【削除】ブラウザハイジャッカーマルウェア
初めまして、レインと申します。
以前より、Deals shoppingというポップアップ広告と、勝手に別サイトにredirectで飛んでしまうマルウェアに困らされていました。
Spybot(Search & Destroy)とIObitUninstallerを使用しても、対処できない状況となってしまいましたので、相談させて頂きます。
使用しているブラウザはGoogle Chromeでしたが、Google Chromeは危険ということでしたので、現在はFirefoxで書き込みをしております。
下記に、HJTのログとCCインストール情報を貼らせて頂きますので、マルウェア調査のほど、宜しくお願い致します。

■HJTのログ
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:26:08, on 2016/03/09
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18205)

FIREFOX: 45.0 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Users\rain\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files (x86)\NTTE\StartUpToolN\StartUpTool_e.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\sakura\sakura.exe
C:\Program Files (x86)\sakura\sakura.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\rain\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [UMU Station] "C:\Program Files (x86)\UMU\Station.exe" /startup
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
O4 - HKLM\..\Run: [NTTE_OSA_AUS] "C:\Program Files (x86)\NTTE\OSA_Aus\acs.exe" -silent
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Search] C:\Users\rain\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
O4 - HKCU\..\Run: [Amazon Music] "C:\Users\rain\AppData\Local\Amazon Music\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [OPSCheckerAutoRun] "C:\Program Files (x86)\NTTE\virus clear\ESATv6\OPS_Checker.exe" 1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: スタートアップツール.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTE\OSA_SupportTool\start_e.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASRock IO Monitor Service (ASRockIOMon) - Unknown owner - C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Earth Kicker Service - Unknown owner - C:\Program Files (x86)\UMU\Svnok.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboPC EX2 FileCopy Service (TC2Service) - Unknown owner - C:\Windows\system32\TC2Service.exe (file missing)
O23 - Service: TurboPC EX DiskCache Control Service (tpcexdccs) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 12378 bytes


■CCインストール情報
AC3Filter 2.5b Alexander Vigovsky 2014/09/27 15.2 MB 2.5b
Acrobat.com Adobe Systems Incorporated 2014/09/25 1.1.377
Adobe AIR Adobe Systems Incorporated 2015/12/30 2.6.0.19140
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2016/02/10 7.84 MB 20.0.0.306
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2016/02/10 8.40 MB 20.0.0.306
Adobe Reader XI (11.0.14) - Japanese Adobe Systems Incorporated 2016/01/15 205 MB 11.0.14
Amazon Kindle Amazon 2016/02/19 1.14.0.43019
Amazon Music Amazon Services LLC 2015/05/21 3.9.5.820
Apple Application Support(32 ビット) Apple Inc. 2015/02/27 94.2 MB 3.1.2
Apple Application Support(64 ビット) Apple Inc. 2015/02/27 107 MB 3.1.2
Apple Mobile Device Support Apple Inc. 2015/02/27 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 2015/02/27 2.38 MB 2.1.3.127
ASRock App Charger v1.0.6 ASRock Inc. 2014/09/25 1.32 MB 1.0.6
ASRock HDMI Switch v1.0.25 2014/09/25 3.48 MB 1.0.25
ASRock Key Master v1.0.7 2014/09/25 6.08 MB 1.0.7
ASRock SmartConnect v1.0.6 ASRock Inc. 2014/09/25 3.00 MB
ASRock XFast RAM v3.0.2 ASRock Inc. 2014/09/25 12.0 MB
Bonjour Apple Inc. 2015/02/27 2.00 MB 3.0.0.10
BUFFALO TurboPC EX Series 2014/10/04
BUFFALO エアステーション設定ツール BUFFALO INC. 2014/10/12 2.95 MB 2.0.15
BUFFALO パソコン環境表示ツール BUFFALO INC. 2014/10/12 4.17 MB 1.1.0
CCleaner Piriform 2016/03/09 5.15
Corel PaintShop Pro X6 Corel Corporation 2014/11/09 207 MB 16.1.0.48
DMM Player DMM.com 2016/01/24 1.53 MB 1.6.0.0
ebi.BookReader4 eBOOK Initiative Japan Co., Ltd. 2014/11/20 34.1 MB 4.62.5
ESET NOD32 Antivirus ESET, spol s r. o. 2014/09/30 83.2 MB 7.0.302.31
F-Stream Tuning v2.0.48 2014/09/25 84.5 MB 2.0.48
ffdshow x64 v1.3.4532 [2014-07-17] 2014/09/26 15.4 MB 1.3.4532.0
Freemake Video Downloader Ellora Assets Corporation 2016/02/07 53.3 MB 3.8.0
FVD High-Speed Downloader (5.0.1.39) Applian Technologies 2014/10/04 5.0.1.39
GOM Audio Gretech Corporation 2014/10/02 2.0.7.1108
GOM Player Gretech Corporation 2015/10/13 2.2.73.5235
Google Chrome Google Inc. 2015/08/21 49.0.2623.75
Intel(R) Control Center Intel Corporation 2014/09/25 1.2.1.1011
Intel(R) Management Engine Components Intel Corporation 2014/09/25 9.5.14.1724
Intel(R) Network Connections 18.5.54.0 Intel 2014/09/25 25.7 MB 18.5.54.0
Intel(R) Processor Graphics Intel Corporation 2013/08/11 9.18.10.3272
Intel(R) Rapid Storage Technology Intel Corporation 2014/09/25 12.8.0.1016
Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 2014/09/25 3.0.0.66956
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2013/04/26 2.5.0.19
IObit Uninstaller IObit 2016/03/08 21.0 MB 5.2.1.126
iTunes Apple Inc. 2015/02/27 234 MB 12.1.1.4
Java 8 Update 66 Oracle Corporation 2015/12/11 21.1 MB 8.0.660.18
Lhaplus 2014/09/26
LINE LINE Corporation 2015/12/14 4.3.0.724
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 2014/10/15 38.8 MB 4.0.30319
Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 Microsoft Corporation 2014/10/15 2.93 MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 2014/11/20 51.9 MB 4.0.30319
Microsoft Office Professional 2013 - ja-jp Microsoft Corporation 2016/02/28 15.0.4797.1003
Microsoft Silverlight Microsoft Corporation 2014/12/25 50.7 MB 5.1.30514.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2015/03/13 596 KB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/09/25 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/09/25 11.1 MB 10.0.40219
Microsoft マウス キーボード センター Microsoft Corporation 2015/03/08 2.3.188.0
Mozilla Firefox 45.0 (x86 ja) Mozilla 2016/03/09 88.3 MB 45.0
Mozilla Maintenance Service Mozilla 2016/03/09 231 KB 45.0
Pixia Isao Maruoka 2014/11/09 4.78
Pixia ver. 6 Isao Maruoka 2015/12/30 31.2 MB 6.02.0010
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/09/25 6.0.1.7004
sakura editor(サクラエディタ) サクラエディタ開発チーム 2015/06/23 2.93 MB
Splashtop Streamer Splashtop Inc. 2014/09/25 25.6 MB 2.3.0.2
Spybot - Search & Destroy Safer Networking Limited 2014/12/04 1.6.2
VirtualCloneDrive Elaborate Bytes 2015/10/13 5.4.8.0
VLC media player VideoLAN 2016/01/24 2.2.1
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2015/12/30 2.1.0.7
WebTablet FB Plugin 64 bit Wacom Technology Corp. 2015/12/30 2.1.0.7
WinPcap 4.1.2 CACE Technologies 2014/10/15 4.1.0.2001
WinRAR 4.20 beta 3 (32ビット) win.rar GmbH 2014/09/22 4.20.3
Wondershare PDFelement(Build 4.0.0) Wondershare Software Co.,Ltd. 2015/03/13 89.7 MB 4.0.0.3
XFast LAN v9.05 cFos Software GmbH, Bonn 2014/09/25 9.05
XFastUSB ASRock Inc. 2014/09/25 3.02.38
XSplit SplitMediaLabs 2014/09/25 95.7 MB 1.2.1303.0101
XTRM Runtime.06 XTRM CORPORATION 2015/03/17
ぷらら設定ツール 1.2.0.8 OPTiM Corporation 2014/09/25 70.4 MB 1.2.0.8
インテル® スモール・ビジネス・アドバンテージ Intel(R) Corporation 2014/09/25 91.6 MB 2.2.41.8096
スタートアップツール 東日本電信電話株式会社 2014/09/30 2.61 MB 7.3
バッファロー らくらくアップデートツール Buffalo Inc. 2014/10/12 11.0 MB 1.12
フレッツ・ウイルスクリアv6 申込・設定ツール 東日本電信電話株式会社 2014/09/30 3.91 MB 8.2.0.4
リモートサポートツール 東日本電信電話株式会社 2014/09/30
ワコム Wacom Technology Corp. 2015/12/30 5.3.5-3
診断復旧ツール 東日本電信電話株式会社 2014/09/30 23.2 MB
  • レイン
  • 2016/03/09 (Wed) 02:28:31
返信フォームへ 
Yahooもどきもいますね
こんばんは。
いかにも悪の元締めぽいIDの悪代官です。
でも正体は傀儡なので安心してください(爆

説明とログを見せてもらいました。
Deals shoppingだけでもわかりますが、それ以外にもかなり多数食らってますね。
Wondershareに甘損にFreemakeにSplashtop、その他もろもろという感じです。
全部片付くまでにはどうしてもそれなりの手間は避けられないので、時間はかかってもいいですから落ち着いてひとつずつ確実に進めてください。

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」(通称:GU)
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

最初にWindowsUpdateの確認して、必要な更新があればそれを全部更新してください。
ですがWin10への更新はよほど必要でなければ非推奨です。
http://www.japan-secure.com/entry/Windows_Update_7.html

http://www.japan-secure.com/entry/how_to_suppress_the_free_upgrade_of_Windows_10.html

ですがそこで必要な更新ができないようならこの後に説明する作業はせずに更新失敗の旨をレスで教えてください。
WUが正常にできなくすることで、感染の解析処置を阻害してくる危険なマルウェアが激増しているためです。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

少なくとも下記のアプリは旧バージョンです。
ffdshow x64 v1.3.4532 [2014-07-17] 2014/09/26 15.4 MB 1.3.4532.0

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

GUを使って下記をアンインストールしてください。
Adobe Reader XI (11.0.14) - Japanese Adobe Systems Incorporated 2016/01/15 205 MB 11.0.14

Java 8 Update 66 Oracle Corporation 2015/12/11 21.1 MB 8.0.660.18

なお、pdfアプリが必要なら、下記を入れておくといいでしょう。
http://www.forest.impress.co.jp/library/software/pdfxchange/

今度はPCをセーフモードで起動してください(やり方↓)
http://www.pc-master.jp/sousa/s-safemode.html

セーフモードで再度GUを使って、下記をアンインストールしてください。
Amazon Kindle Amazon 2016/02/19 1.14.0.43019

Amazon Music Amazon Services LLC 2015/05/21 3.9.5.820

DMM Player DMM.com 2016/01/24 1.53 MB 1.6.0.0

FVD High-Speed Downloader (5.0.1.39) Applian Technologies 2014/10/04 5.0.1.39

GOM Audio Gretech Corporation 2014/10/02 2.0.7.1108

GOM Player Gretech Corporation 2015/10/13 2.2.73.5235

Splashtop Streamer Splashtop Inc. 2014/09/25 25.6 MB 2.3.0.2

WinPcap 4.1.2 CACE Technologies 2014/10/15 4.1.0.2001

WinRAR 4.20 beta 3 (32ビット) win.rar GmbH 2014/09/22 4.20.3

Wondershare PDFelement(Build 4.0.0) Wondershare Software Co.,Ltd. 2015/03/13 89.7 MB 4.0.0.3

HJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe

O4 - HKCU\..\Run: [Yahoo! Search] C:\Users\rain\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe

O4 - HKCU\..\Run: [Amazon Music] "C:\Users\rain\AppData\Local\Amazon Music\Amazon Music Helper.exe"

O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。

ここでPCを通常モードで再起動してから、スタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。
  • 悪代官
  • 2016/03/09 (Wed) 21:11:28
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
悪代官様、ありがとうございます。
ご指示頂いた作業を実施致しました。
HJTで下記2項目が消えませんでした。
---
 O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
 O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
---

状態報告としては、Chromeでの広告も、Redirectも全くなくなりました。完璧にサクサク動きます。
取り直した両ログと、CCの各ログを貼らせて頂きます。
■HJT_ログ
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:57:06, on 2016/03/10
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)

FIREFOX: 45.0 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Program Files (x86)\NTTE\StartUpToolN\StartUpTool_e.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\sakura\sakura.exe
C:\Users\rain\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O4 - HKLM\..\Run: [UMU Station] "C:\Program Files (x86)\UMU\Station.exe" /startup
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
O4 - HKLM\..\Run: [NTTE_OSA_AUS] "C:\Program Files (x86)\NTTE\OSA_Aus\acs.exe" -silent
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [OPSCheckerAutoRun] "C:\Program Files (x86)\NTTE\virus clear\ESATv6\OPS_Checker.exe" 1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: スタートアップツール.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTE\OSA_SupportTool\start_e.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASRock IO Monitor Service (ASRockIOMon) - Unknown owner - C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Earth Kicker Service - Unknown owner - C:\Program Files (x86)\UMU\Svnok.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Unknown owner - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboPC EX2 FileCopy Service (TC2Service) - Unknown owner - C:\Windows\system32\TC2Service.exe (file missing)
O23 - Service: TurboPC EX DiskCache Control Service (tpcexdccs) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 10377 bytes


