 | 2132,983,807 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/31 06:05:14 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/12/31 06:05:14 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/12/31 00:36:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/12/31 00:33:20 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rui\Desktop\mbam-setup-1.75.0.1300.exe
[2015/12/31 00:31:53 | 001,743,360 | ---- | M] () -- C:\Users\Rui\Desktop\AdwCleaner.exe
[2015/12/30 01:31:16 | 000,000,134 | ---- | M] () -- C:\Users\Rui\Desktop\Internet Explorer トラブルシューティング.url
[2015/12/30 00:28:55 | 000,000,242 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/12/29 22:52:53 | 005,313,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/29 12:37:00 | 000,000,636 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000Core.job
[2015/12/29 03:38:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/12/29 03:35:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rui\Desktop\HijackThis.exe
[2015/12/24 18:43:20 | 002,813,135 | ---- | M] () -- C:\Users\Rui\Desktop\echo.mp3.lwi
[2015/12/15 21:40:39 | 013,262,476 | ---- | M] () -- C:\Users\Rui\Desktop\echo.mp3
[2015/12/13 02:06:31 | 000,001,127 | ---- | M] () -- C:\Users\Rui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/12/07 03:37:59 | 000,001,138 | ---- | M] () -- C:\Users\Rui\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2015/12/06 21:53:45 | 006,340,384 | ---- | M] (Geek Uninstaller) -- C:\Users\Rui\Desktop\geek.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/12/31 00:36:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/12/31 00:31:52 | 001,743,360 | ---- | C] () -- C:\Users\Rui\Desktop\AdwCleaner.exe
[2015/12/30 01:31:16 | 000,000,134 | ---- | C] () -- C:\Users\Rui\Desktop\Internet Explorer トラブルシューティング.url
[2015/12/29 03:38:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/12/24 18:43:20 | 002,813,135 | ---- | C] () -- C:\Users\Rui\Desktop\echo.mp3.lwi
[2015/12/15 11:54:22 | 013,262,476 | ---- | C] () -- C:\Users\Rui\Desktop\echo.mp3
[2015/12/08 17:58:56 | 000,000,692 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000UA.job
[2015/12/08 17:58:54 | 000,000,640 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000Core.job
[2015/11/10 02:45:08 | 037,891,216 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2015/02/23 17:00:27 | 000,000,034 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\AdobeWLCMCache.dat
[2014/06/19 23:34:41 | 000,000,024 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\temp.ini
[2014/02/08 20:32:34 | 000,000,242 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/07/20 23:23:49 | 000,000,000 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\pdfperformer
[2012/10/08 23:07:49 | 000,007,607 | ---- | C] () -- C:\Users\Rui\AppData\Local\Resmon.ResmonCfg
[2012/04/12 23:56:38 | 000,000,081 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MPluginConfiguration.xml
[2012/04/12 23:54:06 | 000,197,014 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MAnalyzerpresets.xml
[2012/04/12 23:54:06 | 000,013,964 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MFlangerpresets.xml
[2012/04/12 23:54:06 | 000,013,158 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MOscillatorpresets.xml
[2012/04/12 23:54:06 | 000,009,119 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MFreqShifterpresets.xml
[2012/04/12 23:54:06 | 000,007,130 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MEqualizerpresets.xml
[2012/04/12 23:54:06 | 000,006,687 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\menvelopepresets.xml
[2012/04/12 23:54:06 | 000,006,444 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MCompressorpresets.xml
[2012/04/12 23:54:06 | 000,005,622 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MNoiseGeneratorpresets.xml
[2012/04/12 23:54:06 | 000,005,138 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MWaveShaperpresets.xml
[2012/04/12 23:54:06 | 000,004,362 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MPhaserpresets.xml
[2012/04/12 23:54:06 | 000,003,771 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MRingModulatorpresets.xml
[2012/04/12 23:54:06 | 000,002,820 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2012/04/12 23:54:06 | 000,002,775 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MStereoExpanderpresets.xml
[2012/04/12 23:54:06 | 000,002,666 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MVibratopresets.xml
[2012/04/12 23:54:06 | 000,002,492 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2012/04/12 23:54:06 | 000,002,366 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MTremolopresets.xml
[2012/04/12 23:54:06 | 000,001,907 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MAutopanpresets.xml
[2012/04/12 23:54:06 | 000,001,381 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MLimiterpresets.xml
[2012/04/12 23:54:06 | 000,001,235 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2012/04/12 23:54:06 | 000,001,011 | ---- | C] () -- C:\Users\Rui\AppData\Roaming\MValueToColor5presets.xml
[2011/05/22 19:00:34 | 000,008,192 | ---- | C] () -- C:\Users\Rui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/16 23:27:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/07 03:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/07 02:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2013/07/20 23:37:34 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2015/12/31 01:27:58 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/08/08 00:00:00 | 006,711,315 | -H-- | M] () -- C:\BatchDOO!\ffmpeg.exe
[2010/08/17 20:58:44 | 000,938,688 | -H-- | M] (JWord Inc.) -- C:\BatchDOO!\setup_jw.exe
[2010/08/08 00:00:00 | 001,815,968 | -H-- | M] (Naver Japan Corporation) -- C:\BatchDOO!\setup_nt.exe
[2010/08/17 20:58:48 | 001,784,784 | -H-- | M] (有限会社エーシーアール ) -- C:\BatchDOO!\setup_tw.exe
[2014/07/05 21:47:08 | 000,000,000 | -H-D | M] -- C:\MSYS\home\Rui\ibuild\ffmpeg\.git
[2014/07/05 21:44:15 | 000,000,000 | -H-D | M] -- C:\MSYS\home\Rui\ibuild\rtmpdump\.git
[2014/07/05 21:47:00 | 000,000,000 | -H-D | M] -- C:\MSYS\home\Rui\ibuild\x264\.git
[2014/10/06 20:26:19 | 000,000,000 | -H-D | M] -- C:\NVIDIA Corporation\Shield Apps\StreamingAssets
[2015/11/12 05:17:09 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/04/16 19:20:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2015/10/08 16:49:50 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/10/05 21:03:20 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 1942
[2013/08/16 17:43:58 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3
[2015/01/05 16:09:54 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4
[2015/10/08 16:50:05 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\STAR WARS Battlefront Beta
[2015/01/05 15:54:10 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4\Xpack0
[2015/01/05 15:27:25 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4\Xpack1
[2015/01/05 15:43:03 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4\Xpack2
[2015/01/05 15:10:32 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4\Xpack3
[2015/01/05 16:09:54 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4\Xpack4
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\System\T54Yqx5cU7sdCz
[2015/09/29 09:30:24 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\IObit\LiveUpdate\update
[2015/12/10 15:25:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\Apple Computer\iTunes\SC Info
[2012/01/26 00:40:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2012/01/26 00:40:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\YouCam\2.00
[2012/01/26 00:40:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\YouCam\2.00
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\iO9djwJI
[2012/07/24 00:09:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\rm
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/07/14 20:16:07 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\PACE Anti-Piracy\0tNiIOPCK6ow
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\PACE Anti-Piracy\Ehs0AOV7b9hF
[2012/08/16 10:48:45 | 000,000,000 | -H-D | M] -- C:\ProgramData\PACE Anti-Piracy\IBKke9gt0zmwv
[2012/08/16 10:48:45 | 000,000,000 | -H-D | M] -- C:\ProgramData\PACE Anti-Piracy\jnhhjQzi7A
[2011/04/16 18:32:43 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2015/12/10 15:25:37 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Apple Computer\iTunes\SC Info
[2012/01/26 00:40:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2012/01/26 00:40:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CLUpdater\YouCam\2.00
[2012/01/26 00:40:43 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser\YouCam\2.00
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\iO9djwJI
[2012/07/24 00:09:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\rm
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/07/14 20:16:07 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\PACE Anti-Piracy\0tNiIOPCK6ow
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\PACE Anti-Piracy\Ehs0AOV7b9hF
[2012/08/16 10:48:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\PACE Anti-Piracy\IBKke9gt0zmwv
[2012/08/16 10:48:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\PACE Anti-Piracy\jnhhjQzi7A
[2009/07/14 12:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2015/12/31 00:36:30 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 11:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013/02/09 03:50:31 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2015/02/03 23:25:23 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData
[2012/08/16 10:48:45 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\q6quKoXfYbKuiIV
[2013/12/07 06:03:23 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\CardSpace
[2013/01/16 18:54:11 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2011/04/16 18:33:18 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2011/04/16 19:00:25 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2011/04/16 23:17:37 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2013/12/01 14:25:36 | 000,000,000 | RH-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\Burn\Burn
[2013/01/19 20:30:15 | 000,000,000 | RH-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\Burn\Burn1
[2014/11/14 04:48:08 | 000,000,000 | RH-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\Burn\Burn2
[2014/11/14 04:52:20 | 000,000,000 | RH-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\Burn\Burn3
[2012/01/13 18:30:20 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics
[2012/01/13 18:30:20 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{084434BC-021F-4086-815C-B4D716386B93}
[2011/11/24 02:04:27 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}
[2011/04/17 18:55:58 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}
[2012/01/13 18:17:18 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{A8977498-2FDF-42B7-A726-8D3B2A53CD2C}
[2011/04/19 22:33:33 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{E2856B15-A196-4C82-BDA1-C75D273DF989}
[2012/09/17 16:58:07 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\Temp\wg4Te6Jvhah
[2011/05/02 22:54:21 | 000,000,197 | -H-- | M] () -- C:\Users\Rui\AppData\Local\Temp\purple\shared\DragonNest-Setup.exe.bfi
[2011/09/16 16:52:28 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\VirtualStore\ProgramData
[2012/09/17 16:58:04 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\VirtualStore\ProgramData\Microsoft\iO9djwJI
[2012/09/17 16:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Local\VirtualStore\ProgramData\Microsoft\Media Player\l2gccWzR
[2013/11/24 00:40:55 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\Hangame
[2015/10/30 16:00:29 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\Adobe\CoreSync\plugins\livetype\c
[2015/02/23 16:39:16 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\Adobe\CoreSync\plugins\livetype\e
[2015/02/23 16:39:16 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\Adobe\CoreSync\plugins\livetype\r
[2013/11/24 00:40:55 | 000,565,248 | -H-- | M] (NHN Japan Corp.) -- C:\Users\Rui\AppData\Roaming\Hangame\hgstarterjp.exe
[2015/07/11 02:11:36 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\Hangame\HUL
[2011/08/21 16:26:41 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\PACE Anti-Piracy\bacb30grq
[2012/08/16 10:48:45 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\PACE Anti-Piracy\BgaoWXHfsh
[2012/08/16 10:48:45 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\PACE Anti-Piracy\R5MeGCsTTunPD
[2012/08/16 11:29:58 | 000,000,000 | -H-D | M] -- C:\Users\Rui\AppData\Roaming\PACE Anti-Piracy\rSWKyMX8lN
[2011/12/26 00:12:45 | 000,000,000 | -H-D | M] -- C:\Users\Rui\Documents\Youcam\FileSharingTmp
[2011/08/01 15:49:05 | 000,000,000 | -H-D | M] -- C:\Users\TEMP\AppData
[2015/03/09 03:57:40 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2002/01/15 15:03:08 | 000,033,791 | -H-- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\Removejoy.exe
[2011/05/01 02:58:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2013/05/03 02:28:41 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2011/04/16 19:47:55 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2014/02/08 20:32:34 | 000,000,000 | -H-D | M] -- C:\Windows\SysNative\GroupPolicy
[2015/03/09 04:21:07 | 000,000,000 | -H-D | M] -- C:\Windows\SysWOW64\directx\websetup

