悪代官の伏魔殿掲示板

レジストリに異変？

初めまして。ペソネと申します。

先日Adwcleanerでスキャンをした際に、レジストリが引っ掛かりまして
HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL なるものが検出されたので
Adwcleanerで削除→セーフモードに移行しMBAMフルスキャン（検出なし）
セキュリティ対策ツールフルスキャン（検出なし）→念のためリカバリをしたのですが
PCやソフトウェアのアップデートを終えてから
もう一度スキャンをするとまた同じものが検出されてしまいました。

挙動そのものに異常があるわけではないのですが、気味が悪くPCの使用をためらってしまいます。
どうかお力添えをいただけますでしょうか？

ペソネ
2017/04/11 (Tue) 11:46:16

返信フォームへ

こちらがHijackThisで取得したログです

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:49:51, on 2017/04/11
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 52.0.2 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: トレンドマイクロネットワークフィルタプラグイン - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O2 - BHO: トレンドマイクロIEプロテクション - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: スタートアップツール.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6869 bytes

ペソネ
2017/04/11 (Tue) 11:51:35

返信フォームへ

こちらがCCleanerで取得したログです

[CCleaner]
3D Builder Microsoft Corporation 2017/04/10 12.0.3131.0
Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2017/04/11 222 MB 15.023.20070
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 2017/04/11 19.6 MB 25.0.0.127
CCleaner Piriform 2017/04/11 5.28
Groove ミュージック Microsoft Corporation 2017/04/10 10.17022.10301.0
Java 8 Update 121 Oracle Corporation 2017/04/11 94.4 MB 8.0.1210.13
Malwarebytes バージョン 3.0.6.1469 Malwarebytes 2017/04/11 155 MB 3.0.6.1469
Microsoft OneDrive Microsoft Corporation 2017/04/10 84.8 MB 17.3.6798.0207
Microsoft Solitaire Collection Microsoft Studios 2017/04/10 3.9.5100.0
Microsoft Sticky Notes Microsoft Corporation 2017/04/10 1.8.0.0
Mozilla Firefox 52.0.2 (x86 ja) Mozilla 2017/04/11 91.6 MB 52.0.2
Mozilla Maintenance Service Mozilla 2017/04/11 256 KB 52.0.2
NX PAD Driver Alps 2017/04/11 8.100.909.312
OneNote Microsoft Corporation 2017/04/10 17.7967.57751.0
People Microsoft Corporation 2017/04/10 10.2.831.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/04/11 6.0.1.6186
Store Purchase App Microsoft Corporation 2017/04/10 11608.1000.2431.0
Xbox Microsoft Corporation 2017/04/10 27.27.28010.0
Xbox Identity Provider Microsoft Corporation 2017/04/10 11.19.19003.0
アプリインストーラー Microsoft Corporation 2017/04/10 1.0.10332.0
アラーム & クロック Microsoft Corporation 2017/04/10 10.1703.602.0
カメラ Microsoft Corporation 2017/04/10 2017.214.20.0
スタートアップツール西日本電信電話株式会社 2017/04/11 3.30 MB 8.0.2
ストア Microsoft Corporation 2017/04/10 11701.1001.99.0
セキュリティ対策ツール西日本電信電話株式会社 2017/04/11 450 MB 11.11
セキュリティ申込・設定ツール西日本電信電話株式会社 2017/04/11 3.62 MB 7.5.0.13
ニュース Microsoft Corporation 2017/04/10 4.18.41.0
ヒント Microsoft Corporation 2017/04/10 5.0.13.0
フィードバック Hub Microsoft Corporation 2017/04/10 1.1702.811.0
フォト Microsoft Corporation 2017/04/10 17.313.10010.0
ボイスレコーダー Microsoft Corporation 2017/04/10 10.1703.601.0
マップ Microsoft Corporation 2017/04/10 5.1703.762.0
メッセージング Microsoft Corporation 2017/04/10 3.19.1001.0
メール/カレンダー Microsoft Corporation 2017/04/10 17.8104.42377.0
天気 Microsoft Corporation 2017/04/10 4.18.52.0
新しい Office を始めよう Microsoft Corporation 2017/04/10 17.8017.5925.0
映画 & テレビ Microsoft Corporation 2017/04/10 10.17022.10311.0
有料 Wi-Fi & 携帯ネットワーク Microsoft Corporation 2017/04/10 1.1607.6.0
電卓 Microsoft Corporation 2017/04/10 10.1703.601.0
電話 Microsoft Corporation 2017/04/10 1.10.15000.0

ペソネ
2017/04/11 (Tue) 11:53:19

返信フォームへ

リカバリ後も異常続くのは妙ですが

こんばんは。
ここの管理人の悪代官です。
いかにも悪党なIDですが、正体は甘党です。
その証拠に日アサのスイートな美少女戦隊にお仕置きされてます。
つまづくはオタやかましい修羅場！（謎

説明とログを見せてもらいました。

Adwcleaner(AC)で検出されたものが気になって、MBAMでも調べたようですね。

>セキュリティ対策ツールフルスキャン（検出なし）→念のためリカバリをしたのですが
>PCやソフトウェアのアップデートを終えてから
>もう一度スキャンをするとまた同じものが検出されてしまいました

その検出名だと、悪名高いDelta toolbarの疑いがありますが、見せてもらったログ上では怪しいものは見えません。
もっともDeltaとすれば最初のログだけで簡単には尻尾を見せなくてもおかしくないでしょう。

隠れているものを慎重に探っていきますか。
全部解決するまでにはどうしてもある程度手間を覚悟での作業してもらうことになるので、時間はかかってもいいですから落ち着いてひとつずつかかってください。
『お覚悟はよろしくて？』（違

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓）
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」（通称：GU）
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」（通称：CC）
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

そして下記ページは作業開始前に必ず熟読して、必要な場合が出たらそれに沿って対処してください。この対処が必要な事例が増えています。
http://note.chiebukuro.yahoo.co.jp/detail/n335704

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

最初にWindowsUpdateの確認して、必要な更新があればそれを全部更新してください。
ですがそこで更新ができないようならこの後に説明する作業はせずに更新失敗の旨をレスで教えてください。
WUが正常にできなくすることで、感染の解析処置を阻害してくる危険なマルウェアが激増しているためです。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

なお、Windows10への更新はユーザー自身がよほど必要でなければ非推奨です。
http://www.japan-secure.com/entry/Windows_Update_7.html
http://www.japan-secure.com/entry/how_to_suppress_the_free_upgrade_of_Windows_10.html

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

GUを使って下記をアンインストールしてください。
>Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2017/04/11 222 MB 15.023.20070

>Java 8 Update 121 Oracle Corporation 2017/04/11 94.4 MB 8.0.1210.13

pdfアプリが必要なら、下記を入れておくといいでしょう。
http://www.forest.impress.co.jp/library/software/pdfxchedit/

今度はPCをセーフモードで起動してください（やり方↓）
http://www.pc-master.jp/sousa/s-safemode.html
Win8の場合は以下を参考に。
http://freesoft.tvbok.com/win8/tips-and-tools/safemode.html

HJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。
>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll

>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll

>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。

ここでPCを通常モードで再起動してから、スタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。

CCの各タブのログで何が見つかるかどうかが最初のヤマになりそうです

悪代官
2017/04/11 (Tue) 18:24:28

返信フォームへ

Re: レジストリに異変？

悪代官さん、迅速な対応ありがとうございます。ペソネです。

おっしゃって頂いた作業の進捗ですが、

Windows Update 最新の状態
システムの復元　作成済み
GeekUninstallerでの削除　全て削除済み
HijackThisの作業三つとも確認されず
ディスククリーンアップ　削除済み　となっております。

また、HijackThisのログはこちらです。お手数をおかけしますが、ご確認のほど宜しくお願い致します。
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:17:27, on 2017/04/11
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 52.0.2 (x86 ja)
Boot mode: Safe mode

Running processes:
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: トレンドマイクロネットワークフィルタプラグイン - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O2 - BHO: トレンドマイクロIEプロテクション - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: スタートアップツール.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6503 bytes

ペソネ
2017/04/11 (Tue) 23:38:49

返信フォームへ

Re: レジストリに異変？

次にCCleanerの各ログです。

Windows
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run OneDrive Microsoft Corporation "C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 Startup Common スタートアップツール.lnk C:\WINDOWS\Installer\{5DD4998C-C190-424F-9EC9-58C38AD67BB0}\_9B3CE635A99B6F92D5462F.exe

スケジュールされたタスク
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

ブラウザプラグイン

Internet Explorer
有効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
有効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
有効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
有効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
有効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
有効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
有効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
有効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

Firefox
有効 Extension Application Update Service Helper 2.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Disable Prefetch 1.0 default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\disable-prefetch@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.12 default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\e10srollout@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.9 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Site Deployment Checker 1.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi
無効 Extension Trend Micro BEP Firefox Extension 9.2.0.1026 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
無効 Extension Trend Micro Osprey Firefox Extension 2.0.0.1090 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 11.0.0.1186 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.12.0 All uBlock Origin contributors default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension uMatrix 0.9.3.6 Raymond Hill default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uMatrix@raymondhill.net.xpi
有効 Extension Web Compat 1.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
有効 Plugin Shockwave Flash 25.0.0.127 Adobe Systems Incorporated default Firefox 52.0.2 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll

ペソネ
2017/04/11 (Tue) 23:44:10

返信フォームへ

Re: レジストリに異変？

そして、ブラウザ（Internet Explorer,Firefox)を様子見し取り直したログがこちらです。

HijackThis
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:32:59, on 2017/04/11
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 52.0.2 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\imagawa\Downloads\HijackThis.exe
C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: トレンドマイクロネットワークフィルタプラグイン - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O2 - BHO: トレンドマイクロIEプロテクション - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: スタートアップツール.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6328 bytes

ペソネ
2017/04/11 (Tue) 23:50:02

返信フォームへ

Re: レジストリに異変？

CCleaner

Windows
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run OneDrive Microsoft Corporation "C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 Startup Common スタートアップツール.lnk C:\WINDOWS\Installer\{5DD4998C-C190-424F-9EC9-58C38AD67BB0}\_9B3CE635A99B6F92D5462F.exe

スケジュールされたタスク
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

ブラウザプラグイン

Internet Explorer
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

Firefox
有効 Extension Application Update Service Helper 2.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Disable Prefetch 1.0 default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\disable-prefetch@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.12 default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\e10srollout@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.9 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Site Deployment Checker 1.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi
無効 Extension Trend Micro BEP Firefox Extension 9.2.0.1026 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
無効 Extension Trend Micro Osprey Firefox Extension 2.0.0.1090 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 11.0.0.1186 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.12.0 All uBlock Origin contributors default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension uMatrix 0.9.3.6 Raymond Hill default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uMatrix@raymondhill.net.xpi
有効 Extension Web Compat 1.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
有効 Plugin Shockwave Flash 25.0.0.127 Adobe Systems Incorporated default Firefox 52.0.2 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll

PCの挙動についてですが、今のところ異常はないです。

ペソネ
2017/04/11 (Tue) 23:53:12

返信フォームへ

確認を兼ねてAC作業しますか

こんばんは。
今日はサポート終了のVista機のメンテナンスやっててレスに来るのが遅くなりました。

>PCの挙動についてですが、今のところ異常はないです

はい、異常が出てないならそれに越したことはないです。

ログも見せてもらいましたが、いまのところ怪しいものは見えないようです。

ではそこは置いといて、先にAdwCleanerで見つかったものを調べてみるとしましょう。
既に実行した作業でしょうが、確認を兼ねて以下の説明を読んでから作業をお願いします。

以下のアプリを準備してください。
「AdwCleaner」（通称：AC）
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware（通称・MBAM）
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://www.japan-secure.com/entry/blog-entry-7.html

以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。
作業終了後はPCをセーフモード状態で、GUを使ってアンインストールすればいいですが、うまくできないときはセーフモード状態でスタートメニューのMBAM項目で「アンインストール」選択しても削除可能です。

注）インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。
アップデートできたらスキャンはせず、ここでMABMは終了してください。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

両ツールのアップデートまでできたらPCをセーフモードで再起動してから、ディスククリーンアップを使ってゴミファイルの掃除してください。

クリーンアップが済んだらセーフモードのまま、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

続いて再度セーフモードにして、今度はMBAMでスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」してください。
対象ドライブはCを含めて全ドライブを選択してください。

スキャン対象は全ドライブを選択（チェック）してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」（隔離）したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとMBAMとACのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。

悪代官
2017/04/12 (Wed) 22:21:51

返信フォームへ

Re: レジストリに異変？

悪代官さん、おはようございます。ペソネです。
全ての作業が終わりましたので、報告いたします。

AdwCleaner

# AdwCleaner v6.045 - ログファイルの作成日 13/04/2017 作成時間 04:06:37
# Malwarebytesによる 28/03/2017 の更新日
# データベース : 2017-04-11.1 [ローカル]
# オペレーティングシステム : Windows 10 Home (X64)
# ユーザー名 : imagawa - DESKTOP-1PRU7ED
# 実行場所 : C:\Users\imagawa\Downloads\adwcleaner_6.045.exe
# モード：スキャン
# サポート : https://www.malwarebytes.com/support

***** [ サービス ] *****

悪意あるサービスを検出しませんでした。

***** [ フォルダ ] *****

悪意あるフォルダを検出しませんでした。

***** [ ファイル ] *****

悪意あるファイルを検出しませんでした。

***** [ DLL ] *****

悪意あるDLLsファイルを検出しませんでした。

***** [ WMI ] *****

悪意あるキーを検出しませんでした。

***** [ ショートカット ] *****

改ざん済みショートカットを検出しませんでした。

***** [ スケジュール済みタスク ] *****

悪意あるタスクを検出しませんでした。

***** [ レジストリ ] *****

悪意あるレジストリ要素を検索しています ...

***** [ Webブラウザ ] *****

悪意あるFirefoxベースの要素を検出しませんでした。
悪意あるChromiumベースの要素を検出しませんでした。

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1235 バイト] - [11/04/2017 10:12:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [1616 バイト] - [11/04/2017 10:11:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [1766 バイト] - [11/04/2017 10:20:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [1843 バイト] - [11/04/2017 10:22:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [1920 バイト] - [11/04/2017 13:49:17]
C:\AdwCleaner\AdwCleaner[S4].txt - [1997 バイト] - [12/04/2017 21:25:27]
C:\AdwCleaner\AdwCleaner[S5].txt - [1914 バイト] - [13/04/2017 04:06:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1991 バイト] ##########

Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

定義バージョン： v2017.04.12.05

Windows 8 x64 NTFS (セーフモード)
Internet Explorer 11.1066.14393.0
imagawa :: DESKTOP-1PRU7ED [管理者]

2017/04/13 4:43:25
mbam-log-2017-04-13 (04-43-25).txt

スキャンタイプ：フルスキャン (C:\|D:\|)
有効なスキャン領域：メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン　 | ヒューリスティック/Shuriken　エンジンを使用してスキャン　 | 不審なプログラム　（PUP） | 不審な変更　（PUM） | ピア・ツー・ピアプログラム（P2P）
無効なスキャン領域:
スキャンしたアイテム数: 425189
経過時間： 40 分, 5 秒

メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)

メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリキーの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリ値の検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリデータ項目の検出: 0
(悪意のあるアイテムは検出されていません。)

フォルダの検出: 0
(悪意のあるアイテムは検出されていません。)

ファイルの検出: 0
(悪意のあるアイテムは検出されていません。)

(終)

PCの挙動についてですが、セーフモードでディスククリーンアップ中に一回熱で落ちたぐらいで、
他に異常な動作は見られませんでした。

自分なりに思うことがあるのですが、どうも今回の異変は
4/10にセキュリティ対策ツールのアップデートをしてから起こっているような気がしています。
というのも、今回のアップデートからFirefoxの仕様変更（未署名のアドオンはインストールできず初期設定で無効化）により
「セキュリティツールバー」から「Trendツールバー」に変更されまして、
リカバリしてから初めてFirefoxを起動した際、「Trendツールバー」の認証を求められたからなのです。
その時の挙動がAdwCleanerに引っ掛かってしまったのでは、と考えております。

ペソネ
2017/04/13 (Thu) 07:22:48

返信フォームへ

では今度はOTLで調べましょう

今夜もレスが遅くなってすみません。
先程まで風呂入ってました（←うちの風呂には由美○おるはいません

両ツールのログを見せてもらいましたが、特に検出はないようですね。

>PCの挙動についてですが、セーフモードでディスククリーンアップ中に一回熱で落ちたぐらいで、
>他に異常な動作は見られませんでした

はい、症状でも異常は出てないならそれに越したことはないでしょう。

とすると、最初の投稿で説明された下記は
>HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL なるものが検出されたので