■CC_インストール情報ログ
AC3Filter 2.5b Alexander Vigovsky 2014/09/27 15.2 MB 2.5b
Acrobat.com Adobe Systems Incorporated 2014/09/25 1.1.377
Adobe AIR Adobe Systems Incorporated 2015/12/30 2.6.0.19140
Adobe Flash Player 20 ActiveX Adobe Systems Incorporated 2016/02/10 7.84 MB 20.0.0.306
Adobe Flash Player 20 NPAPI Adobe Systems Incorporated 2016/02/10 8.40 MB 20.0.0.306
Apple Application Support(32 ビット) Apple Inc. 2015/02/27 94.2 MB 3.1.2
Apple Application Support(64 ビット) Apple Inc. 2015/02/27 107 MB 3.1.2
Apple Mobile Device Support Apple Inc. 2015/02/27 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 2015/02/27 2.38 MB 2.1.3.127
ASRock App Charger v1.0.6 ASRock Inc. 2014/09/25 1.32 MB 1.0.6
ASRock HDMI Switch v1.0.25 2014/09/25 3.48 MB 1.0.25
ASRock Key Master v1.0.7 2014/09/25 6.08 MB 1.0.7
ASRock SmartConnect v1.0.6 ASRock Inc. 2014/09/25 3.00 MB
ASRock XFast RAM v3.0.2 ASRock Inc. 2014/09/25 12.0 MB
Bonjour Apple Inc. 2015/02/27 2.00 MB 3.0.0.10
BUFFALO TurboPC EX Series 2014/10/04
BUFFALO エアステーション設定ツール BUFFALO INC. 2014/10/12 2.95 MB 2.0.15
BUFFALO パソコン環境表示ツール BUFFALO INC. 2014/10/12 4.17 MB 1.1.0
CCleaner Piriform 2016/03/09 5.15
Corel PaintShop Pro X6 Corel Corporation 2014/11/09 207 MB 16.1.0.48
ebi.BookReader4 eBOOK Initiative Japan Co., Ltd. 2014/11/20 34.1 MB 4.62.5
ESET NOD32 Antivirus ESET, spol s r. o. 2014/09/30 83.2 MB 7.0.302.31
F-Stream Tuning v2.0.48 2014/09/25 84.5 MB 2.0.48
ffdshow x64 v1.3.4532 [2014-07-17] 2014/09/26 15.4 MB 1.3.4532.0
Freemake Video Downloader Ellora Assets Corporation 2016/02/07 53.3 MB 3.8.0
Google Chrome Google Inc. 2015/08/21 49.0.2623.87
Intel(R) Control Center Intel Corporation 2014/09/25 1.2.1.1011
Intel(R) Management Engine Components Intel Corporation 2014/09/25 9.5.14.1724
Intel(R) Network Connections 18.5.54.0 Intel 2014/09/25 25.7 MB 18.5.54.0
Intel(R) Processor Graphics Intel Corporation 2013/08/11 9.18.10.3272
Intel(R) Rapid Storage Technology Intel Corporation 2014/09/25 12.8.0.1016
Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 2014/09/25 3.0.0.66956
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2013/04/26 2.5.0.19
IObit Uninstaller IObit 2016/03/08 21.0 MB 5.2.1.126
iTunes Apple Inc. 2015/02/27 234 MB 12.1.1.4
Lhaplus 2014/09/26
LINE LINE Corporation 2015/12/14 4.3.0.724
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 2014/10/15 38.8 MB 4.0.30319
Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 Microsoft Corporation 2014/10/15 2.93 MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 2014/11/20 51.9 MB 4.0.30319
Microsoft Office Professional 2013 - ja-jp Microsoft Corporation 2016/02/28 15.0.4797.1003
Microsoft Silverlight Microsoft Corporation 2014/12/25 50.7 MB 5.1.30514.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2015/03/13 596 KB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/09/25 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/09/25 11.1 MB 10.0.40219
Microsoft マウス キーボード センター Microsoft Corporation 2015/03/08 2.3.188.0
Mozilla Firefox 45.0 (x86 ja) Mozilla 2016/03/09 88.3 MB 45.0
Mozilla Maintenance Service Mozilla 2016/03/09 231 KB 45.0
Pixia Isao Maruoka 2014/11/09 4.78
Pixia ver. 6 Isao Maruoka 2015/12/30 31.2 MB 6.02.0010
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/09/25 6.0.1.7004
sakura editor(サクラエディタ) サクラエディタ開発チーム 2015/06/23 2.93 MB
Spybot - Search & Destroy Safer Networking Limited 2014/12/04 1.6.2
VirtualCloneDrive Elaborate Bytes 2015/10/13 5.4.8.0
VLC media player VideoLAN 2016/01/24 2.2.1
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2015/12/30 2.1.0.7
WebTablet FB Plugin 64 bit Wacom Technology Corp. 2015/12/30 2.1.0.7
XFast LAN v9.05 cFos Software GmbH, Bonn 2014/09/25 9.05
XFastUSB ASRock Inc. 2014/09/25 3.02.38
XSplit SplitMediaLabs 2014/09/25 95.7 MB 1.2.1303.0101
XTRM Runtime.06 XTRM CORPORATION 2015/03/17
ぷらら設定ツール 1.2.0.8 OPTiM Corporation 2014/09/25 70.4 MB 1.2.0.8
インテル® スモール・ビジネス・アドバンテージ Intel(R) Corporation 2014/09/25 91.6 MB 2.2.41.8096
スタートアップツール 東日本電信電話株式会社 2014/09/30 2.61 MB 7.3
バッファロー らくらくアップデートツール Buffalo Inc. 2014/10/12 11.0 MB 1.12
フレッツ・ウイルスクリアv6 申込・設定ツール 東日本電信電話株式会社 2014/09/30 3.91 MB 8.2.0.4
リモートサポートツール 東日本電信電話株式会社 2014/09/30
ワコム Wacom Technology Corp. 2015/12/30 5.3.5-3
診断復旧ツール 東日本電信電話株式会社 2014/09/30 23.2 MB


■CC_BrPL_IE
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
無効 Extension Skype for Business Click to Call Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
無効 Extension 故障かな?と思ったら・・・ 東日本電信電話株式会社 C:\Program Files (x86)\NTTE\OSA_SupportTool\start_e.exe
有効 Helper ExplorerWnd Helper IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
有効 Helper Microsoft SkyDrive Pro Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
無効 Helper Office Document Cache Handler Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
無効 Helper Office Document Cache Handler Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
無効 Helper Skype for Business Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll


■CC_BrPL_Firefox
無効 Extension DownloadHelper 4.9.24 Michel Gutierrez default Firefox 45.0 C:\Users\rain\AppData\Roaming\Mozilla\Firefox\Profiles\xfbcutld.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
有効 Extension Radio Canyon 0.95 Radio Canyon default Firefox 45.0 C:\Users\rain\AppData\Roaming\Mozilla\Firefox\Profiles\xfbcutld.default\extensions\1853a82e-ce44-4a8c-a6fe-9bcf74a65575@4b6b1c16-5f0a-4ef0-866f-b063e235ef97.com
有効 Plugin Google Update 1.3.29.5 Google Inc. default Firefox 45.0 C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
有効 Plugin Intel® Identity Protection Technology 4.0.5.0 Intel Corporation default Firefox 45.0 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin Intel® Identity Protection Technology 4.0.5.0 Intel Corporation default Firefox 45.0 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default Firefox 45.0 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Microsoft Office 2013 15.0.4514.1000 Microsoft Corporation default Firefox 45.0 C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
有効 Plugin OpenH264 Video Codec 1.5.3 Mozilla Corporation default Firefox 45.0 C:\Users\rain\AppData\Roaming\Mozilla\Firefox\Profiles\xfbcutld.default\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
有効 Plugin Primetime Content Decryption Module provided by Adobe Systems, Incorporated 15 Adobe Systems Inc default Firefox 45.0 C:\Users\rain\AppData\Roaming\Mozilla\Firefox\Profiles\xfbcutld.default\gmp-eme-adobe\15\eme-adobe.dll
有効 Plugin Shockwave Flash 20.0.0.306 Adobe Systems Incorporated default Firefox 45.0 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll
有効 Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default Firefox 45.0 C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
有効 Plugin VLC Web Plugin 2.2.1.0 VideoLAN default Firefox 45.0 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
有効 Plugin WacomTabletPlugin 2.1.0.7 Wacom default Firefox 45.0 C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll


■CC_BrPL_Chrome
有効 App Gmail 8.1 ユーザー 1 C:\Users\rain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google Search 0.0.0.60 ユーザー 1 C:\Users\rain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0
有効 App Google ドライブ 14.1 ユーザー 1 C:\Users\rain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
有効 App YouTube 4.2.8 ユーザー 1 C:\Users\rain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Adblock Super 2.7.8 ユーザー 1 C:\Users\rain\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd\2.7.8_0


■CC_BrPL_Opera
有効 Extension akmijnhpfgblhkbdlnbldpmjgaiognoo 16804.19.8 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\akmijnhpfgblhkbdlnbldpmjgaiognoo\16804.19.8_0
有効 Extension compare for fun 11482.7456.2785 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\pogchimbndbckepmhaagnapfmlfgnala\11482.7456.2785_0
有効 Extension Cool Deals 10229.5901.6873 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\kabhhgmfghlchcfoghldgcoldfphbfee\10229.5901.6873_0
有効 Extension fjmghhldchigdbaebhdeiaecihkdabdn 13715.57.5 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjmghhldchigdbaebhdeiaecihkdabdn\13715.57.5_0
有効 Extension Radio Canyon 1.26.82 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk\1.26.82_0

以上、宜しくお願い致します。
  • レイン
  • 2016/03/10 (Thu) 17:48:21
返信フォームへ 
自分の指示がうっかりしてました
作業と報告、ご苦労様です。
続きのログも見せてもらいました。

>HJTで下記2項目が消えませんでした。

>O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
>O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

はい、わかりました。処置できないものは飛ばして進めてくれればいいです。
と言っても、処置できないのは下記のアプリをアンインストールしてなかったためですね。
>Freemake Video Downloader Ellora Assets Corporation 2016/02/07 53.3 MB 3.8.0

自分がそこを見落としてました。大変失礼しました。
いけねぇ、こいつはうっかりだぁ!(←それ悪代官ポジションじゃないから

ではまた説明に沿って続きの作業をお願いします。

PCをセーフモードで、GUを使って下記をアンインストールしてください。
>Freemake Video Downloader Ellora Assets Corporation 2016/02/07 53.3 MB 3.8.0

削除したらセーフモードのままHJTでスキャンして、下記がまだあればそれをfixです。
>O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
>O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

本体アプリのアンインストール後に消えていればここはスルーでいいです。

PCを通常モードで再起動後、下記のページの説明手順で一度ブラウザのOperaやFirefox、Chromeも削除した後、公式サイトから入れなおしてください。
またIEも「リセット」しておいてください。
なお、Chromeは今後は非使用で行くなら入れなおしもしなくていいです。

ブラウザの処置したらまたCCを起動して、そこで「Windows」タブのログと「コンテキストメニュー」タブのログをとっておいてください。
このログがまだレスに出てないので、これも次回レスで再度見せてください。
それも見てからまた次の対処を指示します
  • 悪代官
  • 2016/03/10 (Thu) 19:43:50
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
悪代官様

いつもお世話になっております。レインです。
すいません。貼り忘れていたログを貼ります。

---
■O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
□O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
---
また、HJTの上記2項目の内、再度アンインストール後、fixしましたが、Freemakeは消せて、SplashtopRは残りました。

状況として、ブラウザはサクサク動いてます。


■CC_startup_windows
有効 HKCU:Run ASRockHDMISwitch
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run Fatal1tySTU
有効 HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
有効 HKCU:RunOnce OPSCheckerAutoRun NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION "C:\Program Files (x86)\NTTE\virus clear\ESATv6\OPS_Checker.exe" 1
有効 HKLM:Run egui ESET "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
有効 HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
有効 HKLM:Run IAStorIcon Intel Corporation "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
有効 HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
有効 HKLM:Run IMSS Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NTTE_OSA_AUS 東日本電信電話株式会社 "C:\Program Files (x86)\NTTE\OSA_Aus\acs.exe" -silent
有効 HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
有効 HKLM:Run TC2Tray BUFFALO INC. "C:\Windows\system32\TC2Tray.exe"
有効 HKLM:Run tpcexTray BUFFALO INC. "C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe"
有効 HKLM:Run TurboPC EX2 C:\Program Files (x86)\BUFFALO\%PROG_FOLDER_NAME_FILECOPY_x86%\TC2Tray.exe
有効 HKLM:Run UMU Station OPTiM Corporation "C:\Program Files (x86)\UMU\Station.exe" /startup
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 HKLM:Run VirtualCloneDrive Elaborate Bytes AG "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
有効 HKLM:Run XFast LAN cFos Software GmbH C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
有効 HKLM:Run XFastUSB FNet Co., Ltd. "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
有効 Startup Common スタートアップツール.lnk C:\Windows\Installer\{ABF2A330-637C-45FC-A1EF-AAA803FB6FE5}\_2482D56151239B506E3E28.exe
有効 Startup User らくらくアップデートツール.lnk Buffalo Inc. C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe


■CC_startup_task
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task cool_deals_helper_service C:\Program Files (x86)\Cool Deals\cool_deals_helper_service.exe /installationtime=1432761754 /AppName='Cool Deals'
有効 Task elbyExecuteWithUAC C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe /e
有効 Task ESET Windows 10 upgrade – Refresh settings ESET C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 7.0\upgrade.exe
有効 Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineCore1d15cc8d756d60c C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task HDMISwitch ASROCK Incorporation C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
有効 Task mL5E4TNbxLUlh6l6pv1k3u C:\Users\rain\AppData\Roaming\mL5E4TNbxLUlh6l6pv1k3u.exe --c=qsVRjUP37T2VUCs4F5/n6drvuf2Cd+3fCh2GPLRSYYiDP21lWqP666Fe2E+dg6ZXuaRKbO9ms+KgRBL8li1WdbwwQdI8BZn/sE+xkVacWDjw41qr5D7J9ghbxNYZ6jf7KAUupPgj/CQx1sfjlYy2IIJflSyFQft6cKLJ/W/YDJmRRZq2qPEgrnmD7OfFxgm0t2egxKZTaNupconOTG9oBYC75KxYIIfvNLmKdBScSA2FyvciGEZaYiU94VXBf/i2M14EDYZrbgcnhYLZ5FGcY1eJk4UB7bkqlV/VSMvxQ45BAMywRzEPfFzFMkv3Wr43l0uxVgEzG2z24NpqPAgUFg==
有効 Task Uninstaller_SkipUac_rain IObit C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
有効 Task {7EF89213-7C72-4FE7-A6CA-F72F5EB1EDAB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a G:\Downloads\coreaacSetup.exe -d G:\Downloads
有効 Task {B152FE56-B526-49B1-9E9E-014855ABD286} Microsoft Corporation C:\Windows\system32\pcalua.exe -a G:\Downloads\mp3gain-win-1_2_5.exe -d G:\Downloads
有効 Task {C7935648-3EE2-4520-AAA8-8DFC97438C06} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\rain\AppData\Local\TNT2\2.0.0.1868\TNT2User.exe -c /UNINSTALL PARTNER=10985
有効 Task {CDBFD130-8A2F-4FB7-A291-A17733FD236E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\rain\Desktop\HijackThis.exe -d C:\Users\rain\Desktop
有効 Task {E4CC01B7-84C1-4796-BC69-B730DB856CEC} Microsoft Corporation C:\Windows\system32\pcalua.exe -a G:\Downloads\mp3gain-win-1_3_4.exe -d G:\Downloads



■CC_startup_menu
有効 Directory Corel PaintShop Pro X6 で参照します Corel, Inc. "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%L"
有効 Directory IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll
有効 Directory VLCメディアプレイヤーで再生 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 Drive Corel PaintShop Pro X6 で参照します Corel, Inc. "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%L"
有効 Drive ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
有効 Drive Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll
有効 Drive VirtualCloneDrive Elaborate Bytes AG C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
有効 File ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
有効 File IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll
有効 File Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll
有効 File VirtualCloneDrive Elaborate Bytes AG C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
有効 Folder ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
有効 Folder IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll
有効 Folder Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll