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2016/01/01 00:05:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/12/29 12:37:00 | 000,000,636 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000Core.job
[2016/01/01 00:37:55 | 000,000,688 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000UA.job
[2015/12/31 18:03:00 | 000,000,640 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000Core.job
[2016/01/01 00:03:00 | 000,000,692 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2257892403-709555731-1166873500-1000UA.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD15EARS-00MVWB0 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,397.00GB
Starting Offset: 105906176
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/10/30 02:50:29 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2015/06/25 19:01:17 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/20 22:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2015/10/20 10:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2015/04/28 04:23:13 | 000,188,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2015/04/28 04:04:37 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/20 22:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/20 22:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:[b]64bit:[/b] - [2015/04/30 01:53:40 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2015/04/30 01:53:40 | 000,366,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2012/02/11 15:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2015/10/20 10:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2015/10/20 10:04:53 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/06 02:56:14 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/20 22:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/20 22:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2015/06/16 06:44:47 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2015/06/16 06:42:49 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2015/11/21 03:54:59 | 002,609,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/20 22:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/20 22:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2015/10/21 13:25:59 | 032,864,232 | ---- | M] (CAPCOM CO., LTD.) -- C:\__ddo_launcher.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\る早起き1.wav:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\なつのおわり.mp3:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\スクリーンショット 2015-11-27 04.31.25.png:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\Yggdrasill.wav:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\Yggdrasill.mp3:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\test_2.mp3:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\sweet_robber.wav:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\sweet_robber.mp3:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\Mixdown.mp3:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\Mixdown(3).mp3:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\label [譖ｴ譁ｰ貂医∩].ai:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\echo.mp3:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\atami.txt:com.dropbox.attributes
@Alternate Data Stream - 83 bytes -> C:\Users\Rui\Desktop\a.mp3:com.dropbox.attributes
@Alternate Data Stream - 212 bytes -> C:\Users\Rui\Desktop\Sweetrobber4.png:com.dropbox.attributes
@Alternate Data Stream - 210 bytes -> C:\Users\Rui\Desktop\attachment00.jpg:com.dropbox.attributes
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:8C35AEA7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 1258 bytes -> C:\ProgramData\Microsoft:DvBo4QCmwPVQGYCjMtZBaU
@Alternate Data Stream - 1236 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:qH35O7uSBq9Up9jcz3DgnN6NbHfK4A
@Alternate Data Stream - 1227 bytes -> C:\Users\Rui\AppData\Local\Temp:6lWgWEuO4pEIQsAlSPJDGLBF
@Alternate Data Stream - 1185 bytes -> C:\ProgramData\Microsoft:CtljEp31iOJ4DaQrq2Cat
@Alternate Data Stream - 1078 bytes -> C:\Users\Rui\AppData\Local\Temp:t4YrcY72h9mRbSNWg1qrL
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