どうもACの誤検出の疑いが出てますね。
そしてその後の定義更新で誤検出の修正された可能性があります。
実際MBAMもACも幾度か誤検出はあり、そのたびに定義更新時に修正もされてます。

ただ、各種プログラムの更新後にそれが検出されていたとのことなので、今後またプログラム更新後に同じ検出があるかもしれません。
今はACの様子見したほうがよさそうですね。

>どうも今回の異変は
>セキュリティ対策ツールのアップデートをしてから起こっているような気がしています

その可能性がますます高まってますね。
トレンドツールバーも含めてブラウザ用アドオンは、そのベンダー以外の他社製セキュリティソフトでたびたび過剰反応で誤検出されることもあります。

ではACとMBAMの結果は置いといて、別のツールでもう少し調べてみますか。
今度は今までより少し詳しく内部を解析します。
と言ってもペソネさんはツールを操作するだけでその結果の解析と続きの作業指示は自分がするので不安がらなくていいです。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。
ただし、Windows10をお使いの場合は本体ファイルをそのまま削除すればいいです。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで1万文字以内に分割して、複数回に分けてレス送信してください。
1万文字を越えた投稿はfc2の文字数制限で途切れてしまうためです。
http://www1.odn.ne.jp/megukuma/count.htm

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです

悪代官
2017/04/13 (Thu) 20:52:28

返信フォームへ

Re: レジストリに異変？

悪代官さん、こんばんは。ペソネです。
OldTimer Listitでの作業が終わりましたので、報告いたします。

OTL logfile created on: 2017/04/13 21:41:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\imagawa\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.80 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 66.18% Memory free
5.18 Gb Paging File | 3.50 Gb Available in Paging File | 67.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 386.41 Gb Total Space | 363.75 Gb Free Space | 94.14% Space Free | Partition Type: NTFS
Drive D: | 65.19 Gb Total Space | 63.77 Gb Free Space | 97.82% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1PRU7ED | User Name: imagawa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2017/04/13 21:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\imagawa\Desktop\OTL.exe
PRC - [2017/02/09 21:10:48 | 000,256,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2016/07/17 03:22:06 | 000,365,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2017/03/28 15:22:52 | 000,347,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2017/03/28 15:21:33 | 003,318,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2017/03/28 15:20:11 | 000,764,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:[b]64bit:[/b] - [2017/03/28 15:09:22 | 000,103,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2017/03/28 14:32:23 | 000,635,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:[b]64bit:[/b] - [2017/03/28 14:28:25 | 000,407,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:[b]64bit:[/b] - [2017/03/28 14:26:44 | 000,549,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:[b]64bit:[/b] - [2017/03/28 14:13:32 | 000,650,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:[b]64bit:[/b] - [2017/03/28 14:11:24 | 001,981,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2017/03/28 14:10:05 | 001,231,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:[b]64bit:[/b] - [2017/03/19 01:35:45 | 002,278,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2017/03/04 15:33:28 | 000,095,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:[b]64bit:[/b] - [2017/03/04 15:29:39 | 000,082,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:[b]64bit:[/b] - [2017/03/04 15:29:21 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:[b]64bit:[/b] - [2017/03/04 15:28:56 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2017/03/04 15:28:56 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2017/03/04 15:25:51 | 001,016,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:[b]64bit:[/b] - [2017/03/04 15:24:38 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:[b]64bit:[/b] - [2017/03/04 15:24:03 | 000,560,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2017/03/04 15:23:43 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:[b]64bit:[/b] - [2017/03/04 15:23:18 | 000,715,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2017/03/04 15:23:17 | 000,330,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:[b]64bit:[/b] - [2017/03/04 15:15:29 | 001,837,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2017/03/04 15:12:58 | 000,805,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:[b]64bit:[/b] - [2017/03/04 15:11:22 | 001,312,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:[b]64bit:[/b] - [2017/03/04 15:10:23 | 000,770,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2017/03/04 15:07:14 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:[b]64bit:[/b] - [2016/12/14 13:43:24 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2016/11/11 18:20:50 | 000,339,456 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:[b]64bit:[/b] - [2016/11/11 18:19:59 | 000,411,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:[b]64bit:[/b] - [2016/11/11 18:19:35 | 000,285,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:[b]64bit:[/b] - [2016/11/11 18:14:35 | 002,104,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2016/11/11 18:05:32 | 004,136,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:[b]64bit:[/b] - [2016/11/11 18:04:16 | 000,691,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2016/11/02 19:22:02 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2016/11/02 19:16:47 | 000,265,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:[b]64bit:[/b] - [2016/10/05 18:18:56 | 000,983,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:[b]64bit:[/b] - [2016/09/16 01:40:41 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:[b]64bit:[/b] - [2016/09/16 01:35:45 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:[b]64bit:[/b] - [2016/09/16 01:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:[b]64bit:[/b] - [2016/09/16 01:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2016/09/16 01:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2016/09/16 01:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2016/09/16 01:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2016/09/16 01:35:06 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2016/09/16 01:23:51 | 001,020,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:[b]64bit:[/b] - [2016/09/15 01:00:00 | 000,447,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2016/09/15 00:59:25 | 000,781,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:[b]64bit:[/b] - [2016/09/15 00:59:16 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:[b]64bit:[/b] - [2016/08/06 12:34:01 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2016/07/16 20:43:50 | 000,082,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2016/07/16 20:43:47 | 000,436,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:[b]64bit:[/b] - [2016/07/16 20:43:18 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:42 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:39 | 000,161,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:38 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:38 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:36 | 000,183,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,827,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_2a235e)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_2a235e)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_2a235e)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_2a235e)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_2a235e)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_2a235e)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_2a235e)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:23 | 000,366,592 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:20 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:16 | 000,287,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:16 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:13 | 000,590,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:12 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,574,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,387,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,358,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,234,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,177,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:07 | 001,159,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:06 | 000,729,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:06 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:05 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:05 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:05 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:04 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,321,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2007/02/13 08:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2017/04/12 13:13:52 | 000,271,448 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\syswow64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/03/28 15:21:33 | 003,318,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2017/03/28 14:32:32 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\syswow64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2017/03/28 13:48:06 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\syswow64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2017/03/24 04:21:13 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/03/04 15:16:20 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\syswow64\Unistore.dll -- (UnistoreSvc)
SRV - [2016/11/11 16:05:12 | 003,370,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\syswow64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016/08/06 12:33:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\syswow64\smphost.dll -- (smphost)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

ペソネ
2017/04/13 (Thu) 22:15:48

返信フォームへ

Re: レジストリに異変？

ログ2

DRV:[b]64bit:[/b] - [2017/03/28 14:37:09 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2017/03/28 14:36:52 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2017/03/04 16:24:27 | 000,108,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2017/03/04 16:15:25 | 000,063,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2017/03/04 16:08:59 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2017/03/04 16:07:55 | 000,557,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2017/03/04 15:34:51 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:[b]64bit:[/b] - [2017/03/04 15:27:56 | 000,719,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:[b]64bit:[/b] - [2016/12/09 19:30:39 | 000,377,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2016/11/11 19:00:25 | 000,219,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2016/11/02 19:55:52 | 000,048,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:[b]64bit:[/b] - [2016/10/15 12:31:37 | 000,227,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2016/10/05 19:35:31 | 000,279,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2016/10/05 19:09:07 | 000,064,352 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:[b]64bit:[/b] - [2016/09/30 16:58:36 | 000,111,840 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TMUMH.sys -- (tmumh)
DRV:[b]64bit:[/b] - [2016/09/16 02:29:54 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2016/09/16 02:29:03 | 000,081,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2016/09/16 02:14:50 | 000,119,648 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:[b]64bit:[/b] - [2016/09/15 00:59:00 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:[b]64bit:[/b] - [2016/09/15 00:58:59 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2016/09/15 00:58:59 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:[b]64bit:[/b] - [2016/09/15 00:44:35 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2016/09/10 22:21:43 | 000,118,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:[b]64bit:[/b] - [2016/08/04 16:03:42 | 000,435,416 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:[b]64bit:[/b] - [2016/08/04 16:03:42 | 000,142,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:[b]64bit:[/b] - [2016/08/04 16:03:42 | 000,117,984 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:[b]64bit:[/b] - [2016/07/17 07:20:29 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2016/07/17 07:20:23 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2016/07/16 20:44:01 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2016/07/16 20:43:06 | 000,123,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2016/07/16 20:43:04 | 000,290,144 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2016/07/16 20:43:04 | 000,044,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:36 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:36 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:36 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:35 | 000,928,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:28 | 000,107,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:28 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,263,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,201,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,151,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:18 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:12 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:11 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,168,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,156,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,066,560 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:03 | 000,210,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:03 | 000,126,816 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:03 | 000,090,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:03 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:[b]64bit:[/b] - [2016/07/16 20:42:03 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,535,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,381,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,137,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,096,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:55 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,176,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,064,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,050,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,033,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:54 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 002,104,160 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,842,584 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,526,176 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,346,976 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,123,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scmdisk0101.sys -- (scmdisk0101)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,108,896 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,105,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,101,216 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,082,776 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,077,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,064,864 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,061,792 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,032,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,032,096 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,016,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:52 | 003,418,976 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:52 | 000,533,856 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:52 | 000,048,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:52 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 004,233,728 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwnx.sys -- (athr)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2016/07/16 20:41:50 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:[b]64bit:[/b] - [2016/06/24 14:58:42 | 000,561,952 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)
DRV:[b]64bit:[/b] - [2016/06/21 11:23:12 | 000,143,648 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:[b]64bit:[/b] - [2016/05/16 15:35:10 | 000,132,888 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmusa.sys -- (tmusa)
DRV:[b]64bit:[/b] - [2015/06/23 10:49:48 | 000,039,056 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\tmel.sys -- (tmel)
DRV:[b]64bit:[/b] - [2013/07/13 02:07:18 | 000,385,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2012/11/27 00:26:12 | 012,311,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010/11/05 05:33:12 | 000,055,272 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:[b]64bit:[/b] - [2010/08/30 04:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010/04/02 06:03:58 | 000,073,960 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:[b]64bit:[/b] - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009/07/22 00:41:22 | 000,011,776 | ---- | M] (NEC Corporation, NEC Personal Products, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\necbatt.sys -- (necbatt)
DRV:[b]64bit:[/b] - [2009/07/15 16:36:06 | 000,013,312 | ---- | M] (NEC Corporation, NEC Personal Products, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nececfil.sys -- (Nececfilter)
DRV:[b]64bit:[/b] - [2008/12/11 19:17:07 | 000,009,728 | ---- | M] (NEC Corporation, NEC Personal Products, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Ps2LedIF.sys -- (Ps2LedIF)
DRV:[b]64bit:[/b] - [2008/12/09 21:01:37 | 000,020,480 | ---- | M] ((C)NEC Corporation, NEC Personal Products, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfkgtkey.sys -- (MFKGTKEY)
DRV:[b]64bit:[/b] - [2008/12/09 15:17:00 | 000,011,776 | ---- | M] (NEC Corporation, NEC Personal Products, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ps2Led.sys -- (Ps2Led)
DRV - [2016/07/16 20:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

ペソネ
2017/04/13 (Thu) 22:18:29

返信フォームへ

Re: レジストリに異変？

ログ3

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ja-jp/?ocid=iehp
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 1B EC A7 C1 B2 D2 01 [binary data]
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = D6 C0 AF E0 5B B2 D2 01 [binary data]
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll ()

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\PROGRAM FILES (X86)\NTTW\SECURITY\AMSP\MODULE\20002\9.2.1026\9.2.1026\FIREFOXEXTENSION [2017/04/11 10:02:58 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{c2056674-a37f-4b29-9300-2004759d74fe}: C:\PROGRAM FILES (X86)\NTTW\SECURITY\AMSP\MODULE\20013\FXEXT\FIREFOXEXTENSION\ [2017/04/11 10:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff@trendmicro.com: C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension [2017/04/11 10:02:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{c2056674-a37f-4b29-9300-2004759d74fe}: C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\FxExt\firefoxextension\ [2017/04/11 10:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension [2017/04/11 10:01:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2017/04/11 09:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Extensions
[2017/04/13 21:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Firefox\Profiles\bufbqynu.default\extension-data
[2017/04/11 09:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Firefox\Profiles\bufbqynu.default\extensions
[2017/04/11 09:38:40 | 001,643,300 | ---- | M] () (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\firefox\profiles\bufbqynu.default\extensions\uBlock0@raymondhill.net.xpi
[2017/04/11 09:38:00 | 001,713,257 | ---- | M] () (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\firefox\profiles\bufbqynu.default\extensions\uMatrix@raymondhill.net.xpi
[2017/04/11 09:17:50 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\firefox\profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\disable-prefetch@mozilla.org.xpi
[2017/04/11 09:17:50 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\firefox\profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\e10srollout@mozilla.org.xpi
[2017/04/11 09:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser-extension-data
[2017/04/11 09:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser-extension-data\firefox@ghostery.com
[2017/04/11 09:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser-extension-data\jid1-3OQ5HY7YsLBV7Q@jetpack
[2017/04/11 09:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extension-data
[2017/04/11 09:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2017/04/11 09:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

O1 HOSTS File: ([2017/04/10 21:51:46 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (トレンドマイクロセキュリティツールバーヘルパー) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (トレンドマイクロネットワークフィルタプラグイン) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (トレンドマイクロIEプロテクション) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (トレンドマイクロセキュリティツールバーヘルパー) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (トレンドマイクロネットワークフィルタプラグイン) - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (トレンドマイクロIEプロテクション) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll (Trend Micro Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (セキュリティツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (セキュリティツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NECMFK] C:\Program Files\NECMFK\necmfk.exe (NEC Corporation, NEC Personal Products, Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Platinum] C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001..\Run: [OneDrive] C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200d8f80-1235-48dd-8e77-d7ad9b7583cb}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\syswow64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmop {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll (Î÷ÈÕ±¾ëŠÐÅëŠÔ’ÖêÊ½»áÉç)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\syswow64\tbauth.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:[b]64bit:[/b] {31699572-6286-3C1C-A03C-511D59181038} - .NET Framework
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {71A5A636-652F-3BE0-BC14-02545E9F5EC7} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