以上、宜しくお願い致します。

追記:ブラウザはFireFoxで一本で行こうと思うので、Opera関連(入れた覚えない…)は消したいと思ってます。
   ですが、CC_インストール情報ログを見る限りでは、見当たらないのですが、これはどう消したらよろしいでしょうか。
  • レイン
  • 2016/03/11 (Fri) 18:58:05
返信フォームへ 
次はCCでの処置から
作業と報告、ご苦労様です。

>O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
>O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

>また、HJTの上記2項目の内、再度アンインストール後、fixしましたが、Freemakeは消せて、SplashtopRは残りました。

>状況として、ブラウザはサクサク動いてます。

はい、少し沈静化はしたようですがまだ片付いてはいませんね。
続きのログも見せてもらいましたが、やはりまた怪しいものが見えてます。

>ブラウザはFireFoxで一本で行こうと思うので、Opera関連(入れた覚えない…)は消したいと思ってます。
>ですが、CC_インストール情報ログを見る限りでは、見当たらないのですが、これはどう消したらよろしいでしょうか。

わかりました。ではそれものちほど掃除しますが、見えてないところは今は危険もないので後回しでいいです。

ではまた説明に沿って作業をお願いします。

またCCを起動して「Windows」タブ内の下記を選択して「無効」にしたあと続けて「エントリの削除」してください。無効化できないときはそのまま削除でもいいです。
有効 HKCU:Run ASRockHDMISwitch

有効 HKCU:Run Fatal1tySTU

次に「スケジュールされたタスク」内の下記も同様に処置を。
有効 Task cool_deals_helper_service C:\Program Files (x86)\Cool Deals\cool_deals_helper_service.exe /installationtime=1432761754 /AppName='Cool Deals'

有効 Task mL5E4TNbxLUlh6l6pv1k3u C:\Users\rain\AppData\Roaming\mL5E4TNbxLUlh6l6pv1k3u.exe --c=qsVRjUP37T2VUCs4F5/n6drvuf2Cd+3fCh2GPLRSYYiDP21lWqP666Fe2E+dg6ZXuaRKbO9ms+KgRBL8li1WdbwwQdI8BZn/sE+xkVacWDjw41qr5D7J9ghbxNYZ6jf7KAUupPgj/CQx1sfjlYy2IIJflSyFQft6cKLJ/W/YDJmRRZq2qPEgrnmD7OfFxgm0t2egxKZTaNupconOTG9oBYC75KxYIIfvNLmKdBScSA2FyvciGEZaYiU94VXBf/i2M14EDYZrbgcnhYLZ5FGcY1eJk4UB7bkqlV/VSMvxQ45BAMywRzEPfFzFMkv3Wr43l0uxVgEzG2z24NpqPAgUFg==

有効 Task {7EF89213-7C72-4FE7-A6CA-F72F5EB1EDAB} Microsoft Corporation C:\Windows\system32\pcalua.exe -a G:\Downloads\coreaacSetup.exe -d G:\Downloads

CCを終了したら次は下記のツールを準備してください。
「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/

ダウンロード
https://www.malwarebytes.org/mwb-download/thankyou/
ファイル直リンです。保存しておいてください。

使い方の説明サイト
http://www.gigafree.net/security/MalwarebytesAnti-MalwareFree.html

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

次にMBAMも起動して定義のアップデートだけしてから、MBAMも終了しておいてください。

両ツールのアップデートができたらディスククリーンアップを使ってゴミファイルの掃除したあと、PCをセーフモードで再起動してしてください。

続いてPCをセーフモード起動してから、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

ACでの作業ができたら次はMBAMの作業です。
またセーフモード起動してからMBAM起動してスキャンしてください。
MBAM起動したら「スキャン」タブで「カスタムスキャン」選択後、Cドライブを含む全ドライブを選択してください。
それとルートキットスキャンの項目もチェック入れておいてください。

この形でスキャンすると時間はかかりますができるだけ細かくスキャンするためです。

両ツールのスキャンの順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、画面右下にその結果を知らせるメッセージが出るので、それを押すとその結果が表示されるはずです。
そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとしばらくPC状態を様子見後、作業後に保存したACとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。
  • 悪代官
  • 2016/03/11 (Fri) 21:22:47
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
いつもお世話になっております。レインです。
返信が遅れてしまいました。
仕事とスキャンに時間がかかってしまいまして。。。
状況報告としては、快調にFireFoxを使用できております。広告等の出現はありません。
ACとMBAMのログを貼り付け致します。
(MBAMのログ、下記で合ってますか?心配です。)

■AC_ログ
# AdwCleaner v5.028 - ログファイルの作成日 13/03/2016 作成時間 11:55:33
# 更新日 04/01/2016 作成元 Xplode
# データベース : 2015-12-30.1 [ローカル]
# オペレーティングシステム : Windows 7 Professional Service Pack 1 (x64)
# ユーザー名 : rain - RAIN-PC
# 実行場所 : C:\AdwCleaner.exe
# オプション : スキャン
# サポート : http://toolslib.net/forum

***** [ サービス ] *****


***** [ フォルダ ] *****


***** [ ファイル ] *****

ファイル 検出済み項目 : C:\Windows\SysNative\log\iSafeKrnlCall.log

***** [ DLL ] *****


***** [ ショートカット ] *****


***** [ スケジュールタスク ] *****


***** [ レジストリ ] *****

キー 検出済み項目 : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
キー 検出済み項目 : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
キー 検出済み項目 : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}

***** [ Webブラウザ ] *****


*************************

C:\AdwCleaner.exe - [1749504 バイト] - [06/01/2016 07:22:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1255 バイト] ##########