OTL Extras logfile created on: 2016/01/01 0:27:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rui\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17566)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.98 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 71.20% Memory free
15.96 Gb Paging File | 13.57 Gb Available in Paging File | 85.04% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 604.25 Gb Free Space | 43.25% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RUI-PC | User Name: Rui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Rui\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FindArchive] -- C:\Program Files (x86)\Explzh\Explzh.exe /f %1 (pon software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Rui\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FindArchive] -- C:\Program Files (x86)\Explzh\Explzh.exe /f %1 (pon software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5F5627-A67B-442E-A539-1CAEED8807FA}" = lport=10011 | protocol=6 | dir=in | name=ts_server2 |
"{0ECEF6F4-C6F1-4888-893D-BA6151EF7934}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{10D5432A-E03F-4970-A518-D0B809351DF6}" = lport=25565 | protocol=6 | dir=in | name=minecraft |
"{1532BF16-30E7-4874-B9A8-D83ED186F8CA}" = rport=80 | protocol=6 | dir=out | app=c:\users\rui\appdata\local\warframe\downloaded\public\tools\remotecrashsender.exe |
"{15521C2A-3141-4D03-90A2-738C270DE904}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{160FB861-7A85-4C2E-B029-6B5FCADF0752}" = rport=445 | protocol=6 | dir=out | app=system |
"{1766EE7D-75CE-4075-90EE-0AFF413306F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1768ACB4-1811-4BD3-AE4E-205FECB084CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\remotecrashsender.exe |
"{25684571-BCEB-4E54-A9CF-CA1CC6A4557C}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2B3DCE0D-3EC4-42A4-ACD4-D8720AC54138}" = lport=9987 | protocol=17 | dir=in | name=ts_server |
"{2C2A8665-CD62-4F88-B120-0680ABB3D87E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2C794EC1-7CAA-4721-A5E3-062713A69DF8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34D218C7-E75F-40B0-8727-0B813B2EEA6C}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{3F50A685-5B73-47BF-95F1-CDE583ED7C10}" = lport=25565 | protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_66\bin\java.exe |
"{40AC372B-C491-4D55-ABF5-25E4E4AAB4C2}" = lport=7777 | protocol=6 | dir=in | name=terraria |
"{4B4ED12C-434D-4E74-BBB9-BFFDC724E76F}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C10871F-E23F-4CFF-B371-7B48F628451A}" = lport=139 | protocol=6 | dir=in | app=system |
"{523E7787-D768-4B94-91D1-D6EF00EBE0B3}" = rport=25505 | protocol=6 | dir=out | name=minecraft05send |
"{53B71DCB-B8E6-4788-8E53-428F1AC90A5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{552B82B8-4609-4318-893D-9AB8B9F03228}" = lport=445 | protocol=6 | dir=in | app=system |
"{68097B9A-B48A-4BFA-BBE9-5947CB27694B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FEA60CC-7D25-485F-8E87-3B38AE8FB177}" = lport=25505 | protocol=6 | dir=in | name=minecraft05 |
"{71577BBE-A72B-4513-9884-CA4E34AC8101}" = lport=30033 | protocol=6 | dir=in | name=ts_server3 |
"{75B7530C-7F81-49AA-BDC5-A4F7A5E6C2D1}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7FD34F0C-999D-4611-807C-0AFB5A7A059C}" = rport=80 | protocol=6 | dir=in | app=c:\users\rui\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{83AC02A5-E4A6-4C00-9C8A-B77260E1D6C6}" = lport=137 | protocol=17 | dir=in | app=system |
"{83DDA055-245C-41D7-8463-A2D83311FA0D}" = lport=25444 | protocol=6 | dir=in | name=unturned |
"{86C94ECE-5C85-4C0F-A785-8EE3572D592D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{8AE43E44-AA9A-47DD-8D5B-BDE5813DD0B1}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{8C7B5AB2-99F4-4078-B7DB-10EF78F0D7CA}" = rport=80 | protocol=6 | dir=out | app=c:\users\rui\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{8F19D5BE-BD34-46B9-8018-2F9ECECA1AFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9510095E-F5AF-49B4-BAAB-FA09859FFE12}" = rport=139 | protocol=6 | dir=out | app=system |
"{A4A2BF3A-E001-4DC3-96C9-8FD92355A0E1}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{A4B83957-CD5E-4E18-B067-CF95154319DC}" = rport=80 | protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\remotecrashsender.exe |
"{A84A707E-A993-47A5-A807-0BE73D5A6CCD}" = rport=80 | protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{AB4CEA79-A59D-40FB-B700-EC4240E68735}" = rport=80 | protocol=6 | dir=in | app=c:\users\rui\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{AF1F783D-7595-4D34-9BFB-892CF2CB61E9}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{B10CD694-B422-4BDC-893D-B73ECAB5F4F5}" = rport=80 | protocol=6 | dir=in | app=c:\users\rui\appdata\local\warframe\downloaded\public\warframe.exe |
"{C026C45A-DFAB-4422-A5D7-DC3E8E055E02}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{C1E1D4AC-7663-4D71-8169-B65663ED5EA4}" = rport=80 | protocol=6 | dir=in | app=c:\users\rui\appdata\local\warframe\downloaded\public\tools\remotecrashsender.exe |
"{C2BE47BA-363E-453E-AB1D-C4AFF70753EA}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{C9CFCD34-648C-4B8E-B087-2CA761E3886E}" = rport=80 | protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{D1CEDEC6-10C0-4488-B1CA-C969ED9C6250}" = lport=138 | protocol=17 | dir=in | app=system |
"{D76F3C97-67D1-4D5A-B4CD-5194B0AFB61F}" = lport=21025 | protocol=6 | dir=in | name=starbound |
"{DD582DB9-6A31-4720-8078-15C669D8FF7B}" = rport=80 | protocol=6 | dir=out | app=c:\users\rui\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{DF81629C-61E4-42A4-BC9C-818550CDB4D7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC2F4B83-3CE1-4D6D-A883-7F687E8FC8A8}" = rport=80 | protocol=6 | dir=out | app=c:\users\rui\appdata\local\warframe\downloaded\public\warframe.exe |
"{ED61C3C9-C870-4F30-BF11-DC02ED3E4D24}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{F5304537-993E-415A-BCF4-A78BAE12685A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F8D0B49F-F11E-4A3D-9792-5B0D46529C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8F8004A-88CB-40E3-A934-3DFC56038347}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF81871E-700A-4EF7-A4DF-A9B4B7D3B000}" = rport=80 | protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0114D649-BD3B-427C-BA64-6F5413C6B14C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dying light\dyinglightgame.exe |
"{01D864E1-90A8-4D0A-8DD7-EB09B0B04787}" = protocol=6 | dir=in | app=c:\program files\reaper (x64)\reaper.exe |
"{0779EC33-46E4-478E-A873-195B6BAD5609}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{08B37766-38CB-447D-93DC-F901042D068B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\star wars battlefront beta\starwarsbattlefront.exe |
"{08CB9BBC-9C21-482A-B379-D491B55D16D4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{090B5340-163E-4E12-B52B-33F51BD99809}" = protocol=17 | dir=in | app=c:\hanpurple\tera\launcher_nhnj.exe |
"{0B219E20-1A77-4E43-BCA2-28227669A86F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0B3CEEF8-1FB3-4622-9EB1-1CD254B7CE69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trove\glyphclient.exe |
"{0B7CF2A3-AF04-404D-95F7-5E96809B916A}" = protocol=6 | dir=in | app=c:\users\rui\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D57BE19-FC2D-484D-ACDB-AA4F709292D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{112A160C-A975-416C-93E5-9520B989EA61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trove\glyphclient.exe |
"{123F7829-43AF-42D9-ABD3-957B1E3D71F8}" = protocol=6 | dir=in | app=c:\users\rui\documents\game\va\mtsp.exe |
"{12503AB7-6F3B-4BC1-A762-31B6D16C24CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe |
"{15211C97-FEF9-4725-8067-5AFD47EB958B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cubic castles\cubic.exe |
"{186A271D-8502-4327-AD47-45C4A5657BE0}" = protocol=6 | dir=in | app=c:\users\rui\downloads\minecraft_server.exe |
"{193CE03E-3F4F-4B84-A915-4E09052BA2D6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4webhelper.exe |
"{19818CA0-2A85-4E6F-9216-6AA21A2403EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{1A8FA410-5178-49A1-9820-050771688ED9}" = protocol=17 | dir=in | app=c:\hanpurple\tera\exlauncher.exe |
"{1B7E6C35-653E-4DD4-9678-FD24D62C2D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe |
"{1C477EC1-9F17-42C0-8728-EBB715046863}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{1D464EA0-ACE6-4C6C-8738-E5B75C1480A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe |
"{222DF54B-6100-4B34-A502-4E154E28D303}" = protocol=17 | dir=in | app=c:\hanpurple\tera\tera_invoker.exe |