ペソネ
2017/04/13 (Thu) 22:19:27

返信フォームへ

Re: レジストリに異変？

ログ4

[2017/04/13 21:34:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\imagawa\Desktop\OTL.exe
[2017/04/12 23:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2017/04/12 23:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2017/04/12 23:11:35 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Malwarebytes
[2017/04/12 13:39:39 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\ElevatedDiagnostics
[2017/04/12 07:30:57 | 006,667,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2017/04/12 07:30:56 | 003,307,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2017/04/12 07:30:55 | 005,721,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll
[2017/04/12 07:30:55 | 001,277,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2017/04/12 07:30:54 | 006,109,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2017/04/12 07:30:54 | 002,994,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2017/04/12 07:30:54 | 001,202,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2017/04/12 07:30:53 | 001,851,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2017/04/12 07:30:53 | 000,981,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2017/04/12 07:30:52 | 004,614,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2017/04/12 07:30:52 | 001,414,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2017/04/12 07:30:51 | 007,468,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2017/04/12 07:30:50 | 001,344,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsrcsnk.dll
[2017/04/12 07:30:49 | 001,564,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quartz.dll
[2017/04/12 07:30:49 | 000,861,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2017/04/12 07:30:49 | 000,545,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2017/04/12 07:30:49 | 000,315,744 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2017/04/12 07:30:48 | 003,198,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cdp.dll
[2017/04/12 07:30:48 | 001,431,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2017/04/12 07:30:48 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCRecvSrc.dll
[2017/04/12 07:30:48 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2017/04/12 07:30:46 | 005,685,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2017/04/12 07:30:46 | 004,023,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2017/04/12 07:30:46 | 001,004,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll
[2017/04/12 07:30:46 | 000,975,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.appcore.dll
[2017/04/12 07:30:46 | 000,886,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aadtb.dll
[2017/04/12 07:30:46 | 000,675,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2017/04/12 07:30:46 | 000,557,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2017/04/12 07:30:45 | 001,360,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2017/04/12 07:30:45 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2017/04/12 07:30:45 | 000,846,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2017/04/12 07:30:45 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.AccountsControl.dll
[2017/04/12 07:30:44 | 003,106,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe
[2017/04/12 07:30:44 | 001,077,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Editing.dll
[2017/04/12 07:30:44 | 000,827,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2017/04/12 07:30:44 | 000,576,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wer.dll
[2017/04/12 07:30:44 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll
[2017/04/12 07:30:44 | 000,306,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.MediaControl.dll
[2017/04/12 07:30:44 | 000,263,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
[2017/04/12 07:30:44 | 000,167,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscapi.dll
[2017/04/12 07:30:44 | 000,136,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
[2017/04/12 07:30:44 | 000,116,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
[2017/04/12 07:30:44 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\updatepolicy.dll
[2017/04/12 07:30:43 | 002,646,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CertEnroll.dll
[2017/04/12 07:30:43 | 002,138,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputService.dll
[2017/04/12 07:30:43 | 001,221,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
[2017/04/12 07:30:43 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Phone.dll
[2017/04/12 07:30:43 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2017/04/12 07:30:43 | 000,901,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Bluetooth.dll
[2017/04/12 07:30:43 | 000,895,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2017/04/12 07:30:43 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApiPublic.dll
[2017/04/12 07:30:43 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
[2017/04/12 07:30:43 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
[2017/04/12 07:30:42 | 001,232,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Maps.dll
[2017/04/12 07:30:42 | 000,819,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppContracts.dll
[2017/04/12 07:30:42 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll
[2017/04/12 07:30:42 | 000,589,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2017/04/12 07:30:42 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToManager.dll
[2017/04/12 07:30:42 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepsync.dll
[2017/04/12 07:30:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2017/04/12 07:30:42 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.SerialCommunication.dll
[2017/04/12 07:30:41 | 001,656,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Perception.dll
[2017/04/12 07:30:41 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2017/04/12 07:30:41 | 000,862,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2017/04/12 07:30:41 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MiracastReceiver.dll
[2017/04/12 07:30:41 | 000,783,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll
[2017/04/12 07:30:41 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2017/04/12 07:30:41 | 000,746,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcprx.dll
[2017/04/12 07:30:41 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wpnapps.dll
[2017/04/12 07:30:41 | 000,620,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.dll
[2017/04/12 07:30:41 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2017/04/12 07:30:41 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bcastdvr.exe
[2017/04/12 07:30:41 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.InkControls.dll
[2017/04/12 07:30:41 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RTMediaFrame.dll
[2017/04/12 07:30:41 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Bluetooth.dll
[2017/04/12 07:30:41 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
[2017/04/12 07:30:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BasicRender.sys
[2017/04/12 07:30:40 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll
[2017/04/12 07:30:40 | 001,534,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.3D.dll
[2017/04/12 07:30:40 | 000,711,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2017/04/12 07:30:40 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.PointOfService.dll
[2017/04/12 07:30:40 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Import.dll
[2017/04/12 07:30:40 | 000,598,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.dll
[2017/04/12 07:30:40 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2017/04/12 07:30:40 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.dll
[2017/04/12 07:30:40 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mbsmsapi.dll
[2017/04/12 07:30:40 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
[2017/04/12 07:30:40 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efswrt.dll
[2017/04/12 07:30:40 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Gaming.Input.dll
[2017/04/12 07:30:40 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredProvDataModel.dll
[2017/04/12 07:30:40 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.LowLevel.dll
[2017/04/12 07:30:40 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2017/04/12 07:30:40 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToDevice.dll
[2017/04/12 07:30:40 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Gaming.XboxLive.Storage.dll
[2017/04/12 07:30:40 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
[2017/04/12 07:30:40 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RADCUI.dll
[2017/04/12 07:30:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CryptoWinRT.dll
[2017/04/12 07:30:40 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Picker.dll
[2017/04/12 07:30:40 | 000,237,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncSettings.dll
[2017/04/12 07:30:40 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ErrorDetails.dll
[2017/04/12 07:30:40 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.System.SystemManagement.dll
[2017/04/12 07:30:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmjpegdec.dll
[2017/04/12 07:30:39 | 006,474,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe
[2017/04/12 07:30:39 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.FaceAnalysis.dll
[2017/04/12 07:30:39 | 001,196,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscui.cpl
[2017/04/12 07:30:39 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ipsecsnp.dll
[2017/04/12 07:30:39 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.SmartCards.dll
[2017/04/12 07:30:39 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ipsmsnap.dll
[2017/04/12 07:30:39 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
[2017/04/12 07:30:39 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFiDirect.dll
[2017/04/12 07:30:39 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Midi.dll
[2017/04/12 07:30:39 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
[2017/04/12 07:30:39 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Management.dll
[2017/04/12 07:30:39 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.dll
[2017/04/12 07:30:39 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\unimdm.tsp
[2017/04/12 07:30:39 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AboveLockAppHost.dll
[2017/04/12 07:30:39 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apds.dll
[2017/04/12 07:30:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2017/04/12 07:30:39 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Scanners.dll
[2017/04/12 07:30:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
[2017/04/12 07:30:39 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Lights.dll
[2017/04/12 07:30:39 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Devices.dll
[2017/04/12 07:30:38 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
[2017/04/12 07:30:38 | 000,787,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sbe.dll
[2017/04/12 07:30:38 | 000,747,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Ocr.dll
[2017/04/12 07:30:38 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmenrollengine.dll
[2017/04/12 07:30:38 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2017/04/12 07:30:38 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\deviceaccess.dll
[2017/04/12 07:30:38 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dlnashext.dll
[2017/04/12 07:30:38 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToReceiver.dll
[2017/04/12 07:30:38 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WwaApi.dll
[2017/04/12 07:30:38 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\vaultcli.dll
[2017/04/12 07:30:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Identity.Provider.dll
[2017/04/12 07:30:38 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\enrollmentapi.dll
[2017/04/12 07:30:38 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
[2017/04/12 07:30:38 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dialclient.dll
[2017/04/12 07:30:38 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DisplayManager.dll
[2017/04/12 07:30:38 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinRtTracing.dll
[2017/04/12 07:30:38 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepapi.dll
[2017/04/12 07:30:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.HostName.dll
[2017/04/12 07:30:38 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppointmentActivation.dll
[2017/04/12 07:30:38 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AuthBroker.dll
[2017/04/12 07:30:38 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Core.dll
[2017/04/12 07:30:38 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
[2017/04/12 07:30:38 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
[2017/04/12 07:30:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2017/04/12 07:30:38 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XblAuthTokenBrokerExt.dll
[2017/04/12 07:30:38 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.System.UserDeviceAssociation.dll
[2017/04/12 07:30:38 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BasicDisplay.sys
[2017/04/12 07:30:38 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XblAuthManagerProxy.dll
[2017/04/12 07:30:38 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBrokerUI.dll
[2017/04/12 07:30:37 | 003,733,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2017/04/12 07:30:37 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CoreMessaging.dll
[2017/04/12 07:30:37 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExSMime.dll
[2017/04/12 07:30:37 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2017/04/12 07:30:37 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2017/04/12 07:30:37 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Diagnostics.dll
[2017/04/12 07:30:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usoapi.dll
[2017/04/12 07:30:37 | 000,037,376 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2017/04/12 07:30:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\odbcconf.dll
[2017/04/12 07:30:36 | 002,424,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Perception.dll
[2017/04/12 07:30:36 | 001,266,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll
[2017/04/12 07:30:36 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusUpdateHandlers.dll
[2017/04/12 07:30:35 | 004,596,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\xpsrchvw.exe
[2017/04/12 07:30:35 | 003,520,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsrchvw.exe
[2017/04/12 07:30:35 | 001,369,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Phone.dll
[2017/04/12 07:30:35 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.dll
[2017/04/12 07:30:35 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.InkControls.dll
[2017/04/12 07:30:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2017/04/12 07:30:34 | 008,168,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2017/04/12 07:30:34 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Maps.dll
[2017/04/12 07:30:34 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Cred.dll
[2017/04/12 07:30:34 | 001,080,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Ocr.dll
[2017/04/12 07:30:34 | 000,963,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebcamUi.dll
[2017/04/12 07:30:34 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WebcamUi.dll
[2017/04/12 07:30:34 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Wallet.dll
[2017/04/12 07:30:34 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Gaming.XboxLive.Storage.dll
[2017/04/12 07:30:34 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.dll
[2017/04/12 07:30:34 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WwaApi.dll
[2017/04/12 07:30:34 | 000,237,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Diagnostics.dll
[2017/04/12 07:30:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinRtTracing.dll
[2017/04/12 07:30:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Core.dll
[2017/04/12 07:30:34 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2017/04/12 07:30:29 | 007,220,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll
[2017/04/12 07:30:27 | 007,655,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mos.dll
[2017/04/12 07:30:27 | 001,702,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2017/04/12 07:30:26 | 003,778,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2017/04/12 07:30:26 | 001,981,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2017/04/12 07:30:26 | 001,302,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2017/04/12 07:30:25 | 006,288,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2017/04/12 07:30:25 | 002,213,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2017/04/12 07:30:25 | 001,072,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2017/04/12 07:30:24 | 008,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2017/04/12 07:30:23 | 004,149,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2017/04/12 07:30:23 | 001,988,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2017/04/12 07:30:23 | 001,848,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsrcsnk.dll
[2017/04/12 07:30:22 | 000,773,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2017/04/12 07:30:22 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usocore.dll
[2017/04/12 07:30:22 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe
[2017/04/12 07:30:21 | 002,390,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\smartscreen.exe
[2017/04/12 07:30:21 | 001,860,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2017/04/12 07:30:21 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2017/04/12 07:30:21 | 000,999,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWorkspace.dll
[2017/04/12 07:30:21 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2017/04/12 07:30:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkBindingEngineMigPlugin.dll
[2017/04/12 07:30:21 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatehandlers.dll
[2017/04/12 07:30:21 | 000,218,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LsaIso.exe
[2017/04/12 07:30:21 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotificationUx.exe
[2017/04/12 07:30:20 | 004,260,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2017/04/12 07:30:20 | 001,403,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Editing.dll
[2017/04/12 07:30:20 | 001,293,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2017/04/12 07:30:20 | 001,145,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EmailApis.dll
[2017/04/12 07:30:20 | 000,947,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVP9DEC.dll
[2017/04/12 07:30:20 | 000,765,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2017/04/12 07:30:20 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2017/04/12 07:30:20 | 000,387,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpps.dll
[2017/04/12 07:30:20 | 000,360,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe
[2017/04/12 07:30:20 | 000,198,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wscapi.dll
[2017/04/12 07:30:20 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDataTimeUtil.dll
[2017/04/12 07:30:20 | 000,097,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Credentials.UI.CredentialPicker.dll
[2017/04/12 07:30:20 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\musdialoghandlers.dll
[2017/04/12 07:30:19 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Audio.dll
[2017/04/12 07:30:19 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnapps.dll
[2017/04/12 07:30:19 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApiPublic.dll
[2017/04/12 07:30:19 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efswrt.dll
[2017/04/12 07:30:19 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RTMediaFrame.dll
[2017/04/12 07:30:19 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.DeviceEncryptionHandlers.dll
[2017/04/12 07:30:19 | 000,092,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll
[2017/04/12 07:30:17 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2017/04/12 07:30:17 | 000,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.dll
[2017/04/12 07:30:17 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsApi.dll
[2017/04/12 07:30:17 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll
[2017/04/12 07:30:17 | 000,360,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2017/04/12 07:30:17 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AboveLockAppHost.dll
[2017/04/12 07:30:16 | 001,220,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wscui.cpl
[2017/04/12 07:30:16 | 000,671,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mbsmsapi.dll
[2017/04/12 07:30:16 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\unimdm.tsp
[2017/04/12 07:30:16 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Identity.Provider.dll
[2017/04/12 07:30:16 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2017/04/12 07:30:15 | 001,908,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AzureSettingSyncProvider.dll
[2017/04/12 07:30:15 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AccountsRt.dll
[2017/04/12 07:30:15 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgentUserBroker.exe
[2017/04/12 07:30:15 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll
[2017/04/12 07:30:15 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RdpRelayTransport.dll
[2017/04/12 07:30:15 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2017/04/12 07:30:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpninprc.dll
[2017/04/12 07:30:14 | 022,568,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2017/04/12 07:30:12 | 008,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2017/04/12 07:30:06 | 018,364,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2017/04/12 07:30:06 | 006,045,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2017/04/12 07:30:03 | 001,738,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2017/04/12 07:30:03 | 001,513,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2017/04/12 07:30:03 | 001,276,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2017/04/12 07:30:02 | 001,633,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\quartz.dll
[2017/04/12 07:30:01 | 000,975,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe
[2017/04/12 07:30:01 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MCRecvSrc.dll
[2017/04/12 07:30:01 | 000,913,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2017/04/12 07:30:01 | 000,912,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.SmartCards.dll
[2017/04/12 07:30:00 | 001,105,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MiracastReceiver.dll
[2017/04/12 07:30:00 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2017/04/12 07:30:00 | 000,402,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2017/04/12 07:29:59 | 001,275,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Bluetooth.dll
[2017/04/12 07:29:59 | 001,157,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll
[2017/04/12 07:29:59 | 000,603,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ContentDeliveryManager.Utilities.dll
[2017/04/12 07:29:59 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Bluetooth.dll
[2017/04/12 07:29:58 | 001,637,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2017/04/12 07:29:58 | 001,589,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdtctm.dll
[2017/04/12 07:29:58 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.PointOfService.dll
[2017/04/12 07:29:58 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.dll
[2017/04/12 07:29:58 | 000,692,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CellularAPI.dll
[2017/04/12 07:29:58 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FlightSettings.dll
[2017/04/12 07:29:58 | 000,328,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll
[2017/04/12 07:29:58 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.HumanInterfaceDevice.dll
[2017/04/12 07:29:57 | 007,786,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2017/04/12 07:29:57 | 005,611,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2017/04/12 07:29:57 | 000,241,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHost.dll
[2017/04/12 07:29:57 | 000,160,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostBroker.dll
[2017/04/12 07:29:56 | 002,095,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2017/04/12 07:29:56 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2017/04/12 07:29:56 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2017/04/12 07:29:56 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.OnlineId.dll
[2017/04/12 07:29:56 | 000,924,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2017/04/12 07:29:56 | 000,908,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2017/04/12 07:29:56 | 000,875,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll
[2017/04/12 07:29:56 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll
[2017/04/12 07:29:56 | 000,701,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2017/04/12 07:29:56 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToManager.dll
[2017/04/12 07:29:56 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Geolocation.dll
[2017/04/12 07:29:56 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2017/04/12 07:29:56 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafpos.dll
[2017/04/12 07:29:56 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Lights.dll
[2017/04/12 07:29:56 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FontProvider.dll
[2017/04/12 07:29:55 | 002,208,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.3D.dll
[2017/04/12 07:29:55 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2017/04/12 07:29:55 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll
[2017/04/12 07:29:55 | 000,568,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.LowLevel.dll
[2017/04/12 07:29:55 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFiDirect.dll
[2017/04/12 07:29:55 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToDevice.dll
[2017/04/12 07:29:55 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Usb.dll
[2017/04/12 07:29:55 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpAXHolder.dll
[2017/04/12 07:29:55 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.BlockedShutdown.dll
[2017/04/12 07:29:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Picker.dll
[2017/04/12 07:29:55 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncSettings.dll
[2017/04/12 07:29:55 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2017/04/12 07:29:55 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmjpegdec.dll
[2017/04/12 07:29:54 | 000,661,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WpcWebFilter.dll
[2017/04/12 07:29:54 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.SmartCards.Phone.dll
[2017/04/12 07:29:54 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToReceiver.dll
[2017/04/12 07:29:54 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2017/04/12 07:29:54 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\flvprophandler.dll
[2017/04/12 07:29:54 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DisplayManager.dll
[2017/04/12 07:29:54 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceDirectoryClient.dll
[2017/04/12 07:29:54 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.SerialCommunication.dll
[2017/04/12 07:29:54 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2017/04/12 07:29:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DdcWnsListener.dll
[2017/04/12 07:29:53 | 004,474,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll
[2017/04/12 07:29:53 | 001,231,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dosvc.dll
[2017/04/12 07:29:53 | 001,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadtb.dll
[2017/04/12 07:29:53 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadcloudap.dll
[2017/04/12 07:29:53 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\indexeddbserver.dll
[2017/04/12 07:29:53 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Printers.dll
[2017/04/12 07:29:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2017/04/12 07:29:52 | 001,040,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NaturalLanguage6.dll
[2017/04/12 07:29:52 | 000,945,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebFilter.dll
[2017/04/12 07:29:52 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CastLaunch.dll
[2017/04/12 07:29:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\odbcconf.dll
[2017/04/12 07:29:51 | 001,600,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2017/04/12 07:29:50 | 003,612,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2017/04/12 07:29:50 | 002,278,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2017/04/12 07:29:50 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModel.dll
[2017/04/12 07:29:48 | 001,692,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2017/04/12 07:29:48 | 001,569,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2017/04/12 07:29:48 | 001,010,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2017/04/12 07:29:48 | 000,628,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2017/04/12 07:29:48 | 000,379,232 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2017/04/12 07:29:47 | 009,130,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2017/04/12 07:29:47 | 007,216,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2017/04/12 07:29:47 | 003,542,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2017/04/12 07:29:47 | 001,643,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll
[2017/04/12 07:29:46 | 001,267,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2017/04/12 07:29:46 | 001,100,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvix64.exe
[2017/04/12 07:29:46 | 000,989,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvax64.exe
[2017/04/12 07:29:46 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.AccountsControl.dll
[2017/04/12 07:29:45 | 002,914,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CertEnroll.dll
[2017/04/12 07:29:45 | 001,060,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppContracts.dll
[2017/04/12 07:29:45 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2017/04/12 07:29:45 | 000,764,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CoreMessaging.dll
[2017/04/12 07:29:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ShareHost.dll
[2017/04/12 07:29:45 | 000,682,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wer.dll
[2017/04/12 07:29:45 | 000,379,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepsync.dll
[2017/04/12 07:29:45 | 000,372,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.MediaControl.dll
[2017/04/12 07:29:45 | 000,146,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostCommon.dll
[2017/04/12 07:29:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatepolicy.dll
[2017/04/12 07:29:44 | 004,749,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2017/04/12 07:29:44 | 001,617,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2017/04/12 07:29:44 | 001,586,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2017/04/12 07:29:44 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2017/04/12 07:29:44 | 000,565,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2017/04/12 07:29:44 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Gaming.Input.dll
[2017/04/12 07:29:44 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Management.dll
[2017/04/12 07:29:44 | 000,343,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2017/04/12 07:29:44 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2017/04/12 07:29:44 | 000,178,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostUser.dll
[2017/04/12 07:29:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmcertinst.exe
[2017/04/12 07:29:44 | 000,142,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2017/04/12 07:29:43 | 001,294,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2017/04/12 07:29:43 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Import.dll
[2017/04/12 07:29:43 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2017/04/12 07:29:43 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneBackupHandler.dll
[2017/04/12 07:29:43 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dlnashext.dll
[2017/04/12 07:29:43 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDeviceRegistration.dll
[2017/04/12 07:29:43 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFi.dll
[2017/04/12 07:29:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepapi.dll
[2017/04/12 07:29:42 | 000,966,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sbe.dll
[2017/04/12 07:29:42 | 000,869,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2017/04/12 07:29:42 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.AllJoyn.dll
[2017/04/12 07:29:42 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2017/04/12 07:29:42 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Midi.dll
[2017/04/12 07:29:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CryptoWinRT.dll
[2017/04/12 07:29:42 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.LockScreen.dll
[2017/04/12 07:29:42 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeveloperOptionsSettingsHandlers.dll
[2017/04/12 07:29:42 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2017/04/12 07:29:42 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Family.SyncEngine.dll
[2017/04/12 07:29:42 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ErrorDetails.dll
[2017/04/12 07:29:42 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Devices.dll
[2017/04/12 07:29:42 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_ClosedCaptioning.dll
[2017/04/12 07:29:42 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryClient.dll
[2017/04/12 07:29:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vss_ps.dll
[2017/04/12 07:29:41 | 005,114,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdp.dll
[2017/04/12 07:29:41 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe
[2017/04/12 07:29:41 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbonRes.dll
[2017/04/12 07:29:41 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbonRes.dll
[2017/04/12 07:29:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleacc.dll
[2017/04/12 07:29:41 | 000,329,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceaccess.dll
[2017/04/12 07:29:41 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vaultcli.dll
[2017/04/12 07:29:41 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudDomainJoinDataModelServer.dll
[2017/04/12 07:29:41 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Radios.dll
[2017/04/12 07:29:41 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enrollmentapi.dll
[2017/04/12 07:29:41 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Family.Client.dll
[2017/04/12 07:29:41 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll
[2017/04/12 07:29:41 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthBroker.dll
[2017/04/12 07:29:41 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.System.SystemManagement.dll
[2017/04/12 07:29:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDeviceRegistration.Ngc.dll
[2017/04/12 07:29:41 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XblAuthTokenBrokerExt.dll
[2017/04/12 07:29:41 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.System.UserDeviceAssociation.dll
[2017/04/12 07:29:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XblAuthManagerProxy.dll
[2017/04/12 07:29:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSManMigrationPlugin.dll
[2017/04/12 07:29:41 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBrokerUI.dll
[2017/04/12 07:29:41 | 000,045,056 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll

ペソネ
2017/04/13 (Thu) 22:21:53

返信フォームへ

Re: レジストリに異変？

ログ5

[2017/04/11 21:46:32 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Adobe
[2017/04/11 21:09:22 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Geek Uninstaller
[2017/04/11 20:49:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2017/04/11 14:34:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\デスクトップ
[2017/04/11 14:34:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\スタートメニュー
[2017/04/11 14:34:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2017/04/11 14:34:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2017/04/11 14:34:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2017/04/11 14:34:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2017/04/11 14:34:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2017/04/11 14:34:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2017/04/11 14:34:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2017/04/11 14:34:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2017/04/11 14:26:32 | 000,000,000 | ---D | C] -- C:\Intel
[2017/04/11 14:26:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2017/04/11 14:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2017/04/11 14:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\USOShared
[2017/04/11 14:21:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2017/04/11 14:20:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SleepStudy
[2017/04/11 14:20:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServiceProfiles
[2017/04/11 14:20:09 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\Microsoft
[2017/04/11 10:46:22 | 000,251,832 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\6A7253DD.sys
[2017/04/11 10:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/04/11 10:43:09 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Programs
[2017/04/11 10:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/04/11 10:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2017/04/11 10:23:56 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Trend Micro
[2017/04/11 10:09:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/04/11 10:07:26 | 000,000,000 | -H-D | C] -- C:\TMRescueDisk
[2017/04/11 10:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTTW
[2017/04/11 10:03:09 | 000,561,952 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmnciesc.sys
[2017/04/11 10:03:09 | 000,143,648 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmeevw.sys
[2017/04/11 10:03:04 | 000,435,416 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmcomm.sys
[2017/04/11 10:03:04 | 000,142,552 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmactmon.sys
[2017/04/11 10:03:04 | 000,117,984 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmevtmgr.sys
[2017/04/11 10:03:04 | 000,111,840 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\TMUMH.sys
[2017/04/11 10:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\tmumh
[2017/04/11 10:03:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\tmumh
[2017/04/11 10:03:03 | 000,132,888 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmusa.sys
[2017/04/11 10:03:01 | 000,039,056 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmel.sys
[2017/04/11 10:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2017/04/11 09:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\NTTW
[2017/04/11 09:56:38 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NTTW
[2017/04/11 09:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NTTW
[2017/04/11 09:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NTTW
[2017/04/11 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2017/04/11 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2017/04/11 09:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2017/04/11 09:43:16 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Macromedia
[2017/04/11 09:43:16 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Macromedia
[2017/04/11 09:37:12 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Sun
[2017/04/11 09:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2017/04/11 09:05:03 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Mozilla
[2017/04/11 09:05:03 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Mozilla
[2017/04/11 09:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2017/04/11 09:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2017/04/10 23:06:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2017/04/10 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\MicrosoftEdge
[2017/04/10 22:45:10 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Skype
[2017/04/10 22:43:56 | 000,000,000 | R--D | C] -- C:\Users\imagawa\OneDrive
[2017/04/10 22:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2017/04/10 22:41:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017/04/10 22:41:16 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Comms
[2017/04/10 22:41:13 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Publishers
[2017/04/10 22:41:05 | 000,000,000 | R--D | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017/04/10 22:41:05 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Searches
[2017/04/10 22:41:05 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Contacts
[2017/04/10 22:41:05 | 000,000,000 | R--D | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017/04/10 22:40:58 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\VirtualStore
[2017/04/10 22:40:57 | 000,000,000 | -H-D | C] -- C:\Users\imagawa\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/04/10 22:40:57 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\TileDataLayer
[2017/04/10 22:40:57 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Packages
[2017/04/10 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\ConnectedDevicesPlatform
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\スタートメニュー
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\AppData\Local\Temporary Internet Files
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\Templates
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\SendTo
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\Recent
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\PrintHood
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\NetHood
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\Documents\My Videos
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\Documents\My Pictures
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\Documents\My Music
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\My Documents
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\Local Settings
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\AppData\Local\History
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\Cookies
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\Application Data
[2017/04/10 22:40:37 | 000,000,000 | -HSD | C] -- C:\Users\imagawa\AppData\Local\Application Data
[2017/04/10 22:40:36 | 000,000,000 | --SD | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Videos
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Saved Games
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Pictures
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Music
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Links
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Favorites
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Downloads
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Documents
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\Desktop
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017/04/10 22:40:36 | 000,000,000 | R--D | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2017/04/10 22:40:36 | 000,000,000 | -H-D | C] -- C:\Users\imagawa\AppData
[2017/04/10 22:40:36 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Temp
[2017/04/10 22:40:36 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Microsoft
[2017/04/10 22:40:36 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017/04/10 22:36:53 | 002,717,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PrintConfig.dll
[2017/04/10 22:35:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2017/04/10 22:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\InfusedApps
[2017/04/10 22:11:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2017/04/10 22:11:20 | 000,000,000 | ---D | C] -- C:\Windows.old
[2017/04/10 22:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2017/04/10 22:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\NECMFK
[2017/04/10 22:09:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Setup
[2017/04/10 22:05:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer
[2017/04/10 22:05:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\OCR
[2017/04/10 22:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2017/04/10 22:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2017/04/10 22:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2017/04/10 22:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2017/04/10 22:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\winrm
[2017/04/10 22:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\WCN
[2017/04/10 22:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sysprep
[2017/04/10 22:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\slmgr
[2017/04/10 22:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Printing_Admin_Scripts
[2017/04/10 22:04:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ja
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\winrm
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\WCN
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\UMDF
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\slmgr
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Printing_Admin_Scripts
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\UMDF\ja-JP
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\ja-JP
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\UMDF\en-US
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\en-US
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en
[2017/04/10 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\0409
[2017/04/10 22:04:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\ja
[2017/04/10 22:04:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\UMDF\ja-JP
[2017/04/10 22:04:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\UMDF\en-US
[2017/04/10 22:04:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\en
[2017/04/10 22:04:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\ja-JP
[2017/04/10 22:04:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\en-US
[2017/04/10 22:04:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\0409
[2017/04/10 22:04:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ja-JP
[2017/04/10 22:04:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\en-US
[2017/04/10 22:04:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\DigitalLocker
[2017/04/10 21:59:17 | 000,835,576 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/04/10 21:59:17 | 000,177,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2017/04/10 21:57:09 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msclmd.dll
[2017/04/10 21:56:57 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msclmd.dll
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\Nui
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\Nui
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\F12
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\F12
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\dsc
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\DiagSvcs
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\DiagSvcs
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\Configuration
[2017/04/10 21:56:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\Configuration
[2017/04/10 21:56:39 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Media
[2017/04/10 21:56:39 | 000,000,000 | R--D | C] -- C:\WINDOWS\PrintDialog
[2017/04/10 21:56:39 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2017/04/10 21:56:39 | 000,000,000 | R--D | C] -- C:\WINDOWS\MiracastView
[2017/04/10 21:56:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\zh-TW
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\zh-TW
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\zh-HK
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\zh-HK
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\zh-CN
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\zh-CN
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\WinMetadata
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\WinMetadata
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\winevt
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\WindowsPowerShell
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\WindowsPowerShell
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\WinBioPlugIns
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\WinBioDatabase
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Web
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\WDI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\wbem
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\wbem
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Vss
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\uk-UA
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\uk-UA
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\tr-TR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\tr-TR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\tracing
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\th-TH
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\th-TH
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Tasks
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Tasks
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Tasks
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\TAPI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\syswow64
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SystemResources
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SystemResetPlatform
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SystemApps
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sv-SE
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\sv-SE
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sru
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\sru
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sr-Latn-RS
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\sr-Latn-RS
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sr-Latn-CS
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\sr-Latn-CS
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sppui
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\sppui
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\spp
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\spp
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\spool
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Speech_OneCore
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Speech_OneCore
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Speech_OneCore
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Speech
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\Speech
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Speech
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Speech
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\SMI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sl-SI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\sl-SI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sk-SK
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\sk-SK
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SKB
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellExperiences
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\setup
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\setup
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SecureBootUpdates
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\schemas
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ru-RU
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\ru-RU
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ro-RO
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\ro-RO
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\restore
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\restore
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\rescache
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Recovery
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Recovery
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RasToast
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\RasToast
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ras
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\ras
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\pt-PT
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\pt-PT
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\pt-BR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\pt-BR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\ProximityToast
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\prefetch
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\PolicyDefinitions
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\PointOfService
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\pl-PL
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\pl-PL
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\PLA
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\oobe
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\oobe
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\nl-NL
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\nl-NL
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\networklist
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\networklist
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\NDF
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\NDF
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\nb-NO
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\nb-NO
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\MUI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MUI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\MsDtc
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MsDtc
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\MSDRM
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MSDRM
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ModemLogs
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\migwiz
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\migwiz
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\migration
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\migration
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Migration
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\MailContactsCalendarSync
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MailContactsCalendarSync
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Macromed
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Macromed
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\lv-LV
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\lv-LV
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\lt-LT
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\lt-LT
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\LogFiles
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\LogFiles
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LiveKernelReports
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Licenses
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Licenses
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ko-KR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\ko-KR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ja-JP
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\ja-jp
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\it-IT
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\it-IT
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Ipmi
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Ipmi
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\InstallShield
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\InputMethod
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\InputMethod
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\InputMethod
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\inetsrv
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\inetsrv
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\IME
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\IME
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\icsxml
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\icsxml
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\hu-HU
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\hu-HU
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\hr-HR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\hr-HR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\he-IL
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\he-IL
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\GroupPolicyUsers
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\GroupPolicyUsers
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\GroupPolicy
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\GroupPolicy
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\FxsTmp
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\FxsTmp
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\fr-FR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\fr-FR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\fr-CA
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\fr-CA
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\fi-FI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\fi-FI
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\et-EE
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\et-EE
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\etc
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\es-MX
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\es-MX
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\es-ES
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\es-ES
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en-US
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\en-US
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en-GB
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\en-GB
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\el-GR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\el-GR
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\DriverStore
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\downlevel
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\downlevel
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Dism
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Dism
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\de-DE
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\de-DE
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DDFs
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\da-DK
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\da-DK
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\cs-CZ
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\cs-CZ
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\config
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Com
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Com
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\CodeIntegrity
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\catroot2
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\catroot
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Bthprops
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Bthprops
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Boot
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\bg-BG
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\bg-BG
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ar-SA
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\ar-SA
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appraiser
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\AppLocker
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\AppLocker
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\AdvancedInstallers
[2017/04/10 21:56:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\AdvancedInstallers
[2017/04/10 21:56:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft
[2017/04/10 21:56:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2017/04/10 21:56:38 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2017/04/10 21:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[2017/04/10 21:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[2017/04/10 21:56:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Microsoft.NET
[2017/04/10 21:56:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\ImmersiveControlPanel
[2017/04/10 21:56:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\assembly
[2017/04/10 21:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017/04/10 21:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2017/04/10 21:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[2017/04/10 21:56:38 | 000,000,000 | -HSD | C] -- C:\Program Files\Windows Sidebar
[2017/04/10 21:56:38 | 000,000,000 | -HSD | C] -- C:\Program Files (x86)\Windows Sidebar
[2017/04/10 21:56:38 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsApps
[2017/04/10 21:56:38 | 000,000,000 | -H-D | C] -- C:\ProgramData
[2017/04/10 21:56:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ELAMBKUP
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsPowerShell
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WindowsPowerShell
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Photo Viewer
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Photo Viewer
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows NT
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Multimedia Platform
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Multimedia Platform
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Mail
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Mail
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Defender
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\USOPrivate
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\System
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Sysprep
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftwareDistribution
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Services
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\microsoft shared
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Shared
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\IME
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Globalization
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\GameBarPresenceWriter
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\diagnostics
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\debug
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Comms
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Branding
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Boot
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\bcastdvr
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppReadiness
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\appcompat
[2017/04/10 21:56:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2017/04/10 21:56:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\UMDF
[2017/04/10 21:56:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers
[2017/04/10 21:54:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\INF
[2017/04/10 21:38:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\CbsTemp
[2017/04/10 21:29:15 | 000,000,000 | R--D | C] -- C:\Users
[2017/04/10 21:29:15 | 000,000,000 | R--D | C] -- C:\Program Files
[2017/04/10 21:29:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\Windows
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SMI
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\servicing
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DriverStore
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\config
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files
[2017/04/10 21:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\CatRoot
[2017/04/10 21:16:45 | 000,000,000 | -H-D | C] -- C:\$SysReset