■MBAM_ログ
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/03/13 12:11:57 +0900</date>
<logfile>mbam-log-2016-03-13 (12-10-31).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.0.1024</version>
<malware-database>v2016.03.13.01</malware-database>
<rootkit-database>v2016.03.12.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>RAIN-PC</hostname>
<ip></ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>rain</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>custom</type>
<result>completed</result>
<objects>1352139</objects>
<time>19049</time>
<processes>0</processes>
<modules>0</modules>
<keys>275</keys>
<values>238</values>
<datas>2</datas>
<folders>11</folders>
<files>89</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>ef5620670d8cd462913da366cf32817f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>ef5620670d8cd462913da366cf32817f</hash></key>
<key><path>HKLM\SOFTWARE\Radio Canyon-nv</path><vendor>PUP.Optional.RadioCanyon</vendor><action>success</action><hash>a0a5a6e11188d46225a5b66809fb7987</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Radio Canyon-nv</path><vendor>PUP.Optional.RadioCanyon</vendor><action>success</action><hash>f74e03846c2d53e3fbcfe43a7c884cb4</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{089a2337-f92c-4fd6-89c4-9869b0ab6644}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>4bfab9ceeeab1c1a6c9a70b150b42ad6</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{1b466f6c-dc3a-43cc-be85-cf3645641e49}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>3a0b7b0ce5b43ff7a95dc16056ae2ad6</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{1bdc2c72-ee9f-4712-bc8d-9e9f957080e2}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>073e384f11883df9ae58ea37ce3622de</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{20028c4e-ef35-4336-a227-afedf096d2a7}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>32139fe8e0b9ed49c93dc0619a6a3fc1</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2d11e69f-33c6-44c6-ac04-bb1b36bd5d05}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>192cd2b5cecbf2443ec872afba4a36ca</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2e099d13-43b4-4786-97b8-180d8e368316}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>80c5f88fcdcceb4b61a55fc245bfbc44</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2ed6f06d-c282-422a-bd97-39d8f3b7bfbe}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>1e275b2caaefeb4bf313d8491be929d7</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2edd21db-764b-43cd-81b6-eef43c26704a}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>f94c9dea8118ba7cff07ce53f90bfb05</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{3bcd1a06-f942-43b2-83f3-1b446001ad4c}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>88bd087f1e7b52e49274d051d52f34cc</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{458639bd-68ee-4273-bbab-5c062f563d3b}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>71d4e4a3158496a06b9baa77867e2fd1</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{4658e599-44ac-4503-ad88-1bb24d581e6b}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>1d28ddaae9b01125dc2a9091d82cdc24</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{487feb77-84bf-4620-9b7d-e3091f0d8c1a}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>48fd9fe888118aac9e68b36e3dc710f0</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{5f8e00a8-575d-48e6-8d65-64af80d8d3c1}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>98adc1c6f6a387af2adc8d9448bc51af</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{645cdede-1bea-456e-9de9-65f184313502}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>ac99daad4257b581887e8a97c93b16ea</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{64ffc04b-3304-4dd9-a15c-6a0b789ab072}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>60e57215c1d864d243c3cd5457ad7789</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{66ebe552-c0b3-42d2-8572-ea4c8b37cf9e}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>3f0627600e8b8caa9175180916ee9f61</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{69344dc5-97c6-446f-ab93-78620f9ce080}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>d47104837a1f999d8b7b72af2ada28d8</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{7fe08025-5799-4bbb-b59a-98fc6fb5f287}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>d273691eddbccc6a21e581a06a9a847c</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{8ebc28a2-0eec-4503-8299-d9ab3df68568}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>d86d5136831653e3fd09de439470eb15</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{918d73e6-344e-4cbd-99f6-1e688461e49b}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>a79e3f48e7b29d9903033ee3ef151ee2</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{ac0ddd40-091b-4a3f-89cd-5279f84da3bc}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>f1540a7d287134029175f72ab153857b</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{af16652c-3cdd-4795-b89b-2d9cf16806d6}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>60e5a8dfa8f10135d432ca57c83c3ec2</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{b6bca5b8-0633-4bd4-aff8-a8eac231017e}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>430245425d3c3ef84bbb62bf0cf8f10f</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c1080099-5e1a-43c5-80f0-41cd67821448}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>9fa67d0a8019d95dfc0a38e9e71dcc34</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{cc1c7882-de6a-4305-8b39-485dcaa147b6}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>2025592e4e4b8da90bfbb071cb398a76</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{d0e4096d-22f7-4d51-86f7-85e4dcb81f43}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>c184dbac3c5d7abc030353cef31126da</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{d2016952-a5e4-488e-bc66-1499bf686a8a}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>11344c3be7b245f111f51d0448bc41bf</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f51668dd-f93c-4fee-a9fd-55c8481780d4}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>c77e444331686cca21e5de43669e9c64</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f5598bc7-a9c4-4bd0-8ca5-3b6319e94b10}Gw64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>a89d1a6d9ffaa4925aa834ed7b89e818</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f5598bc7-a9c4-4bd0-8ca5-3b6319e94b10}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>370e9aed3e5b96a0bd492df4857f2dd3</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f7ba53d8-c3df-4a43-84a3-af76826da955}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>43022b5cfe9bf73fdb2bf22f0004cf31</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f8625ba0-c2d7-40f8-b773-382964b0698d}w64</path><vendor>PUP.Optional.Sanbreel</vendor><action>success</action><hash>be877d0adabf4aec7d898a977f851ee2</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}</path><vendor>PUP.Optional.TidyNetwork</vendor><action>success</action><hash>78cd8bfc7722cd693f4f181353b117e9</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{10391F6A-92A9-4C93-AAB9-D3C5FA6DF440}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>b98c3d4addbc6cca0fc6ef11bb49c739</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{107F8311-2414-4993-AB20-2191CAF4ACFE}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>51f44a3d6534e55133a220e021e3fe02</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1319AC7B-EE70-4752-A5F2-4E87959393CC}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>5aeb8bfc039645f1488cce327f8514ec</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{13488AF8-5DED-4537-8B44-247C5F3026EF}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>94b1fd8aeeab989e5a7ad72951b38779</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1406F659-5EF6-4119-A67B-2A16A79DC97C}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>4ef7fb8cc1d8a88e746046ba48bc748c</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{141781C9-2B41-41FA-B4CB-ECF95243A766}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>3d081176cccd44f29045f60a08fc24dc</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{15E73A63-2C06-41D4-A0AB-04B1528FF616}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>3e077710d2c7b185993b40c0d82c15eb</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{17941417-E5D1-4D81-9473-79526DE27F6D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>b68f98ef8e0b989ec90b9c6436ce43bd</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{181CA615-47EA-4793-8AE0-B68D44901890}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>60e54c3bf5a41b1bae2715eb808452ae</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{196DFCB0-8B03-4403-83AC-59D9E8AF3156}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>fc4999eee7b2bb7b05d097697193857b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1A862FCA-3170-4D66-BB24-2791864CF17F}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>11346b1c2b6e61d5795b1ae6f4104db3</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B1C6736-5014-4EAE-9FBF-CF98A27749DB}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1530a8df46538aac2ca9758be51f25db</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1D0823E4-B156-417F-88BC-A08CFEF575E7}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>65e00f7862372412bd18d62ae71d6b95</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DE86F52-C845-4D46-92F8-31DF1435EAA9}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>162fabdc0396e74fdbf954aca95bd52b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DFEB4BA-C1EC-47BC-9783-21AC7E9F2FA8}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>2d183a4d3f5a91a5ddf7827e6c98ab55</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1F1441F7-A6A1-4C9C-9A2D-A714B4E5EA31}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>96aff88fc2d73df918bd3bc5857fc43c</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{218A5195-3548-451C-837C-5E7DC74B1388}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>8bba6e190a8fa096399bb848b74da759</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21A0EB15-50E8-4FDE-8FBC-694F622DA66E}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>a1a4b1d64e4bb97d389d5ba5897b0ef2</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{228CBBD7-2BD5-4E26-B3F4-582F7DDBFF2C}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>35107e09445548eeffd65da356aeec14</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{246A7422-CCA8-426F-A065-DD8A41AD7D9F}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>60e55f28b7e22610d0045da3ab59ce32</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{24E4FA53-FEE7-48DC-9448-7020B1FAB320}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>9da8fd8a1485b1859440857b39cb36ca</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{256C123F-27D4-4437-8BF8-A7D897ADB351}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>98adf09797027abc09ccc63a40c410f0</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26229D65-B99A-4559-AAE5-23FCCFF0742E}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1c294e391782eb4b8550837db84cd030</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2713732D-559E-400F-8596-DF9177B4E1F8}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>e75ecabd3861ba7c00d49070d133d62a</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{284B98DD-D4A9-47A1-AF65-AAB5935CB7FE}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>c5804a3d3d5c2a0c7e57e11f966e2dd3</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{28F1F15A-D871-4A3D-A558-4248E3F954C4}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>4104c5c2d9c0a492dff5c53b14f0c838</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29525403-B219-4984-9BE6-2EF599904739}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>b98c0087f2a785b1ebea24dca65e669a</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B67567D-F9DE-4CF6-BEA4-338110ECC794}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>85c04c3bdabf2214f6dfd42cd52f867a</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2ED1A3E1-C214-4A4C-8695-BCDD8D371084}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>da6bec9b5e3b87afd9fc47b92dd7619f</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{30C9748F-7A95-4254-A2A3-232B7586212E}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>70d5c2c54b4e94a2ab2a709024e0bf41</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{31BDD473-F3CE-45EF-9564-A1A43E5A7B37}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>2e17ec9b7e1bd462e4f0728e897bbe42</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{330BC424-7BF3-4FC9-8E8D-D8A9B013A732}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>f05572151f7a270fa23204fc19eb639d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3567E5EF-5707-401C-BB95-61D6C832613B}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>e065384f58415dd9b024e11f93716b95</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{35AEC0FC-C358-4CC8-9616-A5304323132B}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>4cf90e79455442f47f55629e05ff649c</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{35DED38A-19B5-4EA1-ADE1-F58C1D114A19}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1c293750edac171ff1e38a7602029e62</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3657C4D7-2DD6-4386-9233-12101ADA311D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>e46188ffd3c636008e46d32d3fc532ce</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36622FAE-21F1-4701-9394-30B3355298C0}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>2025aaddedac1224884d52ae51b3936d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{366261B7-2620-432B-8E77-98316549D115}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>a0a53354b4e5ec4a83511de3877d867a</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{37C4209A-F76A-456B-A1C3-47754C60B3ED}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>d86dc7c0f1a8c2746e67798726de5aa6</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{387154F6-5A08-402D-911B-158F6C1F6168}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>fa4bc2c5445565d1ab29a15fb54f42be</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38853550-55C7-488C-A6AA-F4981C61A17D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>9fa65e2960398caa3c9921dfe61ea55b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C77C812-EAEB-494F-B93F-59DD37AEB4AF}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>70d521665a3f81b54f866d9301032ed2</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3D5730B5-E688-4EA4-97DF-C71322519489}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>77cea8df58415bdbfcd98b75ca3a837d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3F945DC6-7015-489E-A287-E437BC97661E}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1b2a04831584181ead2707f91ce81ae6</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4032865D-58D1-4930-AD77-42F99ABA1E35}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>bc893552158478bea034e11f040042be</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4041B7BC-FEFE-43D4-A5A7-3E6F3026E7F8}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1f26ed9ae3b60333b51f5aa628dc46ba</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{425231BC-14BA-4201-8B8C-E655816B562D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1332058299006fc7ca0b40c08b7950b0</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44F05B3E-702E-46BD-8313-7BCF9A434176}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>fc495631b9e03303775db34d8480e719</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{484167BC-195C-481E-BD24-EAE93029D9B6}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>281d42450c8d86b06a6b8b7530d4f60a</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{498CBE77-BDA7-4829-8475-C1DF96A42AF0}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>a79e830459408fa7e6eed32d7c88ef11</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{49F846ED-7081-43CE-AB28-FB109FCDFC34}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>86bffa8d6039a492a72ee51b05ff768a</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4A015970-E0F2-4B56-BF44-94DD8229A53E}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1a2b4a3d910884b2bf16ab5511f3a55b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4A20EE8E-21FE-40A6-AB78-709C543C4C5D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>3b0ac3c4405973c36b69a35d63a108f8</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B159B70-3004-4C9E-BD3A-639E53E77C66}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>81c49cebc9d0db5b7164af518b798878</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4BCBD6C3-8E4B-4F57-80C9-8194EC8DA8DE}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>7dc87d0abfda60d67c5820e08b79b24e</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C09166A-88A4-42F5-B344-1B8F906885A6}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>d174e4a39009de5820b45fa15da74bb5</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C0E1E5F-2DD9-41DC-B3E1-1A8351FE4E7F}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>380d3651aeeb85b1676ef50b55af54ac</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C132E84-8946-4CCA-B6A0-2453B328CF8C}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>5aeb4047f0a9b1852ea758a89173ee12</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CD2758B-6161-4DE0-9845-90FB57F69E58}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>7dc82a5d8d0c81b526aea15f1be909f7</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CF16E5D-639E-4FDE-B34E-E164C65CFC7C}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>063ff493c6d336006173a15f0004eb15</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4DCCF9A4-CEF6-4209-9434-B09F218C611B}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>9ca90780ddbc989e8d48867a0df77f81</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E8C170A-3299-406D-A553-F9D68A89D0A4}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>d3722e59316842f4f4e16898b74dfe02</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4F356E6E-289B-417B-BDD4-59BB3AAB4CFC}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>83c2e3a4544587af31a451af9074b848</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{52B13B8C-AC59-494A-B570-AF5EC75595D2}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>4ff630579207b97d389d28d883818e72</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{52DE5F34-1C8D-4EA4-ADF7-4658EC983E37}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>76cfabdcb9e078be835209f7e222966a</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{54B26864-B888-4966-A7BC-4A55B779F59A}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>9baa4e395940f34321b3bf41986ca060</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{555451F1-164D-4012-9AAF-3F35763FB748}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>97ae2067fe9b86b0637134cc0cf8b050</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5617FA4D-9052-4AA3-9D96-1763C08E998B}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>0c392b5c91082412696bb749947020e0</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{58CDB2A4-F4C1-4A52-90EA-B9DF74AB77A8}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>5ee7e89ff9a00234b81cd828b054c838</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5A37DF07-3ED0-4119-A480-256F5B1E28F8}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>4bfa592e9ffa082e4095de22fd07cb35</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5A79421F-3600-47F5-A68F-835C861E2014}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>b49181060297261026aef907c24233cd</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5AC65272-D042-4BB8-B9F2-D51EB52F7599}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>7acb8ef9cfcade581bb94bb5b74d4eb2</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5ADE9F96-1A3D-40AC-9663-D635ED4A3B77}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>92b3a8df33666cca02d3c43ca75dc739</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B500B4F-2F9D-45BD-905D-A1587B829388}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>044135525b3e57df4194ae520cf80ef2</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B69D84D-796D-4C5B-AA8D-3E2ABC393A6A}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1d289cebe4b5f4422fa51de3788c51af</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BC4F25D-6E12-4BBB-83E0-C26E3A1D16DA}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>5ee79bec4a4f9c9a31a3ce32a361a35d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C26235F-C42B-45C8-913C-10D61643D482}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>3c09e99e198059dddbfaaf5159abf50b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D4BD696-5686-4E4D-9595-386B5AD0EF53}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>7ec7e1a677225cdadff643bdbc4801ff</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5DED96AD-B444-4393-8D10-30EE2CFBAC7C}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>7dc891f6b5e4c86e518306fab94b25db</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E5D22DF-9AC9-4EF7-A280-90ECEAE0E7CF}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>a89d2b5cf1a80c2a0bca69973ec652ae</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{601CC713-F991-45D0-93EA-7FB519B5599D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>172ef196aeeb5cdafcd96b958c78c53b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6053C3FE-A0ED-45D2-9116-9DD1EEBEEF71}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>78cdd2b5c3d66fc7a52f3ec2ed172ed2</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{616B48F5-C1C8-475C-AAF2-C8993937E26A}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>a69f96f1b8e1ec4aede789777c88e917</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{61C03058-B1F3-4AFE-8C86-F34E46ADED5D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>62e30087762361d526ae32cef50fe31d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{61ED43E2-9574-49F0-86B3-DAA5F6786B3B}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>261f15724851e3539f3510f0f1137c84</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{62A70215-2AA7-4154-B75E-CDBD84FB495E}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>ed588205a5f4979fb71e04fc12f223dd</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{62D24ADA-97D2-4132-8736-4E2DF4FE58D3}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>20252562930665d14d87629ebb497e82</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66E95391-9BAA-45D4-AF7F-FFB5B4A1166D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>a2a37710990053e32ba94cb408fc17e9</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{670F4786-4E01-4C21-9CAF-7D76F0AE39AD}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>c382aed92475a98d34a124dc11f3dc24</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{673F0141-9EE2-46D8-AA2A-4DE47E6B1849}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>ef56fb8c702993a3e1f4768a24e0926e</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{67572675-443D-4341-A897-BD25BA158DA7}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>67de45428e0b93a36c6943bd61a39f61</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{67793A9B-9FED-4EEE-9B52-63D3F6AA6376}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>cf76780fbfda2313ac28a0602fd56898</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{67B8C516-545F-4F20-AE3F-995648BFADBA}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>8db86324fa9f8da96b6a0bf5e91b728e</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68CB4268-AAE5-41A5-99F1-70A2C2E823DB}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>3b0af5929405fa3cf3e23ec28282b749</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C7BFE89-7354-4712-8A80-80B84CDEC9A8}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>2f16fc8b1a7fb581cf06f907699b52ae</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6CC50680-7C59-4579-918A-8B7FA24D27D8}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>59ecb0d7acedfd3914c00af6f70d7b85</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D5989CA-12A2-4E40-815F-E198DC447C60}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>04410186d9c049ed26afa55b47bdaa56</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DDF44AE-B010-488C-8E95-F66627A5CD7B}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>f4517d0a3564171fdef6659b818340c0</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{706D632C-D878-4BF6-8F59-1AD7338EBCCE}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>da6b7d0a6d2c81b5fcd8fb0562a252ae</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71858BF0-C63A-4390-9983-11F891328831}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>a99cc4c308918bab4f857789e2222dd3</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}</path><vendor>PUP.Optional.TNT</vendor><action>success</action><hash>7fc6f88f54455fd77c3c8f9c05ff2dd3</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7315EE0B-D98B-4A23-8782-2F3CFE15112B}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1c29daad5940f93d26aef20eb64e649c</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7350C17C-B0AC-4185-B4F4-3FBD14ECADE1}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>2e17e6a1c0d9fe388c48b44cc14307f9</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73995029-76B3-46DC-AEA6-2CECF53D961B}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>c67f375070298caaa62fe41c0bf9e917</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73B8E052-C5A1-49B7-B8CC-C366B95847E9}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>55f0b2d595042412e0f414ece1230af6</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7443AD28-A5E0-414F-83EA-133898E0AA7D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>e560c2c5d2c7c07632a305fb7193a15f</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{74507CE4-EF4E-4849-9D74-EF438EEA385A}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>68dd691e4653c47205cf6b95788cd32d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{745DB4EB-946D-4954-A1EF-A24A3D4CCD60}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>bf868cfb1683f73f696b89779f6520e0</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7470A880-37AC-460E-90C7-50E370C274B6}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>ed584a3d9efb290d6173f60a12f2738d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7496F401-51C7-48AA-B5E0-9A31A2937F28}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>ec59dbac9bfeb97dd301c43c1de705fb</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{75FDADDC-45E4-48C5-9BE4-241D7EF1B2AD}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>46ff26610d8c1b1b08cc3dc36f9533cd</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{76304D84-A01F-42D5-9D33-26252259FF80}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>fc49196e95047cba0acb7c84a55fc040</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{770CE429-3C22-4E09-815D-5815C54FDF30}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>e65f5f281c7d62d47e56a15f49bb847c</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78533958-BD30-45EE-A32B-4699F4518B9A}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1e275b2c9affc47229acef11bf45e917</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78B7552E-3BAA-4D68-82C0-3EB6A27EA284}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>68dd0780afeabc7a2fa67090ed17c23e</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7901580F-41C6-491F-97C5-CBFC47F69EEA}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>7dc82265debb2a0c6e6638c807fd15eb</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7AC50B39-6A5F-481F-AADE-7F3CD27EACDA}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>73d25433debbbf7750854eb29c6822de</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BB773F0-61C3-49E9-9048-CD128CEFBD11}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>2f169becf1a891a585501ae64abaac54</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7BF69F98-9661-4DE3-BDD9-12DA38CBA85D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>c67f711631689c9ad9fc4ab6d232af51</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7E2AF353-A855-4DC3-9266-58F16A5BDEFE}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>6bdaee99ddbce353f2e2ba4651b3f30d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F924F8E-FBBC-4E68-B7DD-B842FE2DE74C}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>82c31f683e5bd5616f66d42c937127d9</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8004BC29-5337-4598-90B4-C96AA92D725A}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>f84d157293062313498c50b0bd47dc24</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{802F434D-10F1-40E6-9581-B67A57688E77}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>5fe6d8afe5b4ce6813c2f20e16eed12f</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81C1FD5A-1530-4B8F-9C72-535815CEE4CD}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>63e246411b7e7db961731ce4dd2739c7</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81E7475F-378B-4C2D-B233-A84ADBFB1653}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>7cc97a0d0c8d81b56b69dd230afa51af</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8377BC7C-FDF5-4681-AA61-A2135CAB32A2}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>b4912c5b326792a4dcf82fd1de2609f7</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{83CBE4CC-CEE0-4950-A79A-A74B2DCA9DCD}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>2124691ef5a494a20fc515eb867e659b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{85E0092C-EA7F-4110-8DF0-54342759FFDE}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>d570493ec7d2a690e1f355ab5da7ad53</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86083503-F6C8-4A9E-B641-40E74519DE55}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>ac995f28ddbcf93de7eda55bbe4626da</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8A38D2F5-70E7-484C-9B6E-46C24661413C}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>52f331563168eb4b696b6997768ed62a</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8A48C67C-D8BF-482C-A852-8438202A8E6D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>57ee8007d0c938fefadb42be3dc7a957</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8B16418D-C8FC-423C-8C3C-1EB2BD17F7EB}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>8eb75b2cbddc2f0717bede22b450649c</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8D1CF4D6-10F1-4DDE-9841-86F64D7FD24D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>80c592f5f8a1ae88e3f10000f1137d83</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8DDFAB20-5482-4644-A7F9-563BCE47F852}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>11341770c9d07eb8d7fdcc34c63e9c64</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{911BFE2E-294A-4A0D-9F71-4835F0E33F77}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>1b2abdca8e0b63d304d1f50b5aaaa35d</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9203FE0A-C0E8-44D2-8980-2E8A2588B9AC}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>b09501862574c373d401bf41e51f3fc1</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92E6D67F-6DF9-4AFB-8C63-31988BD9DEB4}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>f74eb7d0badf989e4c89d22e50b440c0</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{940079D1-4BDB-4389-9818-DC1BE4EBBBD0}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>55f0bbcc7722a492ddf829d79c68f50b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{95E788A6-5724-4E90-A926-D04E579C505F}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>083d384f4554d16533a1cd339c6811ef</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{95FE72F3-79C2-44C6-9E25-BF1F2936DB78}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>aa9bb6d10198bd796f64ce326c98659b</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97D8AEB6-B9F2-44DC-8BDF-697E75D016BD}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>f4513c4bf1a8c076f5e0e020fc0803fd</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{990CDB6C-33E9-42C8-9129-E5815F654056}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>7acb0285e8b134020ec76a960cf850b0</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9952D4E6-8B2B-4641-966E-56366934BEEE}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>73d2afd88f0a4beb7362817f07fd0ff1</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{996F864F-CA58-4656-A9DF-79F9E571AF69}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>78cd7f088d0c0f27874e4fb1be4633cd</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99DE7285-9107-49BC-8B6C-95A19B2781F7}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>153055323e5b81b5d400907059ab27d9</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99E26A61-B600-4AA1-86F4-656A194526EA}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>af9612752673f046e5f020e05fa53ac6</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9B3EA2C9-CBCD-46D3-9879-9260E5474D9A}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>6dd8a0e71b7ec472c41146ba1be955ab</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9EE96530-8663-46A7-A255-C0554ECD85E4}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>ba8ba6e157425fd771636b95a75d33cd</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F5F895A-343D-4F12-A6BB-C2E81CE21D4D}</path><vendor>PUP.Optional.CrossRider</vendor><action>success</action><hash>f64f05827a1faa8c7d5858a8f2129d63</hash></key>
<key><path>HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1BE67B3-1E7D-4D8A-BB4B-96CDB7358F9C}</path><vendor>PUP.Optional.CrossRider</vendor><action&g
  • レイン
  • 2016/03/15 (Tue) 22:26:39
返信フォームへ 
レスが遅くなってごめんなさい
レスが遅くなってすみません。
昨日はネット回線の障害で出てこれませんでした。