"{2273A8AE-06C2-44C9-A0F4-09F882B9BBEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{244F3B63-6740-49E8-9962-AEF4ABC988FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{2549D8B9-3A86-4DA3-B307-165656B0F0CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe |
"{25A85E43-1102-4BB8-A7ED-0176CBE5A9ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{2729FAFE-59B5-4E6F-A6A3-590378C4A974}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{2758BC33-7F45-413D-8F08-4B6DAD00358C}" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_65\bin\java.exe |
"{2A5B537B-CA31-481B-B78C-21EE65A3204F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A60DF95-784E-4116-A0D6-48DBCF69EBC3}" = protocol=6 | dir=in | app=c:\game\tasofro\th135\th135.exe |
"{2C1D502C-4FC6-48D1-B63E-28AD121E8633}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evolve\bin64_steamretail\staticlauncher64.exe |
"{2C1E06FB-06B6-45F5-8CD6-8C7D07869FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\the crew (worldwide)\thecrew.exe |
"{2C7999A6-0F8A-4B87-A90E-ACB6C2C6FB86}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2D0B518C-130E-40FA-8600-8BE369F76CEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 dedicated server\srcds.exe |
"{2D7308D8-7092-4A5B-9367-77BB5520FD02}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{2F73A7D6-AE8E-4B63-8EBC-F96C6F867DA2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{304BF25E-8196-48B1-99E6-03A1E5EA41C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unturned\unturned.exe |
"{3066226A-7B1E-40D6-8655-D0F4AC8007D1}" = protocol=17 | dir=in | app=c:\program files (x86)\minecraft\minecraft.exe |
"{323C18B4-16AE-4C21-9181-D6FA257CE127}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\robocraft\robocraft.exe |
"{331E7078-D712-41B6-9D4B-8975740DEF56}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{362FFC8E-5423-4F4B-987B-3658E0D949B2}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{377FF3F6-CBB2-4A48-A149-DB93620806B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{38620769-57B5-431F-AB3C-BCC1DFFADEB2}" = protocol=6 | dir=in | app=c:\program files (x86)\minecraft\minecraft.exe |
"{38E232F5-ED5B-4DE5-97BB-9CEC454DFC19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe |
"{3B5659BB-9EAC-4718-8C1B-82576A460583}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dying light\devtools\dyinglightplayer.exe |
"{3CA831B4-1028-49A7-9A9D-D9EBFB06E5A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\starbound - unstable\win32\launcher\launcher.exe |
"{3CBA71EB-29B8-4CCD-852A-553F7F44604D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{3D9DF2E2-0DB7-4B5D-AE44-6F76278A3B13}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F0FE9E4-6A0C-443C-AFFD-FC6F4D7C8AB4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{4356941E-F894-44D5-A898-9AFA0D40632F}" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_66\bin\java.exe |
"{44C2D743-53CF-43F6-8B96-5B974571C3EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"{44CF9CCD-D98B-486B-9EA5-8E3AB63DFA0D}" = protocol=17 | dir=in | app=c:\users\rui\desktop\th135_trial\th135.exe |
"{4B6FF7A1-E63D-47B4-9581-A4CC1BE07A88}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"{4C3472D3-DE65-4EAF-B3D5-D322A36725D1}" = protocol=17 | dir=in | app=c:\users\rui\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe |
"{4DDF8761-335F-4631-ACEC-AFCD62D0F64D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{5001619A-04DC-48B6-8AB8-AFCEA4299322}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4webhelper.exe |
"{504B24B8-626D-4AD4-940C-F1F491B2DA7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternitylauncher.exe |
"{508D1E00-DD78-4E5A-A516-9464BBABB5DF}" = protocol=17 | dir=in | app=c:\nether\nether\binaries\win64\nether.exe |
"{51CF2768-BEF6-42F0-88B8-F684EA0924BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dying light\devtools\dyinglightplayer.exe |
"{52439312-6F51-404E-AC45-A3E19AE6153D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{54A30AED-77EF-4945-8A19-A8CE64FB2727}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4x86webhelper.exe |
"{57089FA8-8EED-4CAF-8662-DE8E9552F13F}" = protocol=17 | dir=in | app=c:\hanpurple\elsword\data\x2.exe |
"{59289995-5AFA-4BE9-9B0E-AF39B3A1ABB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{59D5BAF1-4CB5-4BB1-A14A-8B24198B451A}" = protocol=17 | dir=in | app=c:\users\rui\appdata\local\warframe\downloaded\public\warframe.exe |
"{5B20D6F0-BBB8-497E-A584-653C03CB172B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 dedicated server\srcds.exe |
"{5BE6A957-C92B-4B7C-9FE1-D90896492BD3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5BFD34A9-EE59-456D-92EC-5942FC8D6E31}" = protocol=17 | dir=in | app=c:\users\rui\downloads\minecraft_server.exe |
"{5D61A1DE-9205-49E0-B51B-1612D614D642}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{612894B1-31DF-4D8C-825F-E3625D0D3A0E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{613818C0-1CDB-4A9B-B18E-3494A4C37F91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evolvegame\bin64_steamretail\evolve.exe |
"{619E702D-0785-4C2A-BD2A-42460FC98574}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{64707744-1365-4830-8A0C-6FE5EBE18B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{64A68607-CBBD-4AC1-83B5-72A576C5F9B3}" = protocol=6 | dir=in | app=c:\x-legend\hh\game.bin |
"{65DB47BD-E03D-449E-B005-6D21CE236A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{674A355C-F135-4333-8B42-45E90C1698B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{67985497-FBED-4EE9-BB07-A4C23BF7169C}" = protocol=17 | dir=in | app=c:\users\rui\appdata\roaming\dropbox\bin\dropbox.exe |
"{69B67867-EE38-4808-AAB4-1420B947A06C}" = protocol=6 | dir=in | app=c:\users\rui\documents\game\vanpri108\ヴァンガードプリンセス\mtsp.exe |
"{70AD9571-2135-4F3D-8253-C2A130A07F6E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{71680B7C-8FD6-4A69-B608-68CE9F84ABCA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\the crew wild run beta\thecrew.exe |
"{73D7E933-4C5B-43F9-A107-0313BF554FAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x64\eurotrucks2.exe |
"{73F5A234-A34C-4BD4-8BFD-7AE78D442F88}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7602DD5E-22A6-4B1E-A12F-73406EA997E4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{760A3B59-6559-4130-8B75-8284C6439B16}" = protocol=6 | dir=in | app=c:\hanpurple\tera\tera_invoker.exe |
"{7670F249-A1D6-4A27-B704-3AAEE25B29AA}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\star wars battlefront beta\starwarsbattlefront.exe |
"{76A244F9-C262-4AAF-BC4B-136D659D70DC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{76CD9873-DDD5-4BE8-8F23-F84721FA7067}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{77667FED-B599-406B-8D8A-C5FF60DD1EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\the crew (worldwide)\thecrew.exe |
"{77EF7CE1-C849-4104-8949-4999D0EA2593}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{79B3B241-0797-4486-B633-91B2014A1C4E}" = protocol=17 | dir=in | app=c:\users\rui\appdata\roaming\.minecraft\server\minecraft_server.1.7.2.exe |
"{7A028E19-EA6C-43A3-B9E4-C172595ED5AF}" = protocol=6 | dir=in | app=c:\hanpurple\elsword\data\x2.exe |
"{7AC90888-EADF-481A-A167-7E05983F21E9}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{7C3C908A-458B-4D74-970E-C4AE92CB38DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe |
"{80A7CD08-589E-43E8-93A4-C858C42ACA38}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{83B9C245-F814-4403-960C-4B814405C1B0}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{840D0E7C-4857-40B0-9278-7FA2399EBE26}" = protocol=17 | dir=in | app=c:\users\rui\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{862F3BE9-3A3A-4798-A75D-4F38BC5B94AC}" = protocol=6 | dir=in | app=c:\gameon\alliance of valiant arms\binaries\ava.exe |
"{8B6F5B9A-D617-443A-83C9-BFF40B8638E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{8C9C52CE-0B34-454C-85F8-B4E5E2F8BD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{8D7B2FA7-8FF0-4C5D-A71C-558F69ABEDC7}" = protocol=6 | dir=in | app=c:\x-legend\ss\game.bin |
"{8D9AB56C-3AD8-49FD-9BB8-3A97C7A64D46}" = protocol=17 | dir=in | app=c:\users\rui\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe |
"{8E01F071-4D98-414E-96B2-94915D614DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"{8E07CE98-039D-4195-9991-3829D3AF5AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\strikevector\binaries\win32\udk.exe |
"{90ABF2CD-1ADB-4D68-91D1-148CC3AC78EC}" = protocol=6 | dir=in | app=c:\users\rui\desktop\ツール\ニコ生関係\bouyomichan[1]\bouyomichan.exe |
"{93C6AF50-31CD-49B3-A5F3-5479E8D95B16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9416734A-2D3D-4134-82FC-3C30978C9237}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{94C1303D-A0A9-4FE6-9618-14120C89F8AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\the crew wild run beta\thecrew.exe |