ペソネ
2017/04/13 (Thu) 22:24:39

返信フォームへ

Re: レジストリに異変？

ログ6

[2017/03/21 14:55:38 | 000,034,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CompPkgSup.dll
[2017/03/21 14:55:32 | 000,038,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompPkgSup.dll
[2017/03/15 10:31:39 | 001,456,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2017/03/15 10:31:39 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanui.dll
[2017/03/15 10:31:38 | 002,458,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themecpl.dll
[2017/03/15 10:31:38 | 001,543,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmc.exe
[2017/03/15 10:31:38 | 001,228,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2017/03/15 10:31:38 | 000,965,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2017/03/15 10:31:38 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasgcw.dll
[2017/03/15 10:31:38 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mprddm.dll
[2017/03/15 10:31:38 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.Search.dll
[2017/03/15 10:31:38 | 000,632,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sud.dll
[2017/03/15 10:31:38 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\main.cpl
[2017/03/15 10:31:38 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll
[2017/03/15 10:31:38 | 000,510,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PhotoScreensaver.scr
[2017/03/15 10:31:38 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2017/03/15 10:31:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msutb.dll
[2017/03/15 10:31:38 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\input.dll
[2017/03/15 10:31:38 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mscandui.dll
[2017/03/15 10:31:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scksp.dll
[2017/03/15 10:31:38 | 000,173,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\basecsp.dll
[2017/03/15 10:31:38 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msctfui.dll
[2017/03/15 10:31:38 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msctfp.dll
[2017/03/15 10:31:36 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hgcpl.dll
[2017/03/15 10:31:36 | 000,570,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll
[2017/03/15 10:31:36 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2017/03/15 10:31:36 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\resutils.dll
[2017/03/15 10:31:35 | 001,320,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll
[2017/03/15 10:31:35 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PCPTpm12.dll
[2017/03/15 10:31:35 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxclu.dll
[2017/03/15 10:31:35 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcuiu.dll
[2017/03/15 10:31:35 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BrowserSettingSync.dll
[2017/03/15 10:31:34 | 002,748,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2017/03/15 10:31:34 | 002,643,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2017/03/15 10:31:34 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2017/03/15 10:31:34 | 001,969,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hevcdecoder.dll
[2017/03/15 10:31:34 | 001,323,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_fs.dll
[2017/03/15 10:31:34 | 001,137,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_health.dll
[2017/03/15 10:31:34 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2017/03/15 10:31:34 | 000,760,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appwiz.cpl
[2017/03/15 10:31:34 | 000,719,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_sr.dll
[2017/03/15 10:31:34 | 000,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssvp.dll
[2017/03/15 10:31:34 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2017/03/15 10:31:34 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidprov.dll
[2017/03/15 10:31:34 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\azroleui.dll
[2017/03/15 10:31:34 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Search.ProtocolHandler.MAPI2.dll
[2017/03/15 10:31:34 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll
[2017/03/15 10:31:34 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssitlb.dll
[2017/03/15 10:31:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Gaming.UI.GameBar.dll
[2017/03/15 10:31:34 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XInputUap.dll
[2017/03/15 10:31:33 | 004,557,824 | ---- | C] (Microsoft) -- C:\WINDOWS\SysWow64\dbgeng.dll
[2017/03/15 10:31:33 | 001,557,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2017/03/15 10:31:33 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2017/03/15 10:31:33 | 001,293,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPDMC.exe
[2017/03/15 10:31:33 | 000,781,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2017/03/15 10:31:33 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMVSENCD.DLL
[2017/03/15 10:31:27 | 007,626,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2017/03/15 10:31:27 | 003,478,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbon.dll
[2017/03/15 10:31:27 | 002,153,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\storagewmi.dll
[2017/03/15 10:31:27 | 001,362,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmpmde.dll
[2017/03/15 10:31:27 | 001,231,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wcnwiz.dll
[2017/03/15 10:31:27 | 001,154,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Pimstore.dll
[2017/03/15 10:31:27 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Unistore.dll
[2017/03/15 10:31:27 | 000,858,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EmailApis.dll
[2017/03/15 10:31:27 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ContactApis.dll
[2017/03/15 10:31:27 | 000,822,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2017/03/15 10:31:27 | 000,711,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2017/03/15 10:31:27 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppointmentApis.dll
[2017/03/15 10:31:27 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2017/03/15 10:31:27 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ChatApis.dll
[2017/03/15 10:31:27 | 000,549,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SHCore.dll
[2017/03/15 10:31:27 | 000,493,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2017/03/15 10:31:27 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TpmCoreProvisioning.dll
[2017/03/15 10:31:27 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
[2017/03/15 10:31:27 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.dll
[2017/03/15 10:31:27 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2017/03/15 10:31:27 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WsmWmiPl.dll
[2017/03/15 10:31:27 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cemapi.dll
[2017/03/15 10:31:27 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tcpipcfg.dll
[2017/03/15 10:31:27 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netiohlp.dll
[2017/03/15 10:31:27 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VCardParser.dll
[2017/03/15 10:31:27 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDeviceRegistration.Ngc.dll
[2017/03/15 10:31:27 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
[2017/03/15 10:31:27 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LaunchWinApp.exe
[2017/03/15 10:31:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tbauth.dll
[2017/03/15 10:31:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netiougc.exe
[2017/03/15 10:31:27 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBrokerCookies.exe
[2017/03/15 10:31:26 | 008,886,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OneDriveSetup.exe
[2017/03/15 10:31:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll
[2017/03/15 10:31:26 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iprtrmgr.dll
[2017/03/15 10:31:26 | 000,525,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PrintDialogs.dll
[2017/03/15 10:31:26 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.BackgroundMediaPlayback.dll
[2017/03/15 10:31:26 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll
[2017/03/15 10:31:26 | 000,313,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanapi.dll
[2017/03/15 10:31:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiapi.dll
[2017/03/15 10:31:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ProximityCommon.dll
[2017/03/15 10:31:26 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DafPrintProvider.dll
[2017/03/15 10:31:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\findnetprinters.dll
[2017/03/15 10:31:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wfdprov.dll
[2017/03/15 10:31:24 | 001,299,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSVPXENC.dll
[2017/03/15 10:31:23 | 002,740,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2017/03/15 10:31:23 | 002,206,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2017/03/15 10:31:23 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSVP9DEC.dll
[2017/03/15 10:31:22 | 001,123,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2017/03/15 10:31:22 | 000,976,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfds.dll
[2017/03/15 10:31:22 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmkvsrcsnk.dll
[2017/03/15 10:31:22 | 000,374,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFPlay.dll
[2017/03/15 10:31:21 | 012,349,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2017/03/15 10:31:20 | 000,952,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2017/03/15 10:31:20 | 000,530,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mf.dll
[2017/03/15 10:31:19 | 005,380,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll
[2017/03/15 10:31:19 | 002,363,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapRouter.dll
[2017/03/15 10:31:19 | 002,109,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapGeocoder.dll
[2017/03/15 10:31:19 | 001,709,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActiveSyncProvider.dll
[2017/03/15 10:31:19 | 001,357,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSPhotography.dll
[2017/03/15 10:31:19 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LogonController.dll
[2017/03/15 10:31:19 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll
[2017/03/15 10:31:19 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2017/03/15 10:31:19 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DavSyncProvider.dll
[2017/03/15 10:31:19 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapConfiguration.dll
[2017/03/15 10:31:19 | 000,321,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppHost.exe
[2017/03/15 10:31:19 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\accountaccessor.dll
[2017/03/15 10:31:19 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
[2017/03/15 10:31:19 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\indexeddbserver.dll
[2017/03/15 10:31:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCCSEngineShared.dll
[2017/03/15 10:31:16 | 013,873,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2017/03/15 10:31:16 | 004,423,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2017/03/15 10:31:16 | 004,312,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2017/03/15 10:31:16 | 002,484,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll
[2017/03/15 10:31:16 | 002,277,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2017/03/15 10:31:16 | 001,993,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2017/03/15 10:31:16 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
[2017/03/15 10:31:16 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontext.dll
[2017/03/15 10:31:16 | 000,753,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\imapi2fs.dll
[2017/03/15 10:31:16 | 000,640,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\evr.dll
[2017/03/15 10:31:16 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uReFS.dll
[2017/03/15 10:31:16 | 000,248,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\policymanager.dll
[2017/03/15 10:31:16 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpcore6.dll
[2017/03/15 10:31:15 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2017/03/15 10:31:15 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudBackupSettings.dll
[2017/03/15 10:31:15 | 000,192,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aepic.dll
[2017/03/15 10:31:15 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BcastDVRHelper.dll
[2017/03/15 10:31:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CameraCaptureUI.dll
[2017/03/15 10:29:57 | 003,405,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2017/03/15 10:29:57 | 002,538,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2017/03/15 10:29:57 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssvp.dll
[2017/03/15 10:29:57 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StructuredQuery.dll
[2017/03/15 10:29:57 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Search.ProtocolHandler.MAPI2.dll
[2017/03/15 10:29:57 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2017/03/15 10:29:57 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssphtb.dll
[2017/03/15 10:29:57 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFilterHost.exe
[2017/03/15 10:29:57 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll
[2017/03/15 10:29:57 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssitlb.dll
[2017/03/15 10:29:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryBroker.dll
[2017/03/15 10:29:56 | 001,507,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.FaceAnalysis.dll
[2017/03/15 10:29:56 | 001,025,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XboxNetApiSvc.dll
[2017/03/15 10:29:56 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidprov.dll
[2017/03/15 10:29:56 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XblGameSaveExt.dll
[2017/03/15 10:29:56 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Gaming.UI.GameBar.dll
[2017/03/15 10:29:56 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XInputUap.dll
[2017/03/15 10:29:53 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2017/03/15 10:29:53 | 000,116,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\icfupgd.dll
[2017/03/15 10:29:45 | 002,186,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hevcdecoder.dll
[2017/03/15 10:29:45 | 000,130,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storahci.sys
[2017/03/15 10:29:44 | 001,656,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2017/03/15 10:29:43 | 001,016,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XblAuthManager.dll
[2017/03/15 10:29:42 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wwanmm.dll
[2017/03/15 10:29:42 | 000,527,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWanAPI.dll
[2017/03/15 10:29:42 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wwanconn.dll
[2017/03/15 10:29:42 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CfgSPCellular.dll
[2017/03/15 10:29:42 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EnterpriseAPNCsp.dll
[2017/03/15 10:29:42 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CspCellularSettings.dll
[2017/03/15 10:29:41 | 003,289,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2017/03/15 10:29:41 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_health.dll
[2017/03/15 10:29:41 | 000,947,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_sr.dll
[2017/03/15 10:29:40 | 002,512,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMVDECOD.DLL
[2017/03/15 10:29:40 | 001,913,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_fs.dll
[2017/03/15 10:29:40 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPDMC.exe
[2017/03/15 10:29:40 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanui.dll
[2017/03/15 10:29:40 | 000,342,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll
[2017/03/15 10:29:39 | 000,404,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSetupUI.dll
[2017/03/15 10:29:38 | 001,694,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2017/03/15 10:29:38 | 001,117,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2017/03/15 10:29:37 | 001,726,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2017/03/15 10:29:36 | 005,384,192 | ---- | C] (Microsoft) -- C:\WINDOWS\SysNative\dbgeng.dll
[2017/03/15 10:29:36 | 002,049,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2017/03/15 10:29:36 | 001,562,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vssapi.dll
[2017/03/15 10:29:36 | 001,348,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wifinetworkmanager.dll
[2017/03/15 10:29:36 | 001,293,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcnwiz.dll
[2017/03/15 10:29:36 | 000,857,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2017/03/15 10:29:36 | 000,715,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcmsvc.dll
[2017/03/15 10:29:36 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WsmWmiPl.dll
[2017/03/15 10:29:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2017/03/15 10:29:35 | 004,060,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbon.dll
[2017/03/15 10:29:35 | 001,399,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Pimstore.dll
[2017/03/15 10:29:35 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2017/03/15 10:29:35 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserLanguagesCpl.dll
[2017/03/15 10:29:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cemapi.dll
[2017/03/15 10:29:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DuCsps.dll
[2017/03/15 10:29:35 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usoapi.dll
[2017/03/15 10:29:35 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Shell.dll
[2017/03/15 10:29:34 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2017/03/15 10:29:34 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PimIndexMaintenance.dll
[2017/03/15 10:29:34 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll
[2017/03/15 10:29:33 | 001,512,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDataService.dll
[2017/03/15 10:29:33 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Unistore.dll
[2017/03/15 10:29:33 | 001,013,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ContactApis.dll
[2017/03/15 10:29:33 | 000,771,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppointmentApis.dll
[2017/03/15 10:29:33 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ChatApis.dll
[2017/03/15 10:29:33 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExSMime.dll
[2017/03/15 10:29:33 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VCardParser.dll
[2017/03/15 10:29:32 | 002,512,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\themecpl.dll
[2017/03/15 10:29:32 | 000,971,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2017/03/15 10:29:32 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TabletPC.cpl
[2017/03/15 10:29:32 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TpmCoreProvisioning.dll
[2017/03/15 10:29:32 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.dll
[2017/03/15 10:29:32 | 000,409,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2017/03/15 10:29:32 | 000,322,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\input.dll
[2017/03/15 10:29:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\thumbcache.dll
[2017/03/15 10:29:32 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mscandui.dll
[2017/03/15 10:29:32 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tapi32.dll
[2017/03/15 10:29:32 | 000,219,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IPHLPAPI.DLL
[2017/03/15 10:29:32 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netiohlp.dll
[2017/03/15 10:29:32 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Tabbtn.dll
[2017/03/15 10:29:32 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tabcal.exe
[2017/03/15 10:29:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MultiDigiMon.exe
[2017/03/15 10:29:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LaunchWinApp.exe
[2017/03/15 10:29:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netiougc.exe
[2017/03/15 10:29:31 | 001,817,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ResetEngine.dll
[2017/03/15 10:29:31 | 001,416,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2017/03/15 10:29:31 | 001,082,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2017/03/15 10:29:31 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sud.dll
[2017/03/15 10:29:31 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msutb.dll
[2017/03/15 10:29:31 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\systemreset.exe
[2017/03/15 10:29:31 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RADCUI.dll
[2017/03/15 10:29:31 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctfp.dll
[2017/03/15 10:29:31 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctfui.dll
[2017/03/15 10:29:30 | 002,860,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storagewmi.dll
[2017/03/15 10:29:30 | 000,509,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2017/03/15 10:29:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2017/03/15 10:29:30 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2017/03/15 10:29:29 | 001,536,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SpeechPal.dll
[2017/03/15 10:29:27 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scksp.dll
[2017/03/15 10:29:27 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2017/03/15 10:29:27 | 000,201,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\basecsp.dll
[2017/03/15 10:29:26 | 000,681,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SHCore.dll
[2017/03/15 10:29:25 | 001,312,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorDataService.exe
[2017/03/15 10:29:25 | 000,578,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2017/03/15 10:29:25 | 000,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2017/03/15 10:29:25 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneDriveSettingSyncProvider.dll
[2017/03/15 10:29:25 | 000,137,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthHost.exe
[2017/03/15 10:29:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MediaFoundation.DefaultPerceptionProvider.dll
[2017/03/15 10:29:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBrokerCookies.exe
[2017/03/15 10:29:24 | 004,746,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2017/03/15 10:29:24 | 001,189,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdengin2.dll
[2017/03/15 10:29:24 | 001,000,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SecConfig.efi
[2017/03/15 10:29:24 | 000,591,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2017/03/15 10:29:24 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2017/03/15 10:29:24 | 000,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NgcCtnrSvc.dll
[2017/03/15 10:29:24 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdshext.dll
[2017/03/15 10:29:24 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tbauth.dll
[2017/03/15 10:29:23 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SpaceControl.dll
[2017/03/15 10:29:23 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spaceman.exe
[2017/03/15 10:29:22 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.UserAccountsHandlers.dll
[2017/03/15 10:29:22 | 000,495,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DataSenseHandlers.dll
[2017/03/15 10:29:21 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Credentials.UI.UserConsentVerifier.dll
[2017/03/15 10:29:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BluetoothDesktopHandlers.dll
[2017/03/15 10:29:20 | 001,092,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ApplicationFrame.dll
[2017/03/15 10:29:20 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Flights.dll
[2017/03/15 10:29:19 | 002,852,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsThresholdAdminFlowUI.dll
[2017/03/15 10:29:19 | 000,947,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.Handlers.dll
[2017/03/15 10:29:19 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_WorkAccess.dll
[2017/03/15 10:29:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SpaceAgent.exe
[2017/03/15 10:29:14 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasgcw.dll
[2017/03/15 10:29:14 | 000,858,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mprddm.dll
[2017/03/15 10:29:14 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vpnike.dll
[2017/03/15 10:29:14 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iprtrmgr.dll
[2017/03/15 10:29:14 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rascustom.dll
[2017/03/15 10:29:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RelPost.exe
[2017/03/15 10:29:13 | 001,891,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pnidui.dll
[2017/03/15 10:29:13 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PrintDialogs.dll
[2017/03/15 10:29:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PrintDialogs3D.dll
[2017/03/15 10:29:12 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wpc.dll
[2017/03/15 10:29:12 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhotoScreensaver.scr
[2017/03/15 10:29:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winspool.drv
[2017/03/15 10:29:12 | 000,108,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2017/03/15 10:29:11 | 001,723,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe
[2017/03/15 10:29:11 | 001,366,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2017/03/15 10:29:11 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll
[2017/03/15 10:29:11 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiapi.dll
[2017/03/15 10:29:11 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DafPrintProvider.dll
[2017/03/15 10:29:10 | 000,820,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PrintRenderAPIHost.DLL
[2017/03/15 10:29:10 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlansec.dll
[2017/03/15 10:29:10 | 000,396,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanapi.dll
[2017/03/15 10:29:10 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wfdprov.dll
[2017/03/15 10:29:09 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntshrui.dll
[2017/03/15 10:29:08 | 002,800,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netshell.dll
[2017/03/15 10:29:08 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.HostName.dll
[2017/03/15 10:29:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ja-JP\ndis.sys.mui
[2017/03/15 10:29:05 | 000,719,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdiWiFi.sys
[2017/03/15 10:29:05 | 000,631,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll
[2017/03/15 10:29:05 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.UX.EapRequestHandler.dll
[2017/03/15 10:29:02 | 006,664,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mspaint.exe
[2017/03/15 10:29:02 | 002,482,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2017/03/15 10:29:02 | 001,291,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVPXENC.dll
[2017/03/15 10:29:00 | 003,202,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2017/03/15 10:29:00 | 001,473,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2017/03/15 10:29:00 | 001,454,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetsrc.dll
[2017/03/15 10:29:00 | 001,063,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfds.dll
[2017/03/15 10:29:00 | 000,960,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\modernexecserver.dll
[2017/03/15 10:29:00 | 000,870,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmkvsrcsnk.dll
[2017/03/15 10:29:00 | 000,443,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MMDevAPI.dll
[2017/03/15 10:29:00 | 000,424,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFPlay.dll
[2017/03/15 10:28:59 | 013,441,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2017/03/15 10:28:59 | 001,062,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2017/03/15 10:28:59 | 000,596,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mf.dll
[2017/03/15 10:28:58 | 007,812,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BingMaps.dll
[2017/03/15 10:28:58 | 003,441,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapRouter.dll
[2017/03/15 10:28:58 | 002,953,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapGeocoder.dll
[2017/03/15 10:28:58 | 001,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsStore.dll
[2017/03/15 10:28:58 | 000,741,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\internetmail.dll
[2017/03/15 10:28:58 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\main.cpl
[2017/03/15 10:28:58 | 000,446,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapConfiguration.dll
[2017/03/15 10:28:58 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DavSyncProvider.dll
[2017/03/15 10:28:58 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\accountaccessor.dll
[2017/03/15 10:28:58 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MCCSEngineShared.dll
[2017/03/15 10:28:58 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshost.dll
[2017/03/15 10:28:57 | 001,937,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mmc.exe
[2017/03/15 10:28:57 | 001,917,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ActiveSyncProvider.dll
[2017/03/15 10:28:57 | 001,762,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSPhotography.dll
[2017/03/15 10:28:57 | 000,811,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFCaptureEngine.dll
[2017/03/15 10:28:57 | 000,809,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.Search.dll
[2017/03/15 10:28:57 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FrameServer.dll
[2017/03/15 10:28:56 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2017/03/15 10:28:56 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll
[2017/03/15 10:28:56 | 000,658,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys
[2017/03/15 10:28:56 | 000,579,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppBroker.dll
[2017/03/15 10:28:56 | 000,382,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppHost.exe
[2017/03/15 10:28:54 | 002,820,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputService.dll
[2017/03/15 10:28:54 | 000,794,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll
[2017/03/15 10:28:54 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TextInputFramework.dll
[2017/03/15 10:28:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\icm32.dll
[2017/03/15 10:28:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imapi2fs.dll
[2017/03/15 10:28:40 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hgcpl.dll
[2017/03/15 10:28:39 | 000,128,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gpapi.dll
[2017/03/15 10:28:38 | 002,611,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gameux.dll
[2017/03/15 10:28:37 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcfg.dll
[2017/03/15 10:28:36 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\clusapi.dll
[2017/03/15 10:28:36 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\resutils.dll
[2017/03/15 10:28:35 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uReFS.dll
[2017/03/15 10:28:34 | 004,708,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll
[2017/03/15 10:28:34 | 004,674,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2017/03/15 10:28:34 | 000,450,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\werui.dll
[2017/03/15 10:28:33 | 001,280,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\werconcpl.dll
[2017/03/15 10:28:33 | 000,755,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\evr.dll
[2017/03/15 10:28:32 | 001,837,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\workfolderssvc.dll
[2017/03/15 10:28:32 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkfoldersControl.dll
[2017/03/15 10:28:32 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersShell.dll
[2017/03/15 10:28:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFoldersGPExt.dll
[2017/03/15 10:28:32 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WorkFolders.exe
[2017/03/15 10:28:31 | 001,714,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dui70.dll
[2017/03/15 10:28:31 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DXP.dll
[2017/03/15 10:28:30 | 000,646,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2017/03/15 10:28:30 | 000,635,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2017/03/15 10:28:30 | 000,523,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DMRServer.dll
[2017/03/15 10:28:30 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ddrawex.dll
[2017/03/15 10:28:29 | 002,828,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2017/03/15 10:28:29 | 000,579,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ddraw.dll
[2017/03/15 10:28:28 | 017,198,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2017/03/15 10:28:28 | 002,475,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2017/03/15 10:28:28 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Resources.dll
[2017/03/15 10:28:28 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dhcpcore6.dll
[2017/03/15 10:28:28 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dialclient.dll
[2017/03/15 10:28:26 | 000,567,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2017/03/15 10:28:26 | 000,038,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2017/03/15 10:28:25 | 000,315,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcntel.dll
[2017/03/15 10:28:24 | 002,287,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2017/03/15 10:28:24 | 000,821,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll
[2017/03/15 10:28:24 | 000,063,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dam.sys
[2017/03/15 10:28:21 | 000,266,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\policymanager.dll
[2017/03/15 10:28:18 | 000,655,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2017/03/15 10:28:18 | 000,086,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2017/03/15 10:28:17 | 002,913,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2017/03/15 10:28:16 | 000,635,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2017/03/15 10:28:16 | 000,379,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2017/03/15 10:28:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CameraCaptureUI.dll
[2017/03/15 10:28:01 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredProvDataModel.dll
[2017/03/15 10:27:59 | 001,639,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comsvcs.dll
[2017/03/15 10:27:58 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Cortana.Desktop.dll
[2017/03/15 10:27:58 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Cortana.OneCore.dll
[2017/03/15 10:27:52 | 003,753,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bootux.dll
[2017/03/15 10:27:52 | 000,770,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2017/03/15 10:27:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BrowserSettingSync.dll
[2017/03/15 10:27:50 | 001,051,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2017/03/15 10:27:50 | 000,894,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2017/03/15 10:27:50 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BootMenuUX.dll
[2017/03/15 10:27:50 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudBackupSettings.dll
[2017/03/15 10:27:49 | 001,354,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2017/03/15 10:27:49 | 001,172,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2017/03/15 10:27:43 | 000,623,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PCPTpm12.dll
[2017/03/15 10:27:41 | 000,590,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2017/03/15 10:27:41 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXApplicabilityBlob.dll
[2017/03/15 10:27:40 | 000,828,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl
[2017/03/15 10:27:36 | 000,881,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2017/03/15 10:27:36 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tzautoupdate.dll
[2017/03/15 10:27:34 | 000,242,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2017/03/15 10:27:31 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\daxexec.dll
[2017/03/15 10:27:30 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppReadiness.dll
[2017/03/15 10:27:22 | 000,110,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hvsocket.sys
[2017/03/15 10:27:22 | 000,080,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\vmbkmcl.sys
[2017/03/15 10:27:21 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\vmbkmclr.sys
[2017/03/15 10:27:20 | 000,811,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvloader.exe
[2017/03/15 10:27:19 | 000,947,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvloader.efi
[2017/03/15 10:27:18 | 000,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\icsvcext.dll
[2017/03/15 10:27:14 | 000,557,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2017/03/15 10:27:14 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\xboxgip.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