>状況報告としては、快調にFireFoxを使用できております。広告等の出現はありません。

症状は落ちついているようですね。
両ログも見せてもらいましたが、CrossRiderを含め多数見つかったようですね。
検出されたものは全部ツール上から隔離処置していればいいです。

それでは沈静化していてもまだ隠れているモノがあるのも確実なので、続きの解析にかかります。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで分割して、複数回に分けてレス送信してください。

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
  • 悪代官
  • 2016/03/17 (Thu) 06:19:05
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
いつもお世話になっております。レインです。
「OTL.txt」と「Extras.txt」をそれぞれ貼り付けします。
ご確認願います。

■OTLログ_1
OTL logfile created on: 2016/03/19 13:37:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.66 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 72.39% Memory free
15.32 Gb Paging File | 13.09 Gb Available in Paging File | 85.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.02 Gb Total Space | 66.02 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 382.61 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 276.06 Gb Free Space | 14.82% Space Free | Partition Type: NTFS
Drive G: | 2794.39 Gb Total Space | 167.77 Gb Free Space | 6.00% Space Free | Partition Type: NTFS
Drive H: | 1863.02 Gb Total Space | 244.95 Gb Free Space | 13.15% Space Free | Partition Type: NTFS

Computer Name: RAIN-PC | User Name: rain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2016/03/19 13:33:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\OTL.exe
PRC - [2015/12/30 15:19:24 | 000,275,744 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2014/10/09 21:06:48 | 001,398,272 | ---- | M] (Project: Sakura-Editor) -- C:\Program Files (x86)\sakura\sakura.exe
PRC - [2014/09/25 11:17:42 | 006,226,624 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2013/12/13 16:39:30 | 001,179,232 | ---- | M] (東日本電信電話株式会社) -- C:\Program Files (x86)\NTTE\StartUpToolN\StartUpTool_e.exe
PRC - [2013/11/21 19:23:24 | 000,064,352 | ---- | M] () -- C:\Program Files (x86)\UMU\Svnok.exe
PRC - [2013/09/25 16:25:22 | 000,077,368 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
PRC - [2013/09/25 16:25:12 | 000,134,712 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2013/09/04 17:26:26 | 002,217,224 | ---- | M] () -- C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
PRC - [2013/09/03 16:53:04 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/09/03 16:52:04 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013/08/07 14:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/05/28 17:58:26 | 000,454,656 | ---- | M] () -- C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
PRC - [2013/04/26 11:25:54 | 000,292,848 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/10/09 08:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/12/23 18:32:40 | 000,355,616 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2015/12/23 18:32:38 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2015/12/23 18:32:36 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2015/11/12 03:08:03 | 001,227,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\59d9abeea4dd4244e2f32b6f56a91b8a\System.WorkflowServices.ni.dll
MOD - [2015/11/12 03:07:46 | 001,077,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1af6144947df0b8826638dd73d4a6f5b\System.ServiceModel.Web.ni.dll
MOD - [2015/11/12 03:02:11 | 013,201,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c22ed5c9276e6d413478bbf872d8d42b\System.Windows.Forms.ni.dll
MOD - [2015/09/10 03:01:45 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dc453f971b3562a435e042403febba85\System.Drawing.ni.dll
MOD - [2015/05/14 03:16:12 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7c0c5ffce7aab1a5d383d05a4767f040\System.ServiceModel.Routing.ni.dll
MOD - [2015/05/14 03:16:11 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f3ad36599123f68ba4ae50591b63f873\System.ServiceModel.Discovery.ni.dll
MOD - [2015/05/14 03:16:10 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1ecc8b3742d4f5b4190619a25d18fdd5\System.ServiceModel.Channels.ni.dll
MOD - [2015/05/14 03:16:04 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d39bfe3a6f95a10bd14ccf372efa56dd\System.ServiceModel.Activities.ni.dll
MOD - [2015/05/14 03:16:02 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3d4df297b3be4a6bf4bb728d879acaf2\System.ServiceModel.ni.dll
MOD - [2015/05/14 03:16:02 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f4773a2fc005c941bc0ada12d083bae1\System.IdentityModel.ni.dll
MOD - [2015/05/14 03:14:58 | 001,021,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\60b84876bc5fb23c7f508d6ca98d90b6\System.Runtime.DurableInstancing.ni.dll
MOD - [2015/05/14 03:14:57 | 002,656,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a0340dc8d816c4923b31e0d0c88f47b\System.Runtime.Serialization.ni.dll
MOD - [2015/05/14 03:04:46 | 007,054,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a3cbcc8df950322da15afc9a941382c4\System.Core.ni.dll
MOD - [2015/05/14 03:04:43 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\729392c0aa9a77004720a2e753c68c4f\System.Configuration.ni.dll
MOD - [2014/10/17 06:01:52 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4ba79815456e7b20ded9a13e93330073\SMDiagnostics.ni.dll
MOD - [2014/10/17 06:01:51 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\670599c8f5dd78f6f85720f22378ba44\System.Xaml.ni.dll
MOD - [2014/10/17 03:14:31 | 005,632,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\c638224a0cded3f77fbd53267b2570e8\System.Xml.ni.dll
MOD - [2014/10/17 03:14:29 | 009,102,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fe366a233dc2bfa179bd8de9c22a6b47\System.ni.dll
MOD - [2014/10/17 03:14:26 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2da98a47dc4eea62987433166493b21b\mscorlib.ni.dll
MOD - [2013/09/04 17:26:26 | 002,217,224 | ---- | M] () -- C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2016/02/09 03:14:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2016/01/20 02:23:18 | 002,809,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:[b]64bit:[/b] - [2014/08/20 04:12:17 | 000,656,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:[b]64bit:[/b] - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2013/09/02 12:45:56 | 000,054,976 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (intelsba)
SRV:[b]64bit:[/b] - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:[b]64bit:[/b] - [2013/07/08 21:30:24 | 000,195,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/05/31 16:23:36 | 000,652,640 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2012/07/18 11:22:00 | 000,308,120 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Windows\SysNative\TC2Service.exe -- (TC2Service)
SRV:[b]64bit:[/b] - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016/03/11 19:28:07 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/03/04 09:33:41 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/01/14 10:59:02 | 002,945,312 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/21 19:23:24 | 000,064,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\UMU\Svnok.exe -- (Earth Kicker Service)
SRV - [2013/09/25 16:25:12 | 000,134,712 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe -- (tpcexdccs)
SRV - [2013/09/03 16:53:04 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/03 16:52:04 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/11 12:51:36 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/05/28 17:58:26 | 000,454,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe -- (ASRockIOMon)
SRV - [2012/09/18 14:20:26 | 000,171,072 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2016/02/27 13:12:29 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:[b]64bit:[/b] - [2016/01/06 06:53:53 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:[b]64bit:[/b] - [2015/10/05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:[/b] - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2014/12/21 07:31:04 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2014/09/25 11:17:42 | 000,016,648 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:[b]64bit:[/b] - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/07 03:15:50 | 000,102,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:[b]64bit:[/b] - [2014/08/07 03:15:50 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:[b]64bit:[/b] - [2014/08/07 03:15:50 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:[b]64bit:[/b] - [2014/05/04 01:53:40 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2014/03/19 15:23:28 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:[b]64bit:[/b] - [2014/03/19 15:23:28 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:[b]64bit:[/b] - [2013/09/17 14:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2013/09/17 14:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2013/09/17 14:17:38 | 000,157,432 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:[b]64bit:[/b] - [2013/09/09 20:06:50 | 000,020,232 | ---- | M] (ASRock Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AsrHidFilter.sys -- (AsrHidFilter)
DRV:[b]64bit:[/b] - [2013/09/03 16:52:04 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2013/08/08 08:53:56 | 000,452,088 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2013/08/08 08:44:52 | 004,448,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013/08/07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2013/08/07 14:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:[b]64bit:[/b] - [2013/05/31 16:23:40 | 001,814,880 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:[b]64bit:[/b] - [2013/05/30 09:54:40 | 000,495,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d62x64.sys -- (e1dexpress)
DRV:[b]64bit:[/b] - [2013/05/09 16:50:48 | 000,040,200 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:[b]64bit:[/b] - [2013/04/26 11:24:58 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2013/04/26 11:24:56 | 000,786,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2013/04/26 11:24:56 | 000,368,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012/12/17 10:15:00 | 000,027,016 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bftpusbx64.sys -- (bftpusbx)
DRV:[b]64bit:[/b] - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/11/07 10:13:06 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:[b]64bit:[/b] - [2011/07/13 15:22:00 | 000,072,016 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\bftpdskc64.sys -- (bftpdskc)
DRV:[b]64bit:[/b] - [2011/02/12 06:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/10/04 16:34:27 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2014/09/25 11:17:31 | 000,022,280 | ---- | M] (ASRock Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AsrDrv101.sys -- (AsrDrv101)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2995409366-2640225022-34205592-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2995409366-2640225022-34205592-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-2995409366-2640225022-34205592-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-2995409366-2640225022-34205592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2995409366-2640225022-34205592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2014/09/30 18:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/09/30 18:29:43 | 000,000,000 | ---D | M]