"{95802209-40A4-4448-A996-6DF7EA07C386}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9626D4F8-C870-4C1F-926B-12678D914367}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"{962B7DBD-B995-4351-87D3-9FD882A9D646}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\amnesia.exe |
"{975E976F-ECCA-4AAA-B4B6-CD66B949E352}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{97DC169F-EBB7-48B5-9838-E42723D26B3E}" = protocol=17 | dir=in | app=c:\x-legend\hh\game.bin |
"{97F2F7A0-5B2B-4A45-9E58-F35B0E53B552}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{9910306F-26E0-40C4-BAB5-B9D173E44345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dying light\dyinglightgame.exe |
"{992FE503-A531-4243-AF96-FF69AA9CD507}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99EA76A5-D466-4997-8745-ED8146D350A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{9A3D3813-3934-4CC9-9026-7CBAEA4E45E5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9BA2971D-8C07-4312-ACFC-F8C70E45C557}" = protocol=17 | dir=in | app=c:\hanpurple\dnest\dragonnest.exe |
"{9BFAD893-0F65-4C09-8248-A5E890C0BA97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{9D2665FE-5940-4EEC-B50A-C59FA5ECDCBD}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{9D367017-B48A-41C6-862E-704173E8E393}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A06F7772-7A0A-4E8A-BDDD-47DEFAC7419E}" = protocol=17 | dir=in | app=c:\users\rui\appdata\roaming\.minecraft\server\minecraft_server.1.7.4.exe |
"{A0ACC4E2-5AC4-4E03-9085-516B68C030B5}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{A0FD4193-1B64-40F7-BD5E-EA5D05D9E741}" = protocol=6 | dir=in | app=c:\users\rui\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe |
"{A1768602-5085-4CE0-94A4-983B39AB7C6C}" = dir=in | app=c:\gameon\archeage\bin32\patcher.exe |
"{A427181D-CEAD-4D94-B359-81304B3B170B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A47B963D-6305-4406-81FE-EB68B0F0BAE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A5DAEBBD-ABD5-42C1-BF07-440E57C8957E}" = protocol=6 | dir=in | app=c:\hanpurple\dnest\dragonnest.exe |
"{A6B83786-AF35-4B27-97C1-E124B1258326}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A7E4EB6F-32D9-4C32-B220-CA8CE3096A0F}" = protocol=17 | dir=in | app=c:\users\rui\documents\game\vanpri108\ヴァンガードプリンセス\mtsp.exe |
"{A8C8C0FC-D5AF-460C-9633-03E9A1C319C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freestyle2\launchersteam.exe |
"{AA2DB278-F900-48DA-B620-767490A370BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{AA699EF9-8B71-44CA-96B7-D76AD8F3E78E}" = protocol=6 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{AB5FD6FF-E898-494B-AC1B-C17092D5F530}" = protocol=17 | dir=in | app=c:\programdata\nexonjp\ngm\ngm.exe |
"{AC0DD4DC-1966-4944-9CEC-C4D2AE0A5027}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{AD3D5EF1-0F41-4B1D-9E96-2F3139AD7697}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AD6100DC-B230-47B9-9FA1-6385D2153E11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\starbound - unstable\win32\launcher\launcher.exe |
"{AEC5B388-86C4-4944-82B4-53F150EE6EF3}" = protocol=6 | dir=in | app=c:\users\rui\appdata\roaming\xlgames\xlkcsdownload_jp\xlkcsdownload_jp.exe |
"{AEE145AF-5CB0-4964-98C3-F3378A223371}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evolvegame\bin64_steamretail\evolve.exe |
"{B082CB1E-1A18-417D-B9B8-5CA163D4B5B0}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{B2D3E0D8-C4A1-4C19-AE87-A022B96B87D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor2\binaries\win64\kfgame.exe |
"{B31BEB29-62B0-4624-B3FB-8282F5769B05}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{B3570E61-AB8F-4B33-A4CB-17CF8D0AA42F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dundefeternity\dundefeternitylauncher.exe |
"{B381124F-9D55-42B9-8E63-E3989F84769F}" = protocol=17 | dir=in | app=c:\program files\cycling '74\max runtime 6.1\maxrt.exe |
"{B425B312-EBE5-44E4-B0F3-ED38B876A42B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B4E97C78-B162-4758-B47D-78177F879CF4}" = protocol=6 | dir=in | app=c:\hanpurple\tera\launcher_nhnj.exe |
"{B558FE10-807F-4678-B60B-ED879625429F}" = protocol=17 | dir=in | app=c:\hanpurple\elsword\data\x2.exe |
"{B6C7B8ED-54DE-4674-94D4-BFEEF3EF6DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freestyle2\launchersteam.exe |
"{B6C87D9B-D559-49E8-B8FD-C80C3964860D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B86D0706-7C94-48B0-AFB2-ADC59BA82184}" = protocol=6 | dir=in | app=c:\program files\tasofro\th105\th123.exe |
"{BA2BC343-FCBD-4CB1-B7DB-02489D3678DA}" = protocol=17 | dir=in | app=c:\game\tasofro\th135\th135.exe |
"{BB85C7C1-C09C-4C92-8FCE-949E19C7CED8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe |
"{BCBFDADD-199E-4241-9C3B-1E129357CA7E}" = protocol=17 | dir=in | app=c:\users\rui\documents\game\va\mtsp.exe |
"{BCE03B93-F112-4F23-93A8-8D3B716E46E8}" = protocol=6 | dir=in | app=c:\users\rui\appdata\roaming\.minecraft\server\minecraft_server.1.7.2.exe |
"{BFA2C555-F9C5-4A10-A928-D27E16940550}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C099DD23-6E0C-4739-B381-D3EE094FAB31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0C7DD8F-0E1C-4F94-B96B-CC0A342071E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C113FAB3-121C-4601-8F2C-60678CD9AC6F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C13787F8-8CA3-415A-B24F-C3465FF4F9E5}" = dir=in | app=c:\program files (x86)\janetter2\bin\janettersrv.exe |
"{C198315D-CB76-4AB3-9FB7-7E2E46D40F83}" = protocol=17 | dir=in | app=c:\program files\reaper (x64)\reaper.exe |
"{C1AE7953-0D27-47CA-AA5B-53AD7AE4BAE8}" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_65\bin\java.exe |
"{C2B3414F-97CB-403D-94B1-096BBC2881C7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{C4F8F762-92EE-47C9-9202-84F48612D995}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C5F31E44-F59E-43EF-94A1-4BB953F98064}" = protocol=6 | dir=in | app=c:\users\rui\desktop\th135_trial\th135.exe |
"{C659D8D7-84F8-45E9-918F-46D269E3879B}" = protocol=6 | dir=in | app=c:\users\rui\appdata\roaming\.minecraft\server\minecraft_server.1.7.4.exe |
"{C9612C44-3A9A-4CFB-A32F-E3A1FA5B4441}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evolve\bin64_steamretail\staticlauncher64.exe |
"{CA2F48E8-1AEA-497C-A97D-C2EC02413F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CA861984-4689-4474-9E12-DAE2B7807A4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{CB1A7F5E-0610-4945-BF83-274C4F13BDC4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CB622796-C9CB-436B-BDD8-59F280F55764}" = protocol=17 | dir=in | app=c:\users\rui\documents\game\va\ヴァンガードプリンセス.exe |
"{CC52F216-6194-4C1B-AADA-7D773FC72202}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{CD5EEA88-FFAC-4F0D-BB94-D51B93FE254C}" = protocol=17 | dir=in | app=c:\program files\tasofro\th105\th123.exe |
"{CEF9A29C-2083-4CD7-857A-094EC8CB263E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CFB51B31-C2C4-490B-A9B1-F9F7DE312331}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{D09DC1DC-5256-4F6B-BC18-8E99709546A7}" = protocol=6 | dir=in | app=c:\users\rui\appdata\roaming\dropbox\bin\dropbox.exe |
"{D0DA2ACC-FBCB-4E6B-91C9-2914B3AC6ED1}" = protocol=17 | dir=in | app=c:\windows\downloaded program files\reactor.exe |
"{D1764B54-D1B0-4459-94B6-47535E4C6495}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{D20512E6-9B00-4F45-BD9E-A63305101446}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{D337E1B8-6F13-42F9-940A-DE3BDC6D54A4}" = protocol=17 | dir=out | app=c:\users\rui\appdata\local\warframe\downloaded\public\warframe.exe |
"{D37B0BD9-98D6-4899-92FA-B0CD3B106211}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{D568932E-8A1B-4A4C-89CE-CA3D88090A8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D694296C-38A0-4553-B712-28450C71DB88}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D74BAD7F-E668-4A02-9E78-60AEE80FE706}" = protocol=17 | dir=in | app=c:\gameon\alliance of valiant arms\binaries\ava.exe |
"{DA059533-B35B-4E9C-AAD7-5F86CBFA103D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\robocraft\robocraft.exe |
"{DAB1A137-0AAE-43C9-9DA6-CE0CD70DC746}" = protocol=17 | dir=in | app=c:\users\rui\desktop\ツール\ニコ生関係\bouyomichan[1]\bouyomichan.exe |
"{DC5BEAFD-3AED-4738-8E71-E688F7CE9478}" = protocol=6 | dir=in | app=c:\hanpurple\tera\exlauncher.exe |
"{DC7F1200-AB34-492D-BD03-8204BE1D9001}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe |
"{DC8AFF6A-98F9-4BC4-82CD-05F91FEF779F}" = protocol=6 | dir=in | app=c:\program files\cycling '74\max runtime 6.1\maxrt.exe |
"{DFB2198D-E1A1-4336-958F-14EF438234A3}" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_66\bin\java.exe |