ペソネ
2017/04/13 (Thu) 22:26:58

返信フォームへ

Re: レジストリに異変？

ログ7

[2017/04/13 21:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\imagawa\Desktop\OTL.exe
[2017/04/13 21:30:10 | 1632,657,408 | -HS- | M] () -- C:\hiberfil.sys
[2017/04/13 21:30:09 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/04/13 20:18:15 | 001,913,826 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017/04/13 20:18:15 | 000,810,338 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017/04/13 20:18:15 | 000,667,414 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2017/04/13 20:18:15 | 000,212,396 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2017/04/13 20:18:15 | 000,210,856 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017/04/13 19:06:18 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/04/13 07:31:41 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2017/04/13 06:41:15 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/04/12 08:11:19 | 000,220,016 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017/04/11 14:26:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2017/04/11 14:26:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Ps2Led_01005.Wdf
[2017/04/11 10:46:22 | 000,251,832 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\6A7253DD.sys
[2017/04/11 10:41:15 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/04/11 10:04:41 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\スタートアップツール.lnk
[2017/04/11 10:04:41 | 000,002,635 | ---- | M] () -- C:\Users\Public\Desktop\スタートアップツール.lnk
[2017/04/11 10:04:17 | 000,001,372 | ---- | M] () -- C:\Users\Public\Desktop\セキュリティ対策ツール.lnk
[2017/04/11 10:00:47 | 000,000,062 | ---- | M] () -- C:\WINDOWS\SysNative\SupportTool.exe.bat
[2017/04/11 09:59:50 | 000,000,036 | ---- | M] () -- C:\Users\imagawa\AppData\Local\housecall.guid.cache
[2017/04/11 09:56:39 | 000,001,187 | ---- | M] () -- C:\Users\imagawa\Desktop\セキュリティ申込・設定ツール.lnk
[2017/04/11 09:04:46 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/04/10 23:45:18 | 000,015,425 | ---- | M] () -- C:\WINDOWS\SysNative\OEMDefaultAssociations.xml
[2017/04/10 22:03:45 | 000,144,476 | ---- | M] () -- C:\WINDOWS\SysNative\perfi011.dat
[2017/04/10 22:03:45 | 000,033,362 | ---- | M] () -- C:\WINDOWS\SysNative\perfd011.dat
[2017/04/10 21:52:03 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msclmd.dll
[2017/04/10 21:52:03 | 000,000,741 | ---- | M] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2017/04/10 21:51:59 | 000,215,943 | ---- | M] () -- C:\WINDOWS\SysWow64\dssec.dat
[2017/04/10 21:51:46 | 000,017,463 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\services
[2017/04/10 21:51:46 | 000,003,683 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\lmhosts.sam
[2017/04/10 21:51:46 | 000,001,358 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\protocol
[2017/04/10 21:51:46 | 000,000,824 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2017/04/10 21:51:46 | 000,000,407 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\networks
[2017/04/10 21:51:38 | 000,000,741 | ---- | M] () -- C:\WINDOWS\SysNative\NOISE.DAT
[2017/04/10 21:51:37 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msclmd.dll
[2017/04/10 21:51:33 | 000,215,943 | ---- | M] () -- C:\WINDOWS\SysNative\dssec.dat
[2017/04/10 21:51:32 | 000,000,858 | ---- | M] () -- C:\WINDOWS\SysNative\DefaultQuestions.json
[2017/04/10 21:51:22 | 000,296,742 | ---- | M] () -- C:\WINDOWS\SysNative\perfi009.dat
[2017/04/10 21:51:22 | 000,033,362 | ---- | M] () -- C:\WINDOWS\SysNative\perfd009.dat
[2017/04/10 21:45:49 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\poqexec.exe
[2017/04/10 21:43:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\poqexec.exe
[2017/04/02 03:52:38 | 000,835,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/04/02 03:52:38 | 000,177,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2017/03/28 16:10:28 | 000,315,744 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2017/03/28 15:36:11 | 000,142,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2017/03/28 15:36:08 | 000,343,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2017/03/28 15:36:05 | 001,617,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2017/03/28 15:36:05 | 001,294,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2017/03/28 15:36:05 | 000,565,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2017/03/28 15:35:59 | 000,379,232 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2017/03/28 15:32:26 | 000,198,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wscapi.dll
[2017/03/28 15:29:11 | 002,213,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2017/03/28 15:28:05 | 007,786,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2017/03/28 15:28:03 | 000,773,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2017/03/28 15:26:21 | 000,603,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ContentDeliveryManager.Utilities.dll
[2017/03/28 15:26:11 | 000,218,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LsaIso.exe
[2017/03/28 15:22:07 | 002,681,200 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2017/03/28 15:21:27 | 000,167,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscapi.dll
[2017/03/28 15:20:43 | 002,717,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PrintConfig.dll
[2017/03/28 15:20:11 | 000,764,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CoreMessaging.dll
[2017/03/28 15:15:53 | 002,048,496 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2017/03/28 15:12:54 | 000,328,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll
[2017/03/28 15:11:30 | 000,360,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe
[2017/03/28 15:11:14 | 001,860,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2017/03/28 15:11:11 | 001,738,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2017/03/28 15:11:09 | 000,402,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2017/03/28 15:10:53 | 000,178,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostUser.dll
[2017/03/28 15:10:44 | 001,157,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll
[2017/03/28 15:10:42 | 000,146,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostCommon.dll
[2017/03/28 15:10:41 | 007,220,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll
[2017/03/28 15:10:29 | 001,293,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2017/03/28 15:09:48 | 000,097,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Credentials.UI.CredentialPicker.dll
[2017/03/28 15:09:18 | 000,682,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wer.dll
[2017/03/28 15:08:48 | 001,100,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvix64.exe
[2017/03/28 15:08:43 | 001,267,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2017/03/28 15:08:39 | 000,989,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvax64.exe
[2017/03/28 15:07:35 | 000,263,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
[2017/03/28 15:06:47 | 000,092,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll
[2017/03/28 15:05:31 | 004,260,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2017/03/28 15:05:29 | 008,168,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2017/03/28 15:05:17 | 001,702,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2017/03/28 15:05:15 | 001,848,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsrcsnk.dll
[2017/03/28 15:05:14 | 001,988,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2017/03/28 15:05:14 | 001,072,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2017/03/28 15:05:11 | 001,302,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2017/03/28 15:04:58 | 001,431,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2017/03/28 15:04:54 | 001,276,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2017/03/28 15:04:53 | 000,136,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudExperienceHostUser.dll
[2017/03/28 15:04:39 | 000,116,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
[2017/03/28 15:04:38 | 005,721,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll
[2017/03/28 15:04:32 | 000,975,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.appcore.dll
[2017/03/28 15:04:31 | 000,861,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2017/03/28 15:04:31 | 000,241,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHost.dll
[2017/03/28 15:04:30 | 000,160,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostBroker.dll
[2017/03/28 15:04:17 | 001,600,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2017/03/28 15:02:55 | 000,576,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wer.dll
[2017/03/28 15:02:01 | 000,846,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2017/03/28 15:00:09 | 001,569,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2017/03/28 15:00:05 | 000,628,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2017/03/28 14:59:11 | 006,667,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2017/03/28 14:59:01 | 004,023,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2017/03/28 14:58:59 | 001,851,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2017/03/28 14:58:53 | 001,360,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2017/03/28 14:58:53 | 001,344,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsrcsnk.dll
[2017/03/28 14:58:53 | 000,981,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2017/03/28 14:58:52 | 001,277,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2017/03/28 14:58:50 | 001,202,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2017/03/28 14:58:45 | 000,387,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpps.dll
[2017/03/28 14:58:44 | 000,372,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.MediaControl.dll
[2017/03/28 14:53:54 | 001,414,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2017/03/28 14:53:54 | 000,545,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2017/03/28 14:52:00 | 000,306,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.MediaControl.dll
[2017/03/28 14:48:07 | 005,685,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2017/03/28 14:44:50 | 007,216,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2017/03/28 14:42:28 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
[2017/03/28 14:42:06 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usoapi.dll
[2017/03/28 14:41:51 | 000,372,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll
[2017/03/28 14:41:51 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\odbcconf.dll
[2017/03/28 14:40:58 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XblAuthManagerProxy.dll
[2017/03/28 14:40:53 | 000,037,376 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll
[2017/03/28 14:40:19 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExSMime.dll
[2017/03/28 14:39:48 | 000,141,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
[2017/03/28 14:39:17 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBrokerUI.dll
[2017/03/28 14:38:37 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2017/03/28 14:38:36 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XblAuthTokenBrokerExt.dll
[2017/03/28 14:38:26 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDataTimeUtil.dll
[2017/03/28 14:38:17 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbonRes.dll
[2017/03/28 14:38:05 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
[2017/03/28 14:37:58 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DisplayManager.dll
[2017/03/28 14:37:47 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Diagnostics.dll
[2017/03/28 14:37:46 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.HostName.dll
[2017/03/28 14:37:39 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DdcWnsListener.dll
[2017/03/28 14:37:29 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apds.dll
[2017/03/28 14:37:29 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.System.SystemManagement.dll
[2017/03/28 14:37:29 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XblAuthManagerProxy.dll
[2017/03/28 14:37:29 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\musdialoghandlers.dll
[2017/03/28 14:37:19 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\unimdm.tsp
[2017/03/28 14:37:09 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BasicRender.sys
[2017/03/28 14:37:05 | 022,568,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2017/03/28 14:36:56 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\odbcconf.dll
[2017/03/28 14:36:52 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BasicDisplay.sys
[2017/03/28 14:36:50 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbonRes.dll
[2017/03/28 14:36:49 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinRtTracing.dll
[2017/03/28 14:36:42 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
[2017/03/28 14:36:38 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2017/03/28 14:36:34 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.SerialCommunication.dll
[2017/03/28 14:36:33 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.System.UserDeviceAssociation.dll
[2017/03/28 14:36:30 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2017/03/28 14:36:19 | 000,045,056 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll
[2017/03/28 14:36:13 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Diagnostics.dll
[2017/03/28 14:36:06 | 000,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ipsecsnp.dll
[2017/03/28 14:36:02 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RdpRelayTransport.dll
[2017/03/28 14:35:59 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.System.SystemManagement.dll
[2017/03/28 14:35:59 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotificationUx.exe
[2017/03/28 14:35:53 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
[2017/03/28 14:35:48 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
[2017/03/28 14:35:46 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe
[2017/03/28 14:35:31 | 000,505,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bcastdvr.exe
[2017/03/28 14:35:28 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Printers.dll
[2017/03/28 14:35:24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2017/03/28 14:35:19 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Gaming.Input.dll
[2017/03/28 14:35:17 | 000,113,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Lights.dll
[2017/03/28 14:35:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2017/03/28 14:35:11 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppointmentActivation.dll
[2017/03/28 14:35:10 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DisplayManager.dll
[2017/03/28 14:35:09 | 000,315,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Gaming.XboxLive.Storage.dll
[2017/03/28 14:35:03 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2017/03/28 14:35:03 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Family.Client.dll
[2017/03/28 14:35:02 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.LowLevel.dll
[2017/03/28 14:34:55 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmcertinst.exe
[2017/03/28 14:34:50 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Family.SyncEngine.dll
[2017/03/28 14:34:49 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_ClosedCaptioning.dll
[2017/03/28 14:34:47 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XblAuthTokenBrokerExt.dll
[2017/03/28 14:34:43 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
[2017/03/28 14:34:43 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\unimdm.tsp
[2017/03/28 14:34:32 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncSettings.dll
[2017/03/28 14:34:20 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.ServiceDiscovery.Dnssd.dll
[2017/03/28 14:34:07 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Core.dll
[2017/03/28 14:34:01 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AuthBroker.dll
[2017/03/28 14:33:59 | 000,557,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2017/03/28 14:33:56 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFi.dll
[2017/03/28 14:33:55 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinRtTracing.dll
[2017/03/28 14:33:54 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDeviceRegistration.Ngc.dll
[2017/03/28 14:33:51 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ipsmsnap.dll
[2017/03/28 14:33:51 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.System.UserDeviceAssociation.dll
[2017/03/28 14:33:49 | 000,265,728 | ---- | M] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2017/03/28 14:33:49 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDeviceRegistration.dll
[2017/03/28 14:33:44 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceDirectoryClient.dll
[2017/03/28 14:33:40 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Core.dll
[2017/03/28 14:33:18 | 000,467,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Gaming.XboxLive.Storage.dll
[2017/03/28 14:33:07 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryClient.dll
[2017/03/28 14:33:06 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
[2017/03/28 14:33:02 | 000,670,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.PointOfService.dll
[2017/03/28 14:33:02 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Import.dll
[2017/03/28 14:32:49 | 001,243,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.FaceAnalysis.dll
[2017/03/28 14:32:48 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2017/03/28 14:32:45 | 000,306,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2017/03/28 14:32:40 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Identity.Provider.dll
[2017/03/28 14:32:37 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
[2017/03/28 14:32:37 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFiDirect.dll
[2017/03/28 14:32:37 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
[2017/03/28 14:32:32 | 000,298,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Management.dll
[2017/03/28 14:32:28 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WwaApi.dll
[2017/03/28 14:32:27 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Bluetooth.dll
[2017/03/28 14:32:25 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Radios.dll
[2017/03/28 14:32:23 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FlightSettings.dll
[2017/03/28 14:32:20 | 000,368,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneBackupHandler.dll
[2017/03/28 14:32:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\deviceaccess.dll
[2017/03/28 14:32:20 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\vaultcli.dll
[2017/03/28 14:32:17 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.SmartCards.dll
[2017/03/28 14:32:14 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepsync.dll
[2017/03/28 14:32:07 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Scanners.dll
[2017/03/28 14:32:03 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepapi.dll
[2017/03/28 14:31:58 | 000,418,304 | ---- | M] () -- C:\WINDOWS\SysNative\Windows.Perception.Stub.dll
[2017/03/28 14:31:51 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Gaming.Input.dll
[2017/03/28 14:31:51 | 000,431,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efswrt.dll
[2017/03/28 14:31:51 | 000,390,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredProvDataModel.dll
[2017/03/28 14:31:43 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mbsmsapi.dll
[2017/03/28 14:31:31 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2017/03/28 14:31:25 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudDomainJoinDataModelServer.dll
[2017/03/28 14:31:23 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2017/03/28 14:31:18 | 000,418,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.BlockedShutdown.dll
[2017/03/28 14:31:18 | 000,343,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.SmartCards.Phone.dll
[2017/03/28 14:31:15 | 000,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeveloperOptionsSettingsHandlers.dll
[2017/03/28 14:31:12 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.SerialCommunication.dll
[2017/03/28 14:31:10 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2017/03/28 14:31:10 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2017/03/28 14:31:08 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Lights.dll
[2017/03/28 14:31:07 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkBindingEngineMigPlugin.dll
[2017/03/28 14:31:06 | 000,711,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2017/03/28 14:30:59 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Picker.dll
[2017/03/28 14:30:55 | 000,819,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppContracts.dll
[2017/03/28 14:30:46 | 000,505,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFiDirect.dll
[2017/03/28 14:30:34 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBrokerUI.dll
[2017/03/28 14:30:24 | 000,787,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sbe.dll
[2017/03/28 14:30:23 | 000,651,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.AllJoyn.dll
[2017/03/28 14:30:20 | 000,239,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafpos.dll
[2017/03/28 14:30:15 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2017/03/28 14:30:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WebcamUi.dll
[2017/03/28 14:30:09 | 000,692,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CellularAPI.dll
[2017/03/28 14:30:09 | 000,568,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.LowLevel.dll
[2017/03/28 14:30:03 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2017/03/28 14:30:02 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\updatepolicy.dll
[2017/03/28 14:29:57 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.HumanInterfaceDevice.dll
[2017/03/28 14:29:56 | 000,912,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.SmartCards.dll
[2017/03/28 14:29:55 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2017/03/28 14:29:51 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll
[2017/03/28 14:29:46 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll
[2017/03/28 14:29:44 | 000,747,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Ocr.dll
[2017/03/28 14:29:43 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatehandlers.dll
[2017/03/28 14:29:42 | 000,379,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepsync.dll
[2017/03/28 14:29:37 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
[2017/03/28 14:29:35 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.LockScreen.dll
[2017/03/28 14:29:33 | 000,267,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vaultcli.dll
[2017/03/28 14:29:32 | 000,852,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Import.dll
[2017/03/28 14:29:32 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2017/03/28 14:29:29 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.dll
[2017/03/28 14:29:29 | 000,260,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgentUserBroker.exe
[2017/03/28 14:29:29 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthBroker.dll
[2017/03/28 14:29:27 | 000,590,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efswrt.dll
[2017/03/28 14:29:13 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncSettings.dll
[2017/03/28 14:29:08 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AboveLockAppHost.dll
[2017/03/28 14:29:07 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleacc.dll
[2017/03/28 14:28:57 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusUpdateHandlers.dll
[2017/03/28 14:28:55 | 000,431,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpAXHolder.dll
[2017/03/28 14:28:50 | 000,456,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2017/03/28 14:28:43 | 000,500,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.dll
[2017/03/28 14:28:36 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Identity.Provider.dll
[2017/03/28 14:28:31 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepapi.dll
[2017/03/28 14:28:28 | 000,358,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.dll
[2017/03/28 14:28:25 | 000,407,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Management.dll
[2017/03/28 14:28:21 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Picker.dll
[2017/03/28 14:28:20 | 000,561,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Wallet.dll
[2017/03/28 14:28:18 | 000,661,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WpcWebFilter.dll
[2017/03/28 14:28:05 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\indexeddbserver.dll
[2017/03/28 14:28:04 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2017/03/28 14:27:54 | 000,949,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.PointOfService.dll
[2017/03/28 14:27:43 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CryptoWinRT.dll
[2017/03/28 14:27:37 | 000,472,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Bluetooth.dll
[2017/03/28 14:27:36 | 001,060,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppContracts.dll
[2017/03/28 14:27:29 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatepolicy.dll
[2017/03/28 14:27:25 | 001,388,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Cred.dll
[2017/03/28 14:27:12 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qedit.dll
[2017/03/28 14:27:12 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WwaApi.dll
[2017/03/28 14:27:11 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mbsmsapi.dll
[2017/03/28 14:27:09 | 000,425,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadcloudap.dll
[2017/03/28 14:27:00 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AccountsRt.dll
[2017/03/28 14:26:53 | 000,437,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Usb.dll
[2017/03/28 14:26:51 | 001,534,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.3D.dll
[2017/03/28 14:26:49 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceaccess.dll
[2017/03/28 14:26:44 | 000,549,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usocore.dll
[2017/03/28 14:26:39 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AboveLockAppHost.dll
[2017/03/28 14:26:36 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.InkControls.dll
[2017/03/28 14:26:08 | 000,642,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.InkControls.dll
[2017/03/28 14:26:03 | 001,145,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EmailApis.dll
[2017/03/28 14:26:01 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2017/03/28 14:25:59 | 000,653,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.AccountsControl.dll
[2017/03/28 14:25:57 | 001,010,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2017/03/28 14:25:54 | 001,196,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscui.cpl
[2017/03/28 14:25:47 | 000,966,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sbe.dll
[2017/03/28 14:25:41 | 018,364,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2017/03/28 14:25:37 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe
[2017/03/28 14:25:34 | 000,963,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebcamUi.dll
[2017/03/28 14:25:07 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.AccountsControl.dll
[2017/03/28 14:24:50 | 006,474,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe
[2017/03/28 14:24:50 | 006,288,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2017/03/28 14:24:36 | 000,675,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2017/03/28 14:24:33 | 004,614,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2017/03/28 14:24:15 | 000,901,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Bluetooth.dll
[2017/03/28 14:24:10 | 000,410,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2017/03/28 14:24:04 | 001,220,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wscui.cpl
[2017/03/28 14:23:58 | 003,733,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2017/03/28 14:23:44 | 000,395,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmenrollengine.dll
[2017/03/28 14:23:28 | 000,886,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aadtb.dll
[2017/03/28 14:23:17 | 009,130,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2017/03/28 14:23:16 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSManMigrationPlugin.dll
[2017/03/28 14:23:15 | 000,589,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2017/03/28 14:22:43 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\enrollmentapi.dll
[2017/03/28 14:22:34 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.DeviceEncryptionHandlers.dll
[2017/03/28 14:22:22 | 000,516,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcli.dll
[2017/03/28 14:22:03 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RTMediaFrame.dll
[2017/03/28 14:21:59 | 000,458,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RTMediaFrame.dll
[2017/03/28 14:21:57 | 001,589,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdtctm.dll
[2017/03/28 14:21:51 | 001,403,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Editing.dll
[2017/03/28 14:21:46 | 000,104,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CastLaunch.dll
[2017/03/28 14:21:45 | 003,778,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2017/03/28 14:21:45 | 001,077,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Editing.dll
[2017/03/28 14:20:56 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmjpegdec.dll
[2017/03/28 14:20:52 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmjpegdec.dll
[2017/03/28 14:20:14 | 003,307,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2017/03/28 14:20:12 | 001,105,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MiracastReceiver.dll
[2017/03/28 14:20:07 | 000,795,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MiracastReceiver.dll
[2017/03/28 14:19:58 | 000,442,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToDevice.dll
[2017/03/28 14:19:56 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToDevice.dll
[2017/03/28 14:19:50 | 000,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnapps.dll
[2017/03/28 14:19:48 | 007,655,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mos.dll
[2017/03/28 14:19:47 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wpnapps.dll
[2017/03/28 14:19:45 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dlnashext.dll
[2017/03/28 14:19:42 | 000,746,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcprx.dll
[2017/03/28 14:19:39 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dlnashext.dll
[2017/03/28 14:19:38 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\flvprophandler.dll
[2017/03/28 14:19:18 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dialclient.dll
[2017/03/28 14:18:48 | 001,908,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AzureSettingSyncProvider.dll
[2017/03/28 14:18:47 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpninprc.dll
[2017/03/28 14:18:23 | 001,255,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
[2017/03/28 14:18:16 | 001,078,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2017/03/28 14:17:48 | 005,114,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdp.dll
[2017/03/28 14:17:47 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2017/03/28 14:17:38 | 006,109,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2017/03/28 14:17:29 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToReceiver.dll
[2017/03/28 14:17:06 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToReceiver.dll
[2017/03/28 14:17:02 | 004,749,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2017/03/28 14:16:58 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ErrorDetails.dll
[2017/03/28 14:16:38 | 003,198,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cdp.dll
[2017/03/28 14:16:36 | 001,217,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Audio.dll
[2017/03/28 14:16:36 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ErrorDetails.dll
[2017/03/28 14:16:33 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vss_ps.dll
[2017/03/28 14:16:07 | 001,221,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
[2017/03/28 14:15:47 | 000,937,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MCRecvSrc.dll
[2017/03/28 14:15:38 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsApi.dll
[2017/03/28 14:15:30 | 001,247,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2017/03/28 14:15:29 | 002,390,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\smartscreen.exe
[2017/03/28 14:15:17 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Devices.dll
[2017/03/28 14:15:11 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.OnlineId.dll
[2017/03/28 14:15:08 | 000,467,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Geolocation.dll
[2017/03/28 14:15:07 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToManager.dll
[2017/03/28 14:15:05 | 000,945,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebFilter.dll
[2017/03/28 14:14:56 | 000,641,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCRecvSrc.dll
[2017/03/28 14:14:54 | 008,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2017/03/28 14:14:49 | 003,520,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsrchvw.exe
[2017/03/28 14:14:48 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll
[2017/03/28 14:14:38 | 000,947,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVP9DEC.dll
[2017/03/28 14:14:36 | 000,869,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2017/03/28 14:14:32 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Devices.dll
[2017/03/28 14:14:29 | 000,400,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToManager.dll
[2017/03/28 14:14:22 | 007,468,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2017/03/28 14:14:21 | 001,643,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll
[2017/03/28 14:14:20 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2017/03/28 14:14:12 | 001,692,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2017/03/28 14:14:07 | 001,080,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Ocr.dll
[2017/03/28 14:14:05 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe
[2017/03/28 14:14:00 | 000,913,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2017/03/28 14:13:56 | 000,460,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Midi.dll
[2017/03/28 14:13:54 | 001,359,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModel.dll
[2017/03/28 14:13:53 | 001,232,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Maps.dll
[2017/03/28 14:13:49 | 002,138,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputService.dll
[2017/03/28 14:13:39 | 006,045,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2017/03/28 14:13:34 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.dll
[2017/03/28 14:13:33 | 004,474,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll
[2017/03/28 14:13:32 | 000,650,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll
[2017/03/28 14:13:24 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.dll
[2017/03/28 14:13:23 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2017/03/28 14:13:22 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2017/03/28 14:13:13 | 001,040,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NaturalLanguage6.dll
[2017/03/28 14:13:08 | 002,095,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2017/03/28 14:13:08 | 001,656,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Perception.dll
[2017/03/28 14:13:04 | 004,596,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\xpsrchvw.exe
[2017/03/28 14:12:55 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CryptoWinRT.dll
[2017/03/28 14:12:48 | 001,004,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll
[2017/03/28 14:12:42 | 000,827,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2017/03/28 14:12:35 | 002,208,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.3D.dll
[2017/03/28 14:12:30 | 005,611,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2017/03/28 14:12:22 | 000,691,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll
[2017/03/28 14:12:22 | 000,598,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.dll
[2017/03/28 14:12:21 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll
[2017/03/28 14:12:20 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll
[2017/03/28 14:12:17 | 000,620,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.dll
[2017/03/28 14:12:16 | 001,013,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2017/03/28 14:12:07 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2017/03/28 14:12:07 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApiPublic.dll
[2017/03/28 14:12:07 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApiPublic.dll
[2017/03/28 14:12:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Midi.dll
[2017/03/28 14:12:02 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.Connectivity.dll
[2017/03/28 14:12:01 | 002,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2017/03/28 14:12:01 | 000,862,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2017/03/28 14:11:47 | 002,646,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CertEnroll.dll
[2017/03/28 14:11:46 | 002,914,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CertEnroll.dll
[2017/03/28 14:11:40 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Phone.dll
[2017/03/28 14:11:27 | 000,765,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2017/03/28 14:11:24 | 001,981,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2017/03/28 14:11:22 | 002,994,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2017/03/28 14:11:09 | 001,275,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Bluetooth.dll
[2017/03/28 14:11:08 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2017/03/28 14:10:48 | 001,637,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2017/03/28 14:10:38 | 008,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2017/03/28 14:10:37 | 001,586,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2017/03/28 14:10:37 | 001,424,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Maps.dll
[2017/03/28 14:10:13 | 002,424,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Perception.dll
[2017/03/28 14:10:12 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.dll
[2017/03/28 14:10:09 | 001,266,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll
[2017/03/28 14:10:09 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2017/03/28 14:10:06 | 000,875,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll
[2017/03/28 14:10:05 | 001,231,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dosvc.dll
[2017/03/28 14:09:49 | 001,064,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2017/03/28 14:09:39 | 001,328,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2017/03/28 14:09:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ShareHost.dll
[2017/03/28 14:09:32 | 001,513,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2017/03/28 14:09:31 | 003,106,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe
[2017/03/28 14:09:10 | 004,149,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2017/03/28 14:09:05 | 001,131,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2017/03/28 14:09:03 | 001,369,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Phone.dll
[2017/03/28 14:08:59 | 003,612,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2017/03/28 14:08:52 | 001,564,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quartz.dll
[2017/03/28 14:08:51 | 003,542,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2017/03/28 14:08:35 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enrollmentapi.dll
[2017/03/28 14:08:16 | 000,783,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll
[2017/03/28 14:08:11 | 000,299,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RADCUI.dll
[2017/03/28 14:07:53 | 000,908,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2017/03/28 14:07:52 | 000,701,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.Connectivity.dll
[2017/03/28 14:07:14 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FontProvider.dll
[2017/03/28 14:06:43 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadtb.dll
[2017/03/28 14:06:39 | 000,924,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2017/03/28 14:06:04 | 000,999,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWorkspace.dll
[2017/03/28 14:05:25 | 001,633,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\quartz.dll
[2017/03/28 13:48:06 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CoreMessaging.dll
[2017/03/19 01:50:38 | 000,956,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2017/03/19 01:35:45 | 002,278,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2017/03/16 13:47:09 | 000,038,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompPkgSup.dll
[2017/03/16 13:38:49 | 000,034,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CompPkgSup.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