[2014/09/25 15:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rain\AppData\Roaming\mozilla\Extensions
[2016/03/09 01:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rain\AppData\Roaming\mozilla\Firefox\Profiles\xfbcutld.default\extensions
[2014/10/04 01:32:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\rain\AppData\Roaming\mozilla\Firefox\Profiles\xfbcutld.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2016/03/09 01:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/03/19 12:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2995409366-2640225022-34205592-1000\..\Toolbar\WebBrowser: (no name) - {6B5CB735-F8A4-434E-AD43-DDBA3471FBAD} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [TC2Tray] C:\Windows\SysNative\TC2Tray.exe (BUFFALO INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [tpcexTray] C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe (BUFFALO INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [TurboPC EX2] C:\Program Files (x86)\BUFFALO\%PROG_FOLDER_NAME_FILECOPY_x86%\TC2Tray.exe File not found
O4:[b]64bit:[/b] - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NTTE_OSA_AUS] C:\Program Files (x86)\NTTE\OSA_Aus\acs.exe (東日本電信電話株式会社)
O4 - HKLM..\Run: [UMU Station] C:\Program Files (x86)\UMU\Station.exe (OPTiM Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2995409366-2640225022-34205592-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2995409366-2640225022-34205592-1000..\RunOnce: [OPSCheckerAutoRun] C:\Program Files (x86)\NTTE\virus clear\ESATv6\OPS_Checker.exe (NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION)
O4 - Startup: C:\Users\rain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\らくらくアップデートツール.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTE\OSA_SupportTool\start_e.exe (東日本電信電話株式会社)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEF73253-93EA-4F26-BB84-1D0CF51A623D}: DhcpNameServer = 192.168.11.1
O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/12/04 12:13:16 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/06/20 20:11:51 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/10/04 17:15:02 | 000,000,031 | R--- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1fe8f7cd-4217-11e4-9eb0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1fe8f7cd-4217-11e4-9eb0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
  • レイン
  • 2016/03/19 (Sat) 13:48:11
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
■OTLログ_2
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/03/16 22:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2016/03/16 22:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2016/03/14 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2016/03/13 12:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdwCleaner
[2016/03/13 11:40:34 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/03/13 11:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/03/13 11:40:24 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/03/13 11:40:24 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/03/13 11:40:24 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/03/13 11:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/03/13 11:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/03/10 00:12:22 | 003,169,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016/03/10 00:12:22 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016/03/10 00:12:22 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2016/03/10 00:12:22 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016/03/10 00:12:22 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2016/03/10 00:12:22 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016/03/10 00:12:22 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016/03/10 00:12:22 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2016/03/10 00:12:22 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2016/03/10 00:12:22 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2016/03/10 00:12:22 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016/03/10 00:12:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2016/03/10 00:12:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2016/03/10 00:12:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2016/03/10 00:12:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2016/03/10 00:12:21 | 000,862,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2016/03/10 00:12:20 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016/03/10 00:12:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/03/10 00:12:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/03/10 00:12:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016/03/10 00:12:20 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/03/10 00:12:20 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016/03/10 00:12:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/03/10 00:12:19 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016/03/10 00:12:19 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/03/10 00:12:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016/03/10 00:12:19 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/03/10 00:12:19 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016/03/10 00:12:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016/03/10 00:12:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/03/10 00:12:19 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/03/10 00:12:18 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/03/10 00:12:18 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/03/10 00:12:18 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016/03/10 00:12:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/03/10 00:12:18 | 000,798,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/03/10 00:12:18 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/03/10 00:12:18 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/03/10 00:12:18 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/03/10 00:12:18 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016/03/10 00:12:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016/03/10 00:12:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016/03/10 00:12:17 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/03/10 00:12:17 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016/03/10 00:12:17 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/03/10 00:12:17 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016/03/10 00:12:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/03/10 00:12:17 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/03/10 00:12:17 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/03/10 00:12:17 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/03/10 00:12:16 | 006,052,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/03/10 00:12:16 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016/03/10 00:12:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/03/10 00:12:16 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016/03/10 00:12:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016/03/10 00:12:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016/03/10 00:12:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/03/10 00:12:15 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016/03/10 00:12:15 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016/03/10 00:12:05 | 005,572,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/03/10 00:12:05 | 003,994,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/03/10 00:12:05 | 003,938,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/03/10 00:12:05 | 001,733,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/03/10 00:12:05 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/03/10 00:12:04 | 001,461,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/03/10 00:12:04 | 001,214,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016/03/10 00:12:04 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016/03/10 00:12:04 | 000,880,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/03/10 00:12:04 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/03/10 00:12:04 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016/03/10 00:12:04 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016/03/10 00:12:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016/03/10 00:12:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016/03/10 00:12:04 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/03/10 00:12:04 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016/03/10 00:12:04 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016/03/10 00:12:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016/03/10 00:12:04 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/03/10 00:12:04 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016/03/10 00:12:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016/03/10 00:12:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016/03/10 00:12:04 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016/03/10 00:12:04 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/03/10 00:12:04 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016/03/10 00:12:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016/03/10 00:12:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/03/10 00:12:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016/03/10 00:12:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016/03/10 00:12:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016/03/10 00:12:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016/03/10 00:12:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/03/10 00:12:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016/03/10 00:12:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/03/10 00:12:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016/03/10 00:12:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/03/10 00:12:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/03/10 00:12:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016/03/10 00:12:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/03/10 00:12:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016/03/10 00:12:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/03/10 00:12:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016/03/10 00:12:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/03/10 00:12:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/03/10 00:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/03/10 00:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016/03/10 00:12:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/03/10 00:12:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2016/03/10 00:12:01 | 000,372,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016/03/10 00:12:01 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/03/10 00:12:01 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2016/03/10 00:12:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016/03/10 00:12:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016/03/10 00:12:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016/03/10 00:12:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016/03/10 00:12:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016/03/10 00:12:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016/03/10 00:12:00 | 014,634,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2016/03/10 00:12:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2016/03/10 00:12:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2016/03/10 00:12:00 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2016/03/10 00:12:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2016/03/10 00:12:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2016/03/10 00:12:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2016/03/10 00:12:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2016/03/10 00:12:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2016/03/10 00:12:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2016/03/09 23:36:29 | 000,000,000 | ---D | C] -- C:\Users\rain\Desktop\backups
[2016/03/09 02:23:11 | 011,199,448 | ---- | C] (VS Revo Group ) -- C:\Users\rain\Desktop\RevoUninProSetup.exe
[2016/03/09 02:22:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\rain\Desktop\HijackThis.exe
[2016/03/09 01:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2016/03/09 01:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/03/09 01:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016/03/09 01:47:58 | 000,000,000 | ---D | C] -- C:\Users\rain\AppData\Roaming\Geek Uninstaller
[2016/03/09 01:46:46 | 006,358,040 | ---- | C] (Geek Uninstaller) -- C:\Users\rain\Desktop\geek.exe
[2016/03/09 01:27:08 | 006,837,784 | ---- | C] (Piriform Ltd) -- C:\Users\rain\Desktop\ccsetup515.exe
[2016/03/08 08:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2016/02/19 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\rain\Documents\My Kindle Content
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/03/19 13:28:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/03/19 12:23:23 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/03/19 12:23:23 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/03/19 12:19:51 | 001,310,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/03/19 12:19:51 | 000,652,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/03/19 12:19:51 | 000,410,876 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2016/03/19 12:19:51 | 000,121,532 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2016/03/19 12:19:51 | 000,121,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/03/19 12:15:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/03/19 12:15:15 | 1874,751,487 | -HS- | M] () -- C:\hiberfil.sys
[2016/03/17 00:16:32 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_rain.job
[2016/03/13 19:33:19 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/03/13 11:40:26 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/03/11 19:28:07 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/03/11 19:28:07 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/03/10 13:24:39 | 000,616,653 | ---- | M] () -- C:\Users\rain\Desktop\yokokawatsushin201603.pdf
[2016/03/10 03:21:05 | 000,476,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/03/09 02:00:06 | 000,326,008 | ---- | M] () -- C:\Users\rain\Desktop\bookmarks_2016_03_09.html
[2016/03/09 01:57:17 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/03/09 01:55:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/03/09 01:53:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\rain\Desktop\HijackThis.exe
[2016/03/09 01:27:31 | 006,837,784 | ---- | M] (Piriform Ltd) -- C:\Users\rain\Desktop\ccsetup515.exe
[2016/03/09 01:24:51 | 011,199,448 | ---- | M] (VS Revo Group ) -- C:\Users\rain\Desktop\RevoUninProSetup.exe
[2016/03/08 08:13:35 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2016/03/08 03:04:38 | 000,963,345 | ---- | M] () -- C:\Users\rain\Desktop\5c8514d3.jpg
[2016/03/08 02:52:47 | 001,093,241 | ---- | M] () -- C:\Users\rain\Desktop\f9eb7e17.jpg
[2016/02/27 21:57:08 | 005,317,060 | ---- | M] () -- C:\Users\rain\Desktop\すみまるーと.pdf
[2016/02/27 13:12:29 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2016/02/25 20:03:33 | 000,958,055 | ---- | M] () -- C:\Users\rain\Desktop\wowow_monthly201602_prime.pdf
[2016/02/25 20:03:30 | 000,936,132 | ---- | M] () -- C:\Users\rain\Desktop\wowow_monthly201602_live.pdf
[2016/02/25 20:03:28 | 000,981,849 | ---- | M] () -- C:\Users\rain\Desktop\wowow_monthly201602_cinema.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/03/16 00:31:45 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_rain.job
[2016/03/13 11:40:26 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/03/09 02:00:06 | 000,326,008 | ---- | C] () -- C:\Users\rain\Desktop\bookmarks_2016_03_09.html
[2016/03/09 01:57:17 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2016/03/09 01:57:17 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/03/09 01:55:47 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/03/09 00:20:04 | 000,616,653 | ---- | C] () -- C:\Users\rain\Desktop\yokokawatsushin201603.pdf
[2016/03/08 08:13:35 | 000,001,366 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
[2016/03/08 03:04:37 | 000,963,345 | ---- | C] () -- C:\Users\rain\Desktop\5c8514d3.jpg
[2016/03/08 02:52:47 | 001,093,241 | ---- | C] () -- C:\Users\rain\Desktop\f9eb7e17.jpg
[2016/02/27 21:57:07 | 005,317,060 | ---- | C] () -- C:\Users\rain\Desktop\すみまるーと.pdf
[2016/02/25 20:03:33 | 000,958,055 | ---- | C] () -- C:\Users\rain\Desktop\wowow_monthly201602_prime.pdf
[2016/02/25 20:03:30 | 000,936,132 | ---- | C] () -- C:\Users\rain\Desktop\wowow_monthly201602_live.pdf
[2016/02/25 20:03:24 | 000,981,849 | ---- | C] () -- C:\Users\rain\Desktop\wowow_monthly201602_cinema.pdf
[2015/03/31 17:14:20 | 000,005,655 | ---- | C] () -- C:\Users\rain\AppData\Roaming\mL5E4TNbxLUlh6l6pv1k3u
[2014/11/01 09:56:40 | 000,000,860 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/04 00:29:14 | 000,017,439 | ---- | C] () -- C:\Windows\UN110613.INI
[2014/09/25 11:10:51 | 001,291,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/25 11:10:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/09/25 11:08:52 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/09/25 11:08:51 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2014/09/25 11:08:51 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/07 03:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/07 02:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2014/12/28 14:07:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2016/03/17 00:16:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2015/12/30 15:50:03 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/09/25 11:10:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2014/09/25 11:23:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage
[2015/10/04 16:34:02 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\IObit\LiveUpdate\update
[2014/10/10 22:34:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2015/10/18 17:31:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\Apple Computer\iTunes\SC Info
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2011/04/12 17:00:57 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2014/09/22 14:32:01 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2014/10/10 22:34:06 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Common Files
[2015/10/18 17:31:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Apple Computer\iTunes\SC Info
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2011/04/12 17:00:57 | 000,000,000 | RH-D | M] -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2009/07/14 12:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2016/03/17 00:16:49 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 11:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2014/09/30 17:56:26 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2014/10/05 06:08:23 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2014/09/22 14:32:03 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData
[2014/10/03 15:24:06 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2014/09/22 14:32:14 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2014/09/22 15:10:02 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2014/09/23 20:35:08 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2014/09/22 14:32:15 | 000,000,000 | RH-D | M] -- C:\Users\rain\AppData\Local\Microsoft\Windows\Burn\Burn
[2014/09/26 09:42:50 | 000,000,000 | RH-D | M] -- C:\Users\rain\AppData\Local\Microsoft\Windows\Burn\Burn1
[2014/10/10 22:33:29 | 000,000,000 | RH-D | M] -- C:\Users\rain\AppData\Local\Microsoft\Windows\Burn\Burn2
[2014/10/10 22:56:32 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Local\VirtualStore\ProgramData
[2014/10/08 19:14:27 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/11/06 22:53:59 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Roaming\Microsoft\Windows\DNTException\Low
[2014/09/25 19:26:38 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2014/09/25 19:26:38 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
[2015/03/17 19:33:58 | 000,000,000 | -H-D | M] -- C:\Users\rain\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2014/09/30 17:35:43 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2014/10/25 03:34:07 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2015/01/31 23:58:35 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\アート キャッシュ

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2016/03/19 13:28:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/03/17 00:16:32 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_rain.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA THNSNJ128GCSU SCSI Disk Device (TurboPC EX)
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD6400AAKS-22A7B SCSI Disk Device (TurboPC EX)
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD20EARX-00PASB0 SCSI Disk Device (TurboPC EX)
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD30EZRX-00D8PB0 SCSI Disk Device (TurboPC EX)
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: BUFFALO External HDD USB Device (TurboPC EX)
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 119.00GB
Starting Offset: 240123904
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 596.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #3, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2,794.00GB
Starting Offset: 135266304
Hidden sectors: 0


DeviceID: Disk #4, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 32768
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2015/06/16 06:45:34 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2016/02/12 02:32:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:56 | 000,187,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2015/02/03 12:12:14 | 000,143,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2016/02/12 02:32:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2016/02/09 18:55:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2016/02/12 02:32:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/06 02:56:14 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2015/02/03 12:30:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2015/06/16 06:44:47 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2015/06/16 06:42:49 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2016/02/13 03:22:06 | 002,610,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >
  • レイン
  • 2016/03/19 (Sat) 13:49:12
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
■Extrasログ_1
OTL Extras logfile created on: 2016/03/19 13:37:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18230)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.66 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 72.39% Memory free
15.32 Gb Paging File | 13.09 Gb Available in Paging File | 85.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.02 Gb Total Space | 66.02 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 382.61 Gb Free Space | 64.18% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 276.06 Gb Free Space | 14.82% Space Free | Partition Type: NTFS
Drive G: | 2794.39 Gb Total Space | 167.77 Gb Free Space | 6.00% Space Free | Partition Type: NTFS
Drive H: | 1863.02 Gb Total Space | 244.95 Gb Free Space | 13.15% Space Free | Partition Type: NTFS