"{DFE394BE-A55F-490F-81EC-44FE85167FDB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E02AD5CD-1335-4799-8165-7BC9FB5E0415}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E0C63C8F-97BA-4476-9BC8-3F794ED2D94F}" = protocol=6 | dir=in | app=c:\hanpurple\elsword\data\x2.exe |
"{E0F11488-A924-4B00-80E2-5AF40BC3F30A}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{E121FE9A-8FBB-41F7-9345-0ED9ADE7972F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4x86webhelper.exe |
"{E17D7BDC-E6FC-4684-8F63-A7947490342F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe |
"{E2C6D7AE-3DC9-4299-9E8E-D6414CEA4CE7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{E5758499-E227-4B34-83E5-A5B50282FBDB}" = protocol=17 | dir=out | app=c:\users\rui\appdata\local\warframe\downloaded\public\warframe.x64.exe |
"{E707AF85-9C5B-4E7C-904C-604B34B21054}" = protocol=6 | dir=in | app=c:\nether\nether\binaries\win64\nether.exe |
"{E96DE30C-C024-4350-BC9E-B7CBB5ABE2A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe |
"{E9BFC0F9-EB9C-4E4E-8D5A-E8BCF7D447E8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{ECD30FFC-F433-4218-8CD3-3883E1567BB2}" = dir=in | app=c:\gameon\archeage\bin32\patcher.exe |
"{ED805BA6-5634-4086-9972-1C0697018621}" = protocol=17 | dir=in | app=c:\users\rui\appdata\roaming\dropbox\bin\dropbox.exe |
"{EE83FF4E-BBBE-420C-A26E-37DD135C9EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\amnesia.exe |
"{EEAE9231-3F0C-4CEC-A1CB-E36CE8E1B116}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x64\eurotrucks2.exe |
"{EF4229BE-8111-4843-883B-559FF8C8F92F}" = protocol=17 | dir=in | app=c:\x-legend\ss\game.bin |
"{F596C5A9-70B5-489E-9DBD-A8D4F0A98C72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cubic castles\cubic.exe |
"{F5D03B6D-DDF0-4D49-8FD5-6D3E262AF37F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{F639522F-60CC-4457-B554-6687E01C9C97}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{F64D4938-0521-46B9-85EB-8CA0CC1A3DDA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F6E21BE4-C509-4008-A502-FD30D96807CD}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{F93F6039-DCDB-4222-AEB7-9A18407AB1EF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F9524200-9AA1-4778-BBE5-213E0C37D799}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FA047642-7497-4800-BEEF-7760F26CA0C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\strikevector\binaries\win32\udk.exe |
"{FB9C68B3-8AB2-4137-BBA5-72E339499DBB}" = protocol=6 | dir=in | app=c:\windows\downloaded program files\reactor.exe |
"{FDB887B6-44CC-4E19-A1BF-53908DEAD662}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{FE8904A2-EEC2-4FD3-A920-E15700BDC4AE}" = protocol=6 | dir=in | app=c:\users\rui\documents\game\va\ヴァンガードプリンセス.exe |
"TCP Query User{02ACE171-8D9E-43EC-9382-29B1E110A0E4}C:\program files\java\jre1.8.0_31\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\java.exe |
"TCP Query User{0675D1E2-AC1C-4D8D-942A-228EE762FF30}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{0678E6D2-227E-45E4-BA02-B402F4B64482}C:\program files\java\jre1.8.0_31\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\javaw.exe |
"TCP Query User{097F13D5-17D9-4D01-A450-F4C50535E842}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe |
"TCP Query User{0A065F5B-22D9-4999-86BD-07DDFAFC297E}C:\users\rui\desktop\portchk_ps3_jp\portchk.exe" = protocol=6 | dir=in | app=c:\users\rui\desktop\portchk_ps3_jp\portchk.exe |
"TCP Query User{0CD6BF29-EFB2-4592-8BF3-601F9D53791C}C:\program files (x86)\upnpcj\upnpcj.exe" = protocol=6 | dir=in | app=c:\program files (x86)\upnpcj\upnpcj.exe |
"TCP Query User{1734622B-DD5C-4EFA-B419-3BC9B5A729EE}C:\program files (x86)\origin games\battlefield 4\bf4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"TCP Query User{26095DF9-7C23-4197-9ED8-9B15794F29CE}C:\users\rui\desktop\0x1335-20150623-nopics\ygopro.exe" = protocol=6 | dir=in | app=c:\users\rui\desktop\0x1335-20150623-nopics\ygopro.exe |
"TCP Query User{26FA1FAE-9E93-4E3C-90DE-9D7157A82A09}C:\users\rui\appdata\local\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\rui\appdata\local\teamspeak3-server_win64\ts3server_win64.exe |
"TCP Query User{27970555-4C00-4114-8592-1A8578287CCF}C:\program files (x86)\steam\steamapps\common\nether\game\binaries\win64\nether.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nether\game\binaries\win64\nether.exe |
"TCP Query User{27A7E74F-C644-490A-BA72-308E3C046356}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe |
"TCP Query User{27EC922D-3EAE-4911-8A45-7D656944CA06}C:\users\rui\desktop\th135_trial\th135.exe" = protocol=6 | dir=in | app=c:\users\rui\desktop\th135_trial\th135.exe |
"TCP Query User{284C6157-97AF-4809-AAB6-60E74A107D80}C:\users\rui\documents\game\vanpri108\ヴァンガードプリンセス\mtsp.exe" = protocol=6 | dir=in | app=c:\users\rui\documents\game\vanpri108\ヴァンガードプリンセス\mtsp.exe |
"TCP Query User{2B316754-7C15-4608-B3F0-E492CCDE6A93}C:\program files (x86)\ncsoft\blade&soul\bin\nctalk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncsoft\blade&soul\bin\nctalk.exe |
"TCP Query User{2D3DE353-E8AC-4B53-A979-C671A8638493}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{31278CBE-847A-4A37-B091-21047BC8C8FC}C:\program files\java\jre1.8.0_66\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_66\bin\javaw.exe |
"TCP Query User{34053A84-291C-4BE2-BCF8-2BC0FA03FC8E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{50B6161A-8CE1-4B8A-870F-291E634C211E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{54C05E62-3D88-4377-81C8-41288EDBB5A1}C:\users\rui\desktop\ツール\ニコ生関係\bouyomichan[1]\bouyomichan.exe" = protocol=6 | dir=in | app=c:\users\rui\desktop\ツール\ニコ生関係\bouyomichan[1]\bouyomichan.exe |
"TCP Query User{574AF298-215E-4202-833B-55A6B4A23466}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"TCP Query User{5AE6EE71-4D79-4C6C-B554-1D546030A522}C:\program files\java\jre1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\javaw.exe |
"TCP Query User{60170858-9661-4193-8118-4742AAB9DC48}C:\users\rui\documents\game\va\mtsp.exe" = protocol=6 | dir=in | app=c:\users\rui\documents\game\va\mtsp.exe |
"TCP Query User{669B283E-3A3B-4CB3-A8A5-4DD258B1D3D5}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{6A16902D-0384-4742-ABB4-B4DEB707937B}C:\game\tasofro\th135\th135.exe" = protocol=6 | dir=in | app=c:\game\tasofro\th135\th135.exe |
"TCP Query User{6A45ACA1-06B1-4A72-85BF-8E83D8F1A7CE}C:\gameon\blackdesert_live\bin64\blackdesert64.exe" = protocol=6 | dir=in | app=c:\gameon\blackdesert_live\bin64\blackdesert64.exe |
"TCP Query User{6DB4EE43-A35B-42EB-84E2-81458AE4CEFA}C:\program files (x86)\dreamboat\skeedreceiver\skeedreceiver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dreamboat\skeedreceiver\skeedreceiver.exe |
"TCP Query User{71D5E33C-AF1C-43B1-9A5C-A11D8166FC5D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{743CF9F9-3856-4D70-9D1D-6129E585CCAA}C:\users\rui\desktop\0x1334-20150321-nopics\ygopro.exe" = protocol=6 | dir=in | app=c:\users\rui\desktop\0x1334-20150321-nopics\ygopro.exe |
"TCP Query User{74525339-5B00-4C36-AF61-E9EA94F9705D}C:\users\rui\appdata\local\microsoft\windows\temporary internet files\content.ie5\oxf1z14k\pl_souten[1].exe" = protocol=6 | dir=in | app=c:\users\rui\appdata\local\microsoft\windows\temporary internet files\content.ie5\oxf1z14k\pl_souten[1].exe |
"TCP Query User{75E9DDA4-41D6-402C-89FB-736CBA0B1DC9}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{794188FA-458B-4D5A-827B-FA28A138839A}C:\program files\java\jre1.8.0_60\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_60\bin\javaw.exe |
"TCP Query User{79BDCE52-B526-4F9D-ADD5-22E0E03333B3}C:\users\rui\documents\game\vanpri108\mtsp\mtsp.exe" = protocol=6 | dir=in | app=c:\users\rui\documents\game\vanpri108\mtsp\mtsp.exe |
"TCP Query User{7EBDB04F-1696-4B92-9097-2C6A7E1B1A20}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"TCP Query User{7FAD710B-52A8-439B-A5AC-98FF698E919B}C:\windows\downloaded program files\reactor.exe" = protocol=6 | dir=in | app=c:\windows\downloaded program files\reactor.exe |
"TCP Query User{81F097F2-D4A5-4C55-BC2B-EC44A8AEF7E7}C:\users\rui\appdata\local\microsoft\windows\temporary internet files\content.ie5\48s40cjo\pl_souten[1].exe" = protocol=6 | dir=in | app=c:\users\rui\appdata\local\microsoft\windows\temporary internet files\content.ie5\48s40cjo\pl_souten[1].exe |
"TCP Query User{876B6922-69F3-419C-B9EB-B2D9E9A276BE}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{8815FD8C-F9D1-4BCE-9510-2BB1A73BB7B8}C:\users\rui\appdata\local\temp\low\plauncher.exe" = protocol=6 | dir=in | app=c:\users\rui\appdata\local\temp\low\plauncher.exe |