Computer Name: RAIN-PC | User Name: rain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2995409366-2640225022-34205592-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Corel PaintShop Pro X6 で参照します] -- "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Corel PaintShop Pro X6 で参照します] -- "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0229DFDD-5674-4D25-8A85-71F065146B82}" = lport=10243 | protocol=6 | dir=in | app=system |
"{077CD4CF-D488-491E-835E-9E9A83B41607}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2611CF86-7922-48B8-AB2A-87E30F7AAF75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2B428C4D-13B9-4988-9D36-DA43C252F9E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{33AA137C-0D96-4EED-AD9D-B7EF31F6BBCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4A4550C0-9DF7-4DAF-9C3D-2BDBFDC0D412}" = rport=139 | protocol=6 | dir=out | app=system |
"{51311D03-2951-4013-809C-832B405B0878}" = rport=10243 | protocol=6 | dir=out | app=system |
"{678E6814-A432-49A4-A5A2-F0C39614B2D7}" = rport=445 | protocol=6 | dir=out | app=system |
"{80F64245-670A-468A-9679-4351C535EAAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81AC3ED6-65EE-48F1-B392-C08303E9BFFC}" = lport=138 | protocol=17 | dir=in | app=system |
"{94E36D41-246B-440B-8EBB-CE3136A93D18}" = lport=137 | protocol=17 | dir=in | app=system |
"{9CE59E92-70D0-429C-99E5-C448C58D6C93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A60CC381-4DB2-44FA-8925-F6F9558CF776}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC0939FB-3C05-41E8-8FB3-D500A874DBF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B15353C0-0ED2-459D-A700-C34B11C0F31B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B28FBCB1-9694-4F64-8C00-09BE398C7AC2}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5BC5399-5FA5-4984-9ACD-1FF345C13810}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{D70FC73E-493D-4BAD-9DAB-510C1C38794B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9FEC0B6-7469-41BC-B3CE-73EC6C6FA2E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7EEFB7C-5506-4513-8ABA-711621D2F573}" = rport=137 | protocol=17 | dir=out | app=system |
"{EAC1F5F1-74F4-49EA-9B93-1C060ADDF0D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA5AEF83-7F17-4080-BF41-02003A59E26A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03584982-25E2-4555-9B5D-2B740BF9F2D0}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{0C269805-1C0D-4675-8A9A-A4A37FF4DF72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13AA7D55-E585-4AC4-A2AF-3A6F47923F36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17B8EC67-E8F1-4EDF-A9CB-AFEA86568278}" = protocol=6 | dir=out | app=system |
"{2FF6AB3B-F1CB-414F-802D-5962A550B3CF}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{3437141D-CC6D-426F-B3E7-2168051FC3FE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{389B2155-A801-4DD4-9311-266120C61CA2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4512343E-F44C-4CF8-945F-1F53C00B0CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\fvd high-speed downloader\jfvdhsdp.exe |
"{52B810CF-8543-472A-A4FC-AD914C78BF3D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5355D11C-970C-40BA-9CB8-15685DF8BFEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{553BD13B-6393-48DE-BB2B-0E60CF0E2608}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{747CA68E-A5F7-4E43-94F4-CD0981300B91}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{74BD07B5-7FFE-4BF1-B5AD-EA91FE66FFDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77ABB267-5E94-466F-BACE-B808DA40AF0E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{781E6876-452D-4CDC-BB58-6963B45B9D8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DD23A7A-40D1-4182-A236-2AC0122A447E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A38BF64F-9C4E-4AE4-9F29-663C2F85F94B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{AC018F73-9613-4C40-BABD-3C1F49B53DC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3A92249-8A71-4E16-97CE-B12CD354557A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7ACA17F-2510-4556-99FB-16C9D45806BD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C218E620-0FEB-41A1-8BA2-CED6DE09E453}" = protocol=58 | dir=in | app=system |
"{C615391A-C4D7-4A02-9390-91C7CC37E3DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D274C122-C9A8-4CAA-AE5C-0835F0C20C1B}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\fvd high-speed downloader\jfvdhsdp.exe |
"{D7F86AD8-16C5-472F-8AE3-181C324D6C19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D99E238F-C9D7-4737-8FF5-B2CC9C056CE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFA3379D-C4B5-43EE-B729-AEE684EDC6A4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5753632-9EAA-4EC8-AC20-59A7E68A0296}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EB71BF25-4BC4-48FA-94F5-2356FB1AA9E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F21662DB-ACE1-4906-97BE-6EB120F0385D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F62C042D-8990-48BB-A8B9-307D7EB24E42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F82826FC-493F-4B31-8F1E-44CAA4D724F4}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{FD2BF217-1666-4873-B1BC-2996192D86B5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DF7096B-715A-4233-8633-C7A16ED6D616}" = Apple Application Support(64 ビット)
"{16582334-495C-4F1C-A66B-3BFD8866B674}" = PSPPro64
"{1678F86C-889D-4198-8249-F4625058256B}" = IPM_PSP_COM64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft マウス キーボード センター
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B5B6BB3-DA04-4B56-AE17-DDBF3F446888}" = Intel(R) Network Connections 18.5.54.0
"{54F2237F-018C-483B-8884-9FC0D88840C3}" = VC_CRT_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel(R) Rapid Storage Technology
"{9F1F4E90-5808-3CA8-8FF6-A5B0E60AF268}" = Microsoft .NET Framework 4 Client Profile JPN Language Pack
"{C4123106-B685-48E6-B9BD-E4F911841EB4}" = Apple Mobile Device Support
"{D227565A-0033-40AD-89BA-653A205CDC11}" = iTunes
"{D3305089-C309-4FD5-8CE7-306E712FEA29}" = ESET NOD32 Antivirus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7-Zip" = 7-Zip 15.14 (x64)
"ASRock App Charger_is1" = ASRock App Charger v1.0.6
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v3.0.2
"CCleaner" = CCleaner
"ffdshow64_is1" = ffdshow x64 v1.3.4532 [2014-07-17]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile JPN Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - 日本語
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft マウス キーボード センター
"Pen Tablet Driver" = ワコム
"ProfessionalRetail - ja-jp" = Microsoft Office Professional 2013 - ja-jp
"PROSetDX" = Intel(R) Network Connections 18.5.54.0
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"XFast LAN" = XFast LAN v9.05
"バッファロー らくらくアップデートツール" = バッファロー らくらくアップデートツール
  • レイン
  • 2016/03/19 (Sat) 13:50:34
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
■Extrasログ_2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}" = Corel PaintShop Pro X6
"{0D04A4D2-7CE9-4EC2-970F-4A639D721D46}" = Pixia ver. 6
"{15E13D3B-4B57-4F68-9BA4-5D86C0931833}" = Pixia
"{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}" = Setup
"{162BD2D6-6C63-41A7-8151-93188450D36A}" = PSPPContent
"{16346B2A-87BC-407C-9D6B-72A4D21ABF03}" = PSPPHelp
"{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}" = ICA
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{447CDCE5-F555-429B-BFA6-642C3C6D684F}" = Apple Application Support(32 ビット)
"{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = インテル® スモール・ビジネス・アドバンテージ
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0411-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABF2A330-637C-45FC-A1EF-AAA803FB6FE5}" = スタートアップツール
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DAA18A0D-A57C-4611-B135-46EA06990E7D}" = XSplit
"{DEBF4E6D-E9D2-4C4A-84C9-A825547CF97A}" = ebi.BookReader4
"{EB33CC59-E134-43B3-88A0-EC51E38D7413}" = フレッツ・ウイルスクリアv6 申込・設定ツール
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 21 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI
"ASRock HDMI Switch_is1" = ASRock HDMI Switch v1.0.25
"ASRock Key Master_is1" = ASRock Key Master v1.0.7
"BUFFALO_AirSet2_is1" = BUFFALO エアステーション設定ツール
"BUFFALO_BPCEnv_is1" = BUFFALO パソコン環境表示ツール
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"F-Stream Tuning_is1" = F-Stream Tuning v2.0.48
"InstallShield_{0D04A4D2-7CE9-4EC2-970F-4A639D721D46}" = Pixia ver. 6
"IObitUninstall" = IObit Uninstaller
"Lhaplus" = Lhaplus
"LINE" = LINE
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware バージョン 2.2.0.1024
"Mozilla Firefox 45.0 (x86 ja)" = Mozilla Firefox 45.0 (x86 ja)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RemoteToolGuider.east_is1" = リモートサポートツール
"sakura editor_is1" = sakura editor(サクラエディタ)
"UN110613" = BUFFALO TurboPC EX Series
"UniversalMessageUpdater_d_plala003_is1" = ぷらら設定ツール 1.2.0.8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"WinPcapInst" = WinPcap 4.1.2
"XFastUSB" = XFastUSB
"XTRM CORPORATION/XTRM Runtime_is1" = XTRM Runtime.06
"診断復旧ツール_is1" = 診断復旧ツール

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2016/03/18 23:13:42 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012faa 障害が発生しているプロセス ID: 0x490 障害が発生しているアプリケーションの開始時刻:
0x01d1818d57548d3b 障害が発生しているアプリケーション パス: C:\Windows\System32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\System32\ESENT.dll レポート ID: 9501c406-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:13:47 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012fa4 障害が発生しているプロセス ID: 0x132c 障害が発生しているアプリケーションの開始時刻:
0x01d1818d5a105c1a 障害が発生しているアプリケーション パス: C:\Windows\system32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\system32\ESENT.dll レポート ID: 97bcf6a3-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:13:52 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012fa4 障害が発生しているプロセス ID: 0xb70 障害が発生しているアプリケーションの開始時刻:
0x01d1818d5d0d057c 障害が発生しているアプリケーション パス: C:\Windows\system32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\system32\ESENT.dll レポート ID: 9ab9c716-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:13:57 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012fa4 障害が発生しているプロセス ID: 0xdf8 障害が発生しているアプリケーションの開始時刻:
0x01d1818d600939ad 障害が発生しているアプリケーション パス: C:\Windows\system32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\system32\ESENT.dll レポート ID: 9db62257-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:14:02 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012fa4 障害が発生しているプロセス ID: 0x17a8 障害が発生しているアプリケーションの開始時刻:
0x01d1818d63056dde 障害が発生しているアプリケーション パス: C:\Windows\system32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\system32\ESENT.dll レポート ID: a0b27d98-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:14:07 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012faa 障害が発生しているプロセス ID: 0xfa0 障害が発生しているアプリケーションの開始時刻:
0x01d1818d6601c91f 障害が発生しているアプリケーション パス: C:\Windows\system32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\system32\ESENT.dll レポート ID: a3ae63a8-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:14:12 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012fa4 障害が発生しているプロセス ID: 0x1224 障害が発生しているアプリケーションの開始時刻:
0x01d1818d68fdfd4f 障害が発生しているアプリケーション パス: C:\Windows\system32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\system32\ESENT.dll レポート ID: a6aabee9-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:14:17 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012fa4 障害が発生しているプロセス ID: 0x91c 障害が発生しているアプリケーションの開始時刻:
0x01d1818d6bfa3180 障害が発生しているアプリケーション パス: C:\Windows\system32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\system32\ESENT.dll レポート ID: a9a7684b-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:14:22 | Computer Name = rain-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: svchost.exe_CryptSvc、バージョン: 6.1.7600.16385、タイム
スタンプ: 0x4a5bc3c1 障害が発生しているモジュール名: ESENT.dll、バージョン: 6.1.7601.17514、タイム スタンプ: 0x4ce7c6a2
例外コード:
0xc0000005 障害オフセット: 0x0000000000012fa4 障害が発生しているプロセス ID: 0x1618 障害が発生しているアプリケーションの開始時刻:
0x01d1818d6ef68cc1 障害が発生しているアプリケーション パス: C:\Windows\system32\svchost.exe 障害が発生しているモジュール
パス: C:\Windows\system32\ESENT.dll レポート ID: aca3ea9d-ed80-11e5-8f95-d05099286a0a

Error - 2016/03/18 23:17:09 | Computer Name = rain-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 2014/12/14 11:16:09 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 0:16:09 - Directory を取得できませんでした (エラー: リモート サーバーに接続できません。)

Error - 2014/12/15 10:48:39 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 23:48:39 - Directory を取得できませんでした (エラー: リモート サーバーに接続できません。)

Error - 2014/12/15 10:48:55 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 23:48:52 - Broadband を取得できませんでした (エラー: Invalid security token.)

Error - 2014/12/16 10:35:59 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 23:35:58 - MCEClientUX を取得できませんでした (エラー: リモート サーバーに接続できません。)

Error - 2014/12/16 11:36:08 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 0:36:08 - MCEClientUX を取得できませんでした (エラー: リモート サーバーに接続できません。)

Error - 2014/12/16 12:36:15 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 1:36:15 - MCEClientUX を取得できませんでした (エラー: リモート サーバーに接続できません。)

Error - 2014/12/16 13:36:21 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 2:36:21 - MCEClientUX を取得できませんでした (エラー: リモート サーバーに接続できません。)

Error - 2014/12/24 10:06:12 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 23:06:10 - Broadband を取得できませんでした (エラー: リモート サーバーに接続できません。)

Error - 2014/12/25 10:10:06 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 23:10:05 - MCEClientUX を取得できませんでした (エラー: リモート サーバーに接続できません。)

Error - 2014/12/27 10:45:16 | Computer Name = rain-PC | Source = MCUpdate | ID = 0
Description = 23:45:16 - MCESpotlight を取得できませんでした (エラー: リモート サーバーに接続できません。)

[ System Events ]
Error - 2016/03/18 23:13:42 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7031
Description = Workstation サービスは予期せぬ原因により終了しました。このサービスの終了は 2 回目です。次の修正操作が 120000
ミリ秒以内に実行されます: サービスの再開。

Error - 2016/03/18 23:13:47 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7034
Description = Cryptographic Services サービスは予期せぬ原因により終了しました。このサービスの強制終了は 14 回目です。

Error - 2016/03/18 23:13:52 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7034
Description = Cryptographic Services サービスは予期せぬ原因により終了しました。このサービスの強制終了は 15 回目です。

Error - 2016/03/18 23:13:57 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7034
Description = Cryptographic Services サービスは予期せぬ原因により終了しました。このサービスの強制終了は 16 回目です。

Error - 2016/03/18 23:14:02 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7034
Description = Cryptographic Services サービスは予期せぬ原因により終了しました。このサービスの強制終了は 17 回目です。

Error - 2016/03/18 23:14:07 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7034
Description = Cryptographic Services サービスは予期せぬ原因により終了しました。このサービスの強制終了は 18 回目です。

Error - 2016/03/18 23:14:12 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7034
Description = Cryptographic Services サービスは予期せぬ原因により終了しました。このサービスの強制終了は 19 回目です。

Error - 2016/03/18 23:14:17 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7034
Description = Cryptographic Services サービスは予期せぬ原因により終了しました。このサービスの強制終了は 20 回目です。

Error - 2016/03/18 23:14:22 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7034
Description = Cryptographic Services サービスは予期せぬ原因により終了しました。このサービスの強制終了は 21 回目です。

Error - 2016/03/18 23:15:17 | Computer Name = rain-PC | Source = Service Control Manager | ID = 7000
Description = SplashtopR Remote Service サービスを、次のエラーが原因で開始できませんでした: %%2


< End of report >
  • レイン
  • 2016/03/19 (Sat) 13:51:24
返信フォームへ 
次はOTLで掃除しましょう
今夜もレスが遅くなってすみません。
OTLスキャンログを見せてもらいました。
では早速次の作業です。

今度はOTLで見つかったものをOTLで掃除します。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
[2016/03/14 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

:Files
C:\Program Files\WinPcap

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
  • 悪代官
  • 2016/03/19 (Sat) 21:38:50
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
悪代官様

いつもお世話になっております。レインです。
返信が遅れました。申し訳ないです。

状態報告なのですが、Firefoxで、勝手に新規タブが開かれてしまう[Popads.net]という事象が新たに発生してます。
それ以外は、全て正常です。以下、OTLのログを貼り付けます。

■OTL_ログ
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ not found.
C:\Program Files\WinPcap folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\WinPcap not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: rain
->Temp folder emptied: 295183592 bytes
->Temporary Internet Files folder emptied: 115630217 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 369668413 bytes
->Flash cache emptied: 65956 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715566 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 632760623 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50631 bytes
RecycleBin emptied: 68620062897 bytes

Total Files Cleaned = 66,791.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 03232016_023759

Files\Folders moved on Reboot...
C:\Users\rain\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\rain\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • レイン
  • 2016/03/25 (Fri) 07:56:51
返信フォームへ 
異常が出ているブラウザはFFだけですか
作業と報告、ご苦労様です。

>状態報告なのですが、Firefoxで、勝手に新規タブが開かれてしまう[Popads.net]という事象が新たに発生してます。
>それ以外は、全て正常です

はい、その状態ではまだ正常とも言えませんが、とりあえずOTLでは処置対象は処置できているようです。

現在異常が出ているブラウザはFFだけということですね。
では再度全体を調べ直しましょう。
お手数ですがまたHJTログと、CCでインストール情報と各タブのログも取り直して、それらをレスで見せてください。
そこから再度解析してみましょう
  • 悪代官
  • 2016/03/25 (Fri) 20:34:38
返信フォームへ 
異常があるのは、FFです。その他は未使用の為、未検証です。
悪代官様

いつもお世話になっております。レインです。
HJTログと、CCでインストール情報と各タブのログを貼り付けます。
ご確認、よろしくお願い致します。

以上、宜しくお願い致します。

■HJTログ
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:21:17, on 2016/03/27
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)