"TCP Query User{8D1DD92E-DE5D-49C4-9353-B247A79D305F}C:\program files\java\jre1.8.0_51\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_51\bin\javaw.exe |
"TCP Query User{90E18451-FECB-464C-A907-8976E58C509E}C:\program files (x86)\yamaha\netduetto\netduetto.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yamaha\netduetto\netduetto.exe |
"TCP Query User{9593B4FE-2BA4-48DB-BF33-0980C32C4936}C:\users\rui\desktop\0x1334-20150430-nopics\ygopro.exe" = protocol=6 | dir=in | app=c:\users\rui\desktop\0x1334-20150430-nopics\ygopro.exe |
"TCP Query User{96D37560-E123-4408-97B6-4177D25E8985}C:\users\rui\desktop\0x1335-20150801-nopics\ygopro.exe" = protocol=6 | dir=in | app=c:\users\rui\desktop\0x1335-20150801-nopics\ygopro.exe |
"TCP Query User{9A3A329D-DB5C-4D05-9621-9AC850D69AA8}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"TCP Query User{9D3E72B9-7ED8-4502-93CE-5599FB510612}C:\program files\java\jre1.8.0_65\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_65\bin\javaw.exe |
"TCP Query User{A4E4C479-B002-44A3-9F6E-A556EC47FA84}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe |
"TCP Query User{ACFB5157-E6B0-4F87-A286-0A875D672BBB}C:\program files\java\jre1.8.0_25\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\java.exe |
"TCP Query User{AEC479FA-2D39-4698-95DA-AB6891F7DA48}C:\program files (x86)\reaper\reamote.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reaper\reamote.exe |
"TCP Query User{AEEBCA28-876D-4872-8AC7-60D27D0E5717}C:\nether\nether\binaries\win64\nether.exe" = protocol=6 | dir=in | app=c:\nether\nether\binaries\win64\nether.exe |
"TCP Query User{B11D13DD-17D0-473E-BADC-A50E992BB018}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe |
"TCP Query User{B2C4187B-F4F7-4AFE-B6DF-866033EF616C}C:\gameon\alliance of valiant arms\binaries\ava.exe" = protocol=6 | dir=in | app=c:\gameon\alliance of valiant arms\binaries\ava.exe |
"TCP Query User{C23CE220-A27A-46DF-AB72-BE3387BCA68B}C:\program files\cycling '74\max runtime 6.1\maxrt.exe" = protocol=6 | dir=in | app=c:\program files\cycling '74\max runtime 6.1\maxrt.exe |
"TCP Query User{E1F5750D-1C20-464C-9998-2A63BF49CBED}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{F681F16F-FA07-43B3-AED9-7E28513D3603}C:\program files\reaper (x64)\reaper.exe" = protocol=6 | dir=in | app=c:\program files\reaper (x64)\reaper.exe |
"TCP Query User{F6D60745-088D-4226-A73B-B8C901839149}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe |
"UDP Query User{005B9DB3-F385-48D3-A926-0702BE4E296C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{00922489-F40D-4D10-945A-22C3FEF04BE4}C:\users\rui\documents\game\va\mtsp.exe" = protocol=17 | dir=in | app=c:\users\rui\documents\game\va\mtsp.exe |
"UDP Query User{01CF9F6B-E4C9-43D9-B5FC-F01BF5821B22}C:\users\rui\appdata\local\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\rui\appdata\local\teamspeak3-server_win64\ts3server_win64.exe |
"UDP Query User{053FAFB2-8B0A-4EEB-B875-DE4B381C82EF}C:\gameon\alliance of valiant arms\binaries\ava.exe" = protocol=17 | dir=in | app=c:\gameon\alliance of valiant arms\binaries\ava.exe |
"UDP Query User{06700BB6-9E4B-43C6-B442-6AEBE3E48A52}C:\program files\cycling '74\max runtime 6.1\maxrt.exe" = protocol=17 | dir=in | app=c:\program files\cycling '74\max runtime 6.1\maxrt.exe |
"UDP Query User{06A02171-9171-408C-85DD-C8ED8B5FA692}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{0EDD4706-F935-46C4-866F-3B1EB79C3EE7}C:\program files (x86)\upnpcj\upnpcj.exe" = protocol=17 | dir=in | app=c:\program files (x86)\upnpcj\upnpcj.exe |
"UDP Query User{1BA4721E-5F37-47A3-8E2D-F1FB13141591}C:\gameon\blackdesert_live\bin64\blackdesert64.exe" = protocol=17 | dir=in | app=c:\gameon\blackdesert_live\bin64\blackdesert64.exe |
"UDP Query User{237F6179-5A0A-4925-93E4-0012EF1B2B99}C:\users\rui\desktop\portchk_ps3_jp\portchk.exe" = protocol=17 | dir=in | app=c:\users\rui\desktop\portchk_ps3_jp\portchk.exe |
"UDP Query User{2419F7D3-2E71-4F3A-8E62-84EBFF216334}C:\program files\java\jre1.8.0_66\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_66\bin\javaw.exe |
"UDP Query User{2799F9E1-0583-44BE-BB4A-256862E1EF3F}C:\users\rui\appdata\local\temp\low\plauncher.exe" = protocol=17 | dir=in | app=c:\users\rui\appdata\local\temp\low\plauncher.exe |
"UDP Query User{27A92076-360F-4D5D-8517-188583DA108A}C:\users\rui\desktop\0x1335-20150801-nopics\ygopro.exe" = protocol=17 | dir=in | app=c:\users\rui\desktop\0x1335-20150801-nopics\ygopro.exe |
"UDP Query User{287B1AB0-8E80-4A8E-B2F8-E2419400E887}C:\users\rui\desktop\0x1334-20150321-nopics\ygopro.exe" = protocol=17 | dir=in | app=c:\users\rui\desktop\0x1334-20150321-nopics\ygopro.exe |
"UDP Query User{301F546B-433A-4377-84DA-FBA626B4AF35}C:\users\rui\appdata\local\microsoft\windows\temporary internet files\content.ie5\48s40cjo\pl_souten[1].exe" = protocol=17 | dir=in | app=c:\users\rui\appdata\local\microsoft\windows\temporary internet files\content.ie5\48s40cjo\pl_souten[1].exe |
"UDP Query User{31732852-44EC-43F4-9ACB-017034CD6458}C:\program files\reaper (x64)\reaper.exe" = protocol=17 | dir=in | app=c:\program files\reaper (x64)\reaper.exe |
"UDP Query User{3207776E-59E1-424A-BB14-D2CEF3DAF7E4}C:\users\rui\desktop\0x1335-20150623-nopics\ygopro.exe" = protocol=17 | dir=in | app=c:\users\rui\desktop\0x1335-20150623-nopics\ygopro.exe |
"UDP Query User{3216CE57-6B93-4100-826F-BFADC7758075}C:\program files\java\jre1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\javaw.exe |
"UDP Query User{3265542B-CDC9-4C78-950F-9A53F7A63B91}C:\users\rui\documents\game\vanpri108\mtsp\mtsp.exe" = protocol=17 | dir=in | app=c:\users\rui\documents\game\vanpri108\mtsp\mtsp.exe |
"UDP Query User{3541D436-2D4A-4B02-9C69-B3581DF7593A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{3E79CD12-C23A-4748-9AE9-3BEC7DB1CD8F}C:\users\rui\desktop\0x1334-20150430-nopics\ygopro.exe" = protocol=17 | dir=in | app=c:\users\rui\desktop\0x1334-20150430-nopics\ygopro.exe |
"UDP Query User{4184EC00-C36E-4B67-A99B-FCD719E5D089}C:\program files\java\jre1.8.0_25\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_25\bin\java.exe |
"UDP Query User{435F1F9E-25BD-489D-B245-8E943BE33904}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{46964BC1-6D56-4EC5-AC73-11C91A1A7D0A}C:\program files\java\jre1.8.0_65\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_65\bin\javaw.exe |
"UDP Query User{48FC7367-8FC2-496D-8C0E-FAADDACA8FC0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{4D38BE43-416B-404D-A619-C66C830FE8D1}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"UDP Query User{51A67DBC-CEB2-4F7E-A0AB-0C0A17FE1BEB}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"UDP Query User{64EC9BBE-E567-423D-8857-CD1F59E02D00}C:\users\rui\desktop\ツール\ニコ生関係\bouyomichan[1]\bouyomichan.exe" = protocol=17 | dir=in | app=c:\users\rui\desktop\ツール\ニコ生関係\bouyomichan[1]\bouyomichan.exe |
"UDP Query User{6EE825CB-04A5-4B26-B7B1-9BD63263596C}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{7413FA57-CB5C-4C7B-B8C8-7AA8EA7D8C3F}C:\program files (x86)\yamaha\netduetto\netduetto.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yamaha\netduetto\netduetto.exe |
"UDP Query User{7E4B6D88-C0F0-4E22-883C-778E6E3ACC47}C:\program files\java\jre1.8.0_31\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_31\bin\java.exe |
"UDP Query User{83E49022-5AC2-4E5F-BC08-78008C9A3469}C:\program files\java\jre1.8.0_51\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_51\bin\javaw.exe |
"UDP Query User{84AB9F55-B828-4B9C-9285-4097183A28B8}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe |
"UDP Query User{8CAEB0D2-D327-4319-8C5E-5B1487875BAE}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe |
"UDP Query User{8D29F9CF-83CE-40CC-B720-415DF71A640F}C:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_51\bin\javaw.exe |
"UDP Query User{8EFC7BB6-85B9-4F54-9ACB-9871805542D9}C:\program files (x86)\dreamboat\skeedreceiver\skeedreceiver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dreamboat\skeedreceiver\skeedreceiver.exe |
"UDP Query User{90500D6D-E91A-4D67-9C7D-E7057EBA2FF5}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\_uplauncher.exe |
"UDP Query User{9D0A733A-21AC-4B1B-A491-0C6BA18CBF3E}C:\program files\java\jre1.8.0_60\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_60\bin\javaw.exe |
"UDP Query User{A0907FAE-225A-4BE9-B972-FA254A331497}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{A2CA1D86-DBC3-4006-A0F7-C95DB38E8EE5}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"UDP Query User{AD0A2589-59D9-4D47-859D-A1A71D4712D0}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe |
"UDP Query User{BC7C7C5A-0A9B-48A8-9E37-4FD27B4D9EE2}C:\program files (x86)\ncsoft\blade&soul\bin\nctalk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncsoft\blade&soul\bin\nctalk.exe |
&quo