FIREFOX: 45.0.1 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Program Files (x86)\NTTE\StartUpToolN\StartUpTool_e.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\sakura\sakura.exe
C:\Program Files (x86)\sakura\sakura.exe
C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
C:\Users\rain\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O4 - HKLM\..\Run: [UMU Station] "C:\Program Files (x86)\UMU\Station.exe" /startup
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
O4 - HKLM\..\Run: [NTTE_OSA_AUS] "C:\Program Files (x86)\NTTE\OSA_Aus\acs.exe" -silent
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [OPSCheckerAutoRun] "C:\Program Files (x86)\NTTE\virus clear\ESATv6\OPS_Checker.exe" 1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: らくらくアップデートツール.lnk = C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe
O4 - Global Startup: スタートアップツール.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: 故障かな?と思ったら・・・ - {6CB1FA39-5745-4733-859F-E9C82A68F848} - C:\Program Files (x86)\NTTE\OSA_SupportTool\start_e.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASRock IO Monitor Service (ASRockIOMon) - Unknown owner - C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Earth Kicker Service - Unknown owner - C:\Program Files (x86)\UMU\Svnok.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SplashtopR Remote Service (SplashtopRemoteService) - Unknown owner - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboPC EX2 FileCopy Service (TC2Service) - Unknown owner - C:\Windows\system32\TC2Service.exe (file missing)
O23 - Service: TurboPC EX DiskCache Control Service (tpcexdccs) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 10248 bytes
  • レイン
  • 2016/03/27 (Sun) 13:35:03
返信フォームへ 
Re: 【削除】ブラウザハイジャッカーマルウェア
■CCインストール情報
診断復旧ツール 東日本電信電話株式会社 2014/09/30 23.2 MB
ワコム Wacom Technology Corp. 2015/12/30 5.3.5-3
リモートサポートツール 東日本電信電話株式会社 2014/09/30
フレッツ・ウイルスクリアv6 申込・設定ツール 東日本電信電話株式会社 2014/09/30 3.91 MB 8.2.0.4
バッファロー らくらくアップデートツール Buffalo Inc. 2014/10/12 11.0 MB 1.12
スタートアップツール 東日本電信電話株式会社 2014/09/30 2.61 MB 7.3
インテル® スモール・ビジネス・アドバンテージ Intel(R) Corporation 2014/09/25 91.6 MB 2.2.41.8096
ぷらら設定ツール 1.2.0.8 OPTiM Corporation 2014/09/25 70.4 MB 1.2.0.8
XTRM Runtime.06 XTRM CORPORATION 2015/03/17
XSplit SplitMediaLabs 2014/09/25 95.7 MB 1.2.1303.0101
XFastUSB ASRock Inc. 2014/09/25 3.02.38
XFast LAN v9.05 cFos Software GmbH, Bonn 2014/09/25 9.05
WinPcap 4.1.2 CACE Technologies 2016/03/14 4.1.0.2001
WebTablet FB Plugin 64 bit Wacom Technology Corp. 2015/12/30 2.1.0.7
WebTablet FB Plugin 32 bit Wacom Technology Corp. 2015/12/30 2.1.0.7
VLC media player VideoLAN 2016/01/24 2.2.1
VirtualCloneDrive Elaborate Bytes 2015/10/13 5.4.8.0
Spybot - Search & Destroy Safer Networking Limited 2014/12/04 1.6.2
sakura editor(サクラエディタ) サクラエディタ開発チーム 2015/06/23 2.93 MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/09/25 6.0.1.7004
Pixia ver. 6 Isao Maruoka 2015/12/30 31.2 MB 6.02.0010
Pixia Isao Maruoka 2014/11/09 4.78
Mozilla Maintenance Service Mozilla 2016/03/19 231 KB 45.0.1.5918
Mozilla Firefox 45.0.1 (x86 ja) Mozilla 2016/03/19 88.7 MB 45.0.1
Microsoft マウス キーボード センター Microsoft Corporation 2015/03/08 2.3.188.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/09/25 11.1 MB 10.0.40219
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/09/25 13.8 MB 10.0.40219
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2015/03/13 596 KB 9.0.30729
Microsoft Silverlight Microsoft Corporation 2014/12/25 50.7 MB 5.1.30514.0
Microsoft Office Professional 2013 - ja-jp Microsoft Corporation 2016/03/20 15.0.4805.1003
Microsoft .NET Framework 4 Extended Microsoft Corporation 2014/11/20 51.9 MB 4.0.30319
Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 Microsoft Corporation 2014/10/15 2.93 MB 4.0.30319
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 2014/10/15 38.8 MB 4.0.30319
Malwarebytes Anti-Malware バージョン 2.2.0.1024 Malwarebytes 2016/03/13 66.0 MB 2.2.0.1024
LINE LINE Corporation 2015/12/14 4.3.0.724
Lhaplus 2014/09/26
iTunes Apple Inc. 2015/02/27 234 MB 12.1.1.4
IObit Uninstaller IObit 2016/03/08 21.0 MB 5.2.1.126
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 2013/04/26 2.5.0.19
Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 2014/09/25 3.0.0.66956
Intel(R) Rapid Storage Technology Intel Corporation 2014/09/25 12.8.0.1016
Intel(R) Processor Graphics Intel Corporation 2013/08/11 9.18.10.3272
Intel(R) Network Connections 18.5.54.0 Intel 2014/09/25 25.7 MB 18.5.54.0
Intel(R) Management Engine Components Intel Corporation 2014/09/25 9.5.14.1724
Intel(R) Control Center Intel Corporation 2014/09/25 1.2.1.1011
ffdshow x64 v1.3.4532 [2014-07-17] 2014/09/26 15.4 MB 1.3.4532.0
F-Stream Tuning v2.0.48 2014/09/25 84.5 MB 2.0.48
ESET NOD32 Antivirus ESET, spol s r. o. 2014/09/30 83.2 MB 7.0.302.31
ebi.BookReader4 eBOOK Initiative Japan Co., Ltd. 2014/11/20 34.1 MB 4.62.5
Corel PaintShop Pro X6 Corel Corporation 2014/11/09 207 MB 16.1.0.48
CCleaner Piriform 2016/03/09 5.15
BUFFALO パソコン環境表示ツール BUFFALO INC. 2014/10/12 4.17 MB 1.1.0
BUFFALO エアステーション設定ツール BUFFALO INC. 2014/10/12 2.95 MB 2.0.15
BUFFALO TurboPC EX Series 2014/10/04
Bonjour Apple Inc. 2015/02/27 2.00 MB 3.0.0.10
ASRock XFast RAM v3.0.2 ASRock Inc. 2014/09/25 12.0 MB
ASRock SmartConnect v1.0.6 ASRock Inc. 2014/09/25 3.00 MB
ASRock Key Master v1.0.7 2014/09/25 6.08 MB 1.0.7
ASRock HDMI Switch v1.0.25 2014/09/25 3.48 MB 1.0.25
ASRock App Charger v1.0.6 ASRock Inc. 2014/09/25 1.32 MB 1.0.6
Apple Software Update Apple Inc. 2015/02/27 2.38 MB 2.1.3.127
Apple Mobile Device Support Apple Inc. 2015/02/27 27.9 MB 8.1.1.3
Apple Application Support(64 ビット) Apple Inc. 2015/02/27 107 MB 3.1.2
Apple Application Support(32 ビット) Apple Inc. 2015/02/27 94.2 MB 3.1.2
Adobe Flash Player 21 NPAPI Adobe Systems Incorporated 2016/03/24 5.06 MB 21.0.0.197
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 2016/03/24 4.45 MB 21.0.0.197
Adobe AIR Adobe Systems Incorporated 2015/12/30 2.6.0.19140
Acrobat.com Adobe Systems Incorporated 2014/09/25 1.1.377
AC3Filter 2.5b Alexander Vigovsky 2014/09/27 15.2 MB 2.5b


■CC_startup_windows
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
有効 HKCU:RunOnce OPSCheckerAutoRun NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION "C:\Program Files (x86)\NTTE\virus clear\ESATv6\OPS_Checker.exe" 1
有効 HKLM:Run egui ESET "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
有効 HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
有効 HKLM:Run IAStorIcon Intel Corporation "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
有効 HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
有効 HKLM:Run IMSS Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NTTE_OSA_AUS 東日本電信電話株式会社 "C:\Program Files (x86)\NTTE\OSA_Aus\acs.exe" -silent
有効 HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
有効 HKLM:Run TC2Tray BUFFALO INC. "C:\Windows\system32\TC2Tray.exe"
有効 HKLM:Run tpcexTray BUFFALO INC. "C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe"
有効 HKLM:Run TurboPC EX2 C:\Program Files (x86)\BUFFALO\%PROG_FOLDER_NAME_FILECOPY_x86%\TC2Tray.exe
有効 HKLM:Run UMU Station OPTiM Corporation "C:\Program Files (x86)\UMU\Station.exe" /startup
有効 HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
有効 HKLM:Run VirtualCloneDrive Elaborate Bytes AG "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
有効 HKLM:Run XFast LAN cFos Software GmbH C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
有効 HKLM:Run XFastUSB FNet Co., Ltd. "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
有効 Startup Common スタートアップツール.lnk C:\Windows\Installer\{ABF2A330-637C-45FC-A1EF-AAA803FB6FE5}\_2482D56151239B506E3E28.exe
有効 Startup User らくらくアップデートツール.lnk Buffalo Inc. C:\Program Files\Buffalo\RakUpdate\RakUpdate.exe

■CC_startup_Schedule
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task elbyExecuteWithUAC C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe /e
有効 Task ESET Windows 10 upgrade – Refresh settings ESET C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 7.0\upgrade.exe
有効 Task GoogleUpdateTaskMachineCore C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineCore1d15cc8d756d60c C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task HDMISwitch ASROCK Incorporation C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
有効 Task Uninstaller_SkipUac_rain IObit C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
有効 Task {B152FE56-B526-49B1-9E9E-014855ABD286} Microsoft Corporation C:\Windows\system32\pcalua.exe -a G:\Downloads\mp3gain-win-1_2_5.exe -d G:\Downloads
有効 Task {C7935648-3EE2-4520-AAA8-8DFC97438C06} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\rain\AppData\Local\TNT2\2.0.0.1868\TNT2User.exe -c /UNINSTALL PARTNER=10985
有効 Task {CDBFD130-8A2F-4FB7-A291-A17733FD236E} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\rain\Desktop\HijackThis.exe -d C:\Users\rain\Desktop
有効 Task {E4CC01B7-84C1-4796-BC69-B730DB856CEC} Microsoft Corporation C:\Windows\system32\pcalua.exe -a G:\Downloads\mp3gain-win-1_3_4.exe -d G:\Downloads


■CC_startup_menu
有効 Directory Corel PaintShop Pro X6 で参照します Corel, Inc. "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%L"
有効 Directory IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll
有効 Directory VLCメディアプレイヤーで再生 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 Drive Corel PaintShop Pro X6 で参照します Corel, Inc. "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%L"
有効 Drive ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
有効 Drive Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll
有効 Drive VirtualCloneDrive Elaborate Bytes AG C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
有効 File ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
有効 File IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll
有効 File Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll
有効 File VirtualCloneDrive Elaborate Bytes AG C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
有効 Folder ESET Smart Security - Context Menu Shell Extension ESET C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
有効 Folder IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll
有効 Folder Lhaplus C:\Program Files (x86)\Lhaplus\LplsShlx.dll


■CC_startup_BL_IE
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
無効 Extension OneNote Linked Notes Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
無効 Extension Send to OneNote Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
無効 Extension Skype for Business Click to Call Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
無効 Extension 故障かな?と思ったら・・・ 東日本電信電話株式会社 C:\Program Files (x86)\NTTE\OSA_SupportTool\start_e.exe
有効 Helper Microsoft SkyDrive Pro Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
無効 Helper Office Document Cache Handler Microsoft Corporation C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
無効 Helper Office Document Cache Handler Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
無効 Helper Skype for Business Browser Helper Microsoft Corporation C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

■CC_startup_BL_FF
無効 Extension DownloadHelper 4.9.24 Michel Gutierrez default Firefox 45.0.1 C:\Users\rain\AppData\Roaming\Mozilla\Firefox\Profiles\xfbcutld.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
有効 Extension Firefox Hello Beta 0.1 Mozilla default Firefox 45.0.1 C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi
有効 Plugin Intel® Identity Protection Technology 4.0.5.0 Intel Corporation default Firefox 45.0.1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin Intel® Identity Protection Technology 4.0.5.0 Intel Corporation default Firefox 45.0.1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default Firefox 45.0.1 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Microsoft Office 2013 15.0.4514.1000 Microsoft Corporation default Firefox 45.0.1 C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
有効 Plugin OpenH264 Video Codec 1.5.3 Mozilla Corporation default Firefox 45.0.1 C:\Users\rain\AppData\Roaming\Mozilla\Firefox\Profiles\xfbcutld.default\gmp-gmpopenh264\1.5.3\gmpopenh264.dll
有効 Plugin Primetime Content Decryption Module provided by Adobe Systems, Incorporated 15 Adobe Systems Inc default Firefox 45.0.1 C:\Users\rain\AppData\Roaming\Mozilla\Firefox\Profiles\xfbcutld.default\gmp-eme-adobe\15\eme-adobe.dll
有効 Plugin Shockwave Flash 21.0.0.182 Adobe Systems Incorporated default Firefox 45.0.1 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
有効 Plugin Shockwave Flash 21.0.0.197 Adobe Systems Incorporated default Firefox 45.0.1 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll
有効 Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default Firefox 45.0.1 C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
有効 Plugin VLC Web Plugin 2.2.1.0 VideoLAN default Firefox 45.0.1 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
有効 Plugin WacomTabletPlugin 2.1.0.7 Wacom default Firefox 45.0.1 C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll


■CC_startup_BL_OP
有効 Extension akmijnhpfgblhkbdlnbldpmjgaiognoo 16804.19.8 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\akmijnhpfgblhkbdlnbldpmjgaiognoo\16804.19.8_0
有効 Extension compare for fun 11482.7456.2785 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\pogchimbndbckepmhaagnapfmlfgnala\11482.7456.2785_0
有効 Extension Cool Deals 10229.5901.6873 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\kabhhgmfghlchcfoghldgcoldfphbfee\10229.5901.6873_0
有効 Extension fjmghhldchigdbaebhdeiaecihkdabdn 13715.57.5 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjmghhldchigdbaebhdeiaecihkdabdn\13715.57.5_0
有効 Extension Radio Canyon 1.26.82 Opera Stable C:\Users\rain\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk\1.26.82_0
  • レイン
  • 2016/03/27 (Sun) 13:35:30
返信フォームへ 
各ブラウザのリセットしましょう
作業と報告、ご苦労様です。
現在のログを見せてもらいました。
やはり異常が出ているのはFFですか。
でもログを見るとOepraにもまだ食い込んでます。
ブラウザ以外にも怪しいものや問題点も残っているので、それらを慎重に処置しましょう。

まず下記がまだ最新になってないので、使うなら更新必須です。
>ffdshow x64 v1.3.4532 [2014-07-17] 2014/09/26 15.4 MB 1.3.4532.0

次に下記ページの手順に沿って、ブラウザのFFとOperaを削除後に入れなおししてください。またIEもリセットです。
http://note.chiebukuro.yahoo.co.jp/detail/n367452

ブラウザの入れなおしできたら再度CCを起動して「スケジュールタブ」内の下記を「無効」「エントリの削除」です。
>有効 Task {C7935648-3EE2-4520-AAA8-8DFC97438C06} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\rain\AppData\Local\TNT2\2.0.0.1868\TNT2User.exe -c /UNINSTALL PARTNER=10985

CCを終了したら先に使ったACとMBAMを再度用意して、それでまたスキャンです。
スキャンで見つかったものがあればそれも隔離処置していいです。

このあと一度PC再起動後、各ブラウザを順番に起動してしばらく様子見後、その状態報告をレスください。
また、CCの各タブログを取り直して、それをMBAMとAC処置後ログとともに見せてください
  • 悪代官
  • 2016/03/27 (Sun) 15:02:56
返信フォームへ 

返信フォーム※初心者、通りすがり等、重複しやすい名前の利用はご遠慮ください。
プレビュー (投稿前に内容を確認)
  
Template by  マシマロック