あけましておめでとうございます。
新年最初の作業後のOTLスキャンログも見せていただきました。

ここで重要な確認をお願いします。

【ご自身でDropbox経由で、何か信頼できないファイル等をダウンロードした覚えがありますか？】

OTLスキャンログでpyd関連の怪しいエントリがそれもかなり多数見えてます。

当掲示板に相談に来る普通のユーザーさんならpydを使うようなことはまずないはずでしょうが、使っていたならその内容をレスで教えてください。

まったく覚えもないなら、Dropboxで危険なものをPC内に入れてしまった可能性が大です。

案内しておくと、これまでにも他の方の相談で同様にpydが多数見つかった事例が複数ありましたが、いずれも相談者さんはpydに絡むプログラムを使った覚えはなく、またDropboxを使っていたことも共通していました。

上記の確認のお返事を聞いたうえで次の対処をレスすることになりますが、おそらく高確率でリカバリ対処になりそうなので、必要なデータのバックアップは全部済ませておいてください

Dropboxはごく近しい間の人間とのファイル共有のみに使っており、自覚しているなかでは信頼できないファイルをダウンロードした覚えはありません。
pydというのがどのような物なのかすらわからないですね……。

特に一年ほど前は仕事の為に個人的に使っていたPCですが、現在はゲーム機となり果てているのですでに重要なデータは別のところにあります。
リカバリに関してはそうなっても問題はないです。

普通に使っていたつもりではありましたが、Dropboxはそういった危険を孕んでいるものなのでしょうか？
また自分に問題が発生しているということは、共有している第三者も同じような状態になってしまっているのでしょうか。

レスが遅くなってすみません。
説明も見せていただきました。

>Dropboxはごく近しい間の人間とのファイル共有のみに使っており、自覚しているなかでは信頼できないファイルをダウンロードした覚えはありません。

はい、DBでダウンロードするファイル自体とその作者は信頼できるということですね。

>pydというのがどのような物なのかすらわからないですね……。

これはやはりというところですね。つまりご自身で使った覚えもないわけですか。
大雑把に書くとpyd関連はPythonというプログラムを使って開発や実行する種のファイルで、そういった目的や知識がない方がわざわざPCに入れて使うことはないはずの代物です。
http://docs.python.jp/2/faq/windows.html

ただし、DB自体がプログラミング言語にPythonを使用しているので、その点から考えればOTLでログに見つかるのも不思議ではないでしょう。
ですがユーザー自身が知らぬ間に多数のpydファイルがPC内に保存されているというのはあまり良い動きや経緯とは思えません。
しばらく前から相談者さんのログで、pydファイルがそれも大量にOTLで見つかることから気になってはいましたが、アクセスするたびに履歴としてpydを残すとしたらそれも利用規約に含まれているのでしょうか？
今後もDBを使うなら、その利用規約類を隅々まで熟読をお勧めします。

>普通に使っていたつもりではありましたが、Dropboxはそういった危険を孕んでいるものなのでしょうか？
>また自分に問題が発生しているということは、共有している第三者も同じような状態になってしまっているのでしょうか。

DBに限らずオンラインストレージというものは常に危険は避けられないと認識しましょう。
ご自身のPCのHDD内ではなく、外部のそれも国外のサーバーに保管したファイルを、ういあーるさんや知人さんが必要になった時にわざわざアクセスにいくわけですが、そのアクセスに関するパスワードを知っている人なら外部からいくらでもDLや、保管ファイルの差し替えも可能です。
高容量のファイルを無償で保管するサービスを提供しているストレージ業者は完全な善意によるボランティアでサービス提供しているわけでもないです。
様々な情報履歴を自社に得て、それを別角度から有効に活用することで結果的に会社全体の利益に応用するわけです。
なので悪意の業者や、サーバー業者内に悪意の職員が一人いただけでも預けたファイルやパスワード等はすべて漏えいや、マルウェア改ざんされてしまってもおかしくないわけですね。

逆に業者が管理をしっかりしてくれていても、アクセスするユーザーのPCがマルウェア感染していてDBアクセス時のパスワード等が盗まれていたら、やはり外部から悪用もされるのです。

ストレージで特に多いのは、いわゆるアダルト系の動画ファイルのやり取りです。
海外鯖を置く大手の業者ほど、そういったファイルのやり取りに使われることも多く、アダルトファイルのやり取り目的でなければストレージを使う理由もないなどとのたまう不正ユーザーも少なくありません。
そしてマルウェア感染に使われることが一番多いのもアダルトのファイルです。

信頼できる知人さんと共有するファイルでも、本当に重要なファイル類は外部ストレージには預けないというのがセキュリティ上の鉄則になっています。

さてDB自体は世界的にも有名なサービスで管理もしっかりしているとの評価から、日本国内ユーザーも多いですが、アクセス時の危険が避けられないのはどのストレージでも同じです。

上記を踏まえて、今後もDBや他の業者のストレージを継続使用するかを考えておいてください。
ストレージ自体はうまく使えば非常に便利で有用なサービスではありますが、自分の私見では信頼できる知人との間で使う意味は薄いと考えます。
何よりまともな会社やビジネスマンなら、仕事で取引先の間で文書計算画像等のファイルやり取り時にストレージを使うことはまずないはずです。

ではDBの履歴としたらpydファイルはそのままにしておくのが、以後のDB使用上で必要かもしれませんからそこは自分からは処置しないでおきます。
ですが不安なら一度リカバリできれいな環境にしたうえで、そこからPC環境を仕切り直すことが一番かと思います。
DBの使用可否もその時点で再度考えるといいでしょう。

リカバリを選択するならこの先で指示する作業はしなくていいです。
必要なデータのバックアップをしておいてください。

作業継続するならまた説明に沿って続きの作業をお願いします。

-----------------------------------------------------

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」（赤字のボタン）を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OCustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,OSearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://jp.msn.com/
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 77 EB 35 24 AC CF 01 [binary data]
IE - HKU\S-1-5-21-2257892403-709555731-1166873500-1000\..\SearchScopes,DefaultScope = {36C97336-558E-40D1-A216-5C8E1F0A4D4D}
[2015/12/10 15:03:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu

:Files
C:\Users\Public\Documents\Baidu

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------

整合性の為とは言え、多分ドロップボックスのソフトの
問題です。もし、パソコンの中に残さない事が確実なら、
利用者が変なプログラムをドロップボックスにカスタム
追加している可能性も。

それが動作しない用要請するとか、ドロップボックスの
サポで確認すべき事柄です。連絡入れてみてはいかがで
すか。

しばらく空いてしまいましたが、結果的にリカバリを選択することにしました。
windows updateのほうでも問題があり、エラーコードを元に色々調べていたんですが解決することはできませんでした。
これ以上余計なことをする前に、リカバリしてしまうのが早そうですね。

Dropboxに関しては使用しないというのはなかなか難しい環境ですので、継続して行くかと思います。


ここまで丁寧に教えてくださって、本当に助かりました！