ペソネ
2017/04/13 (Thu) 22:28:47

返信フォームへ

Re: レジストリに異変？

ログ8

[2017/04/12 23:17:34 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/04/12 07:30:43 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2017/04/12 07:30:38 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2017/04/12 07:30:15 | 000,418,304 | ---- | C] () -- C:\WINDOWS\SysNative\Windows.Perception.Stub.dll
[2017/04/12 07:29:58 | 002,681,200 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2017/04/11 14:33:29 | 1632,657,408 | -HS- | C] () -- C:\hiberfil.sys
[2017/04/11 14:26:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2017/04/11 14:26:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Ps2Led_01005.Wdf
[2017/04/11 14:21:30 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2017/04/11 14:19:54 | 000,220,016 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017/04/11 13:51:48 | 000,000,214 | ---- | C] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2017/04/11 10:41:15 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/04/11 10:04:41 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\スタートアップツール.lnk
[2017/04/11 10:04:41 | 000,002,635 | ---- | C] () -- C:\Users\Public\Desktop\スタートアップツール.lnk
[2017/04/11 10:04:14 | 000,001,372 | ---- | C] () -- C:\Users\Public\Desktop\セキュリティ対策ツール.lnk
[2017/04/11 10:00:47 | 000,000,062 | ---- | C] () -- C:\WINDOWS\SysNative\SupportTool.exe.bat
[2017/04/11 09:59:50 | 000,000,036 | ---- | C] () -- C:\Users\imagawa\AppData\Local\housecall.guid.cache
[2017/04/11 09:56:39 | 000,001,187 | ---- | C] () -- C:\Users\imagawa\Desktop\セキュリティ申込・設定ツール.lnk
[2017/04/11 09:04:46 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2017/04/11 09:04:46 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/04/10 22:43:56 | 000,002,320 | ---- | C] () -- C:\Users\imagawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[2017/04/10 22:40:36 | 000,000,352 | ---- | C] () -- C:\Users\imagawa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2017/04/10 22:40:36 | 000,000,334 | ---- | C] () -- C:\Users\imagawa\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2017/04/10 22:39:39 | 001,913,826 | ---- | C] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017/04/10 22:36:34 | 000,145,314 | ---- | C] () -- C:\WINDOWS\SysWow64\license.rtf
[2017/04/10 22:36:34 | 000,145,314 | ---- | C] () -- C:\WINDOWS\SysNative\license.rtf
[2017/04/10 22:04:39 | 000,667,414 | ---- | C] () -- C:\WINDOWS\SysNative\perfh011.dat
[2017/04/10 22:04:39 | 000,212,396 | ---- | C] () -- C:\WINDOWS\SysNative\perfc011.dat
[2017/04/10 22:04:39 | 000,144,476 | ---- | C] () -- C:\WINDOWS\SysNative\perfi011.dat
[2017/04/10 22:04:39 | 000,033,362 | ---- | C] () -- C:\WINDOWS\SysNative\perfd011.dat
[2017/04/10 21:59:30 | 000,810,338 | ---- | C] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017/04/10 21:59:30 | 000,296,742 | ---- | C] () -- C:\WINDOWS\SysNative\perfi009.dat
[2017/04/10 21:59:30 | 000,210,856 | ---- | C] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017/04/10 21:59:30 | 000,033,362 | ---- | C] () -- C:\WINDOWS\SysNative\perfd009.dat
[2017/04/10 21:57:09 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2017/04/10 21:57:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2017/04/10 21:57:02 | 000,017,463 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\etc\services
[2017/04/10 21:57:02 | 000,003,683 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\etc\lmhosts.sam
[2017/04/10 21:57:02 | 000,001,358 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\etc\protocol
[2017/04/10 21:57:02 | 000,000,824 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2017/04/10 21:57:02 | 000,000,407 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\etc\networks
[2017/04/10 21:56:57 | 000,015,425 | ---- | C] () -- C:\WINDOWS\SysNative\OEMDefaultAssociations.xml
[2017/04/10 21:56:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysNative\NOISE.DAT
[2017/04/10 21:56:56 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysNative\dssec.dat
[2017/04/10 21:56:52 | 000,000,858 | ---- | C] () -- C:\WINDOWS\SysNative\DefaultQuestions.json
[2017/03/15 10:31:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2017/03/15 10:29:43 | 000,025,088 | ---- | C] () -- C:\WINDOWS\SysNative\GamePanelExternalHook.dll
[2017/03/15 10:29:42 | 000,448,285 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2016/07/16 20:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016/07/16 20:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 20:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016/07/16 20:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016/07/16 20:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016/07/16 20:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016/07/16 20:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[color=#E56717]========== ZeroAccess Check ==========[/color]

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2017/03/28 15:10:41 | 007,220,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2017/03/28 15:04:38 | 005,721,808 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 20:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 20:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 20:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2017/04/11 10:07:26 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk
[2017/04/13 20:27:49 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsApps
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWINDOWS
[2017/04/11 20:51:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4600 series
[2017/04/10 21:56:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2017/04/13 01:33:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2017/04/10 21:56:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\DMProfiles
[2017/04/10 21:56:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2017/04/11 10:07:26 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config
[2017/04/11 10:07:26 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR
[2017/04/11 10:07:26 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR
[2017/04/11 10:07:26 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\2017-04-11-01-07-26
[2017/04/11 10:07:26 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR\2017-04-11-01-07-26
[2017/04/11 10:07:26 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\f067568
[2017/04/11 10:07:26 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\f067568\2017-04-11-01-07-26
[2017/04/11 14:34:48 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWINDOWS
[2017/04/11 20:51:40 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4600 series
[2017/04/10 21:56:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2017/04/13 01:33:07 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2017/04/10 21:56:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\DMProfiles
[2017/04/10 21:56:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2017/04/10 21:56:38 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2017/04/10 22:36:20 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\AppData
[2017/04/10 22:38:33 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/04/10 22:40:37 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData
[2017/04/10 22:42:30 | 000,000,000 | RH-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/04/13 02:19:36 | 000,000,000 | RH-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\Burn\Burn1
[2017/04/11 09:37:57 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\IECompatCache\Low
[2017/04/11 09:37:57 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\IECompatUaCache\Low
[2017/04/11 09:37:57 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCache\Virtualized
[2017/04/10 22:40:59 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
[2017/04/10 22:40:59 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
[2017/04/10 22:40:59 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
[2017/04/11 10:04:09 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/04/12 08:14:33 | 000,000,000 | RH-D | M] -- C:\Users\Public\AccountPictures
[2017/04/13 02:17:34 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2017/04/10 21:56:44 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2017/04/11 10:03:02 | 000,000,000 | -H-D | M] -- C:\Windows\ELAMBKUP
[2017/04/11 14:20:19 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2017/04/11 09:00:48 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2017/04/13 07:31:41 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BEVT-26A0RT0
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 386.00GB
Starting Offset: 2000683008
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 65.00GB
Starting Offset: 416900186112
Hidden sectors: 0

DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 486899974144
Hidden sectors: 0

[color=#E56717]========== Base Services ==========[/color]
No service found with a name of AeLookupSvc
SRV:[b]64bit:[/b] - [2017/03/04 15:29:00 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:39 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2016/10/15 12:48:52 | 001,054,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:09 | 000,795,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2016/07/16 20:42:55 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\syswow64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:17 | 000,453,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2016/07/16 20:42:46 | 000,347,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\syswow64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2016/07/16 20:43:10 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,888,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,360,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2016/07/16 20:42:55 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\syswow64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2017/03/04 15:26:09 | 000,264,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:18 | 000,036,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2016/07/16 20:42:46 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\syswow64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2017/03/04 15:23:52 | 000,541,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:11 | 000,391,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2016/07/16 20:42:16 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
No service found with a name of MMCSS
SRV:[b]64bit:[/b] - [2016/07/16 20:42:12 | 000,259,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2016/10/05 18:29:19 | 000,368,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2017/03/04 15:08:30 | 000,792,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2016/07/16 20:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2017/03/04 15:26:25 | 000,658,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,888,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2016/09/15 00:59:47 | 000,057,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2016/11/11 18:16:14 | 000,184,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:27 | 000,305,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:40 | 000,617,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2016/07/16 20:43:04 | 000,566,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\syswow64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2016/07/16 20:42:36 | 000,948,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:39 | 000,309,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2016/07/16 20:43:02 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\syswow64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:42 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2016/09/16 01:35:48 | 000,358,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2017/03/04 15:15:01 | 001,443,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2016/11/02 19:21:26 | 000,942,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2016/11/02 19:22:02 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2016/07/16 20:43:47 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2017/03/28 15:09:22 | 000,103,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2016/09/16 01:22:47 | 001,709,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2017/03/04 15:20:22 | 000,893,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:43:50 | 000,646,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:13 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2016/07/16 20:42:45 | 000,058,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:31 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2017/03/28 14:10:13 | 002,316,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2016/07/16 20:42:13 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2017/03/04 15:07:55 | 002,370,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2016/11/11 18:03:50 | 000,283,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >

ペソネ
2017/04/13 (Thu) 22:31:04

返信フォームへ

Re: レジストリに異変？

ここからextra.txtです

OTL Extras logfile created on: 2017/04/13 21:41:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\imagawa\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.80 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 66.18% Memory free
5.18 Gb Paging File | 3.50 Gb Available in Paging File | 67.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 386.41 Gb Total Space | 363.75 Gb Free Space | 94.14% Space Free | Partition Type: NTFS
Drive D: | 65.19 Gb Total Space | 63.77 Gb Free Space | 97.82% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1PRU7ED | User Name: imagawa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = A0 AE 01 0A 84 B2 D2 01 [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062B16D1-DB3C-493E-98C2-346630C19D3E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2127E3D4-1CEC-4626-9C2D-AC4971427E3C}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E1AE89B-A1B1-435E-B9B7-F766C4FD2448}" = rport=139 | protocol=6 | dir=out | app=system |
"{34CBE3E6-A003-4D5E-9CA3-FEC2C03FCAEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B745A9E-C990-414E-B812-3B34821E4E48}" = lport=139 | protocol=6 | dir=in | app=system |
"{7960CB46-FD8C-4D72-A28B-23B611F4CA6A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{894FADF9-6B3C-4C91-929C-9693C7435226}" = lport=445 | protocol=6 | dir=in | app=system |
"{A3A89A44-299F-4F9E-9D48-9AF099D906E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9EAA6BA-786A-4CCA-90C5-846877A51E74}" = rport=137 | protocol=17 | dir=out | app=system |
"{D21E7488-70B4-4CCE-BEC3-FA48FEFEFCF8}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6E8B867-411D-484E-AA66-3CB4467255BC}" = rport=445 | protocol=6 | dir=out | app=system |
"{F706C6E7-90B5-4548-94B8-303ABBBE08AD}" = lport=138 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032BF064-2AE5-407F-A22A-2D42E5768702}" = protocol=58 | dir=in | app=system |
"{11EC8186-B343-445C-977B-064ADD27C5A1}" = dir=out | name=microsoft solitaire collection |
"{12DABC63-12A2-446D-86AB-A5958B430CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{16E656D2-1B97-4AFA-9581-4C86AC00A47E}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{1A1ADF61-9260-44E8-9DBD-A895DB348ABE}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{1D3664D7-25A1-4E86-8FB6-B3C5F0B1CC95}" = dir=out | name=@{microsoft.windowsstore_11701.1001.99.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{1D416E78-F633-4B61-9264-225A97241BF3}" = dir=out | name=xbox |
"{1E1709F4-9552-4940-8682-75A466656C80}" = dir=in | name=@{microsoft.bingweather_4.18.52.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{1EBF4803-CC11-42DC-B8B9-E3E63D7DC7A3}" = dir=in | name=@{microsoft.zunemusic_10.17022.10301.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{215C4D89-7B6E-476D-A69F-E03A2431466B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{22B4BEB7-2629-4AAA-8A73-4CB91D68588C}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{2414086C-CAE2-4BA2-8D4C-30EF00225761}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1702.811.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{252572CA-644B-40C4-95AD-0DE05DB8048E}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{32F89963-B029-41DA-B464-E35E24EE60C9}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{3A29292B-9399-49F0-850A-655C4BEEB188}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{47F6440B-CBFE-49D0-9F29-0579A385C8B3}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{48F0424C-6D5F-448D-829C-96F9DC70D8FA}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{48FA3AE9-85C6-40AF-B45E-FCCF405B516B}" = dir=in | name=@{microsoft.windowsstore_11701.1001.99.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{4A32A836-A853-489F-ACDB-DEF218190AEE}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{4B5FCC39-A476-4E1D-BE40-105CA9E4236B}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.1066_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{4C3BE77F-5886-4570-B616-FEAA54DCE2FA}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{530FAD3B-8690-4E7F-B259-50F88CB6E1C6}" = dir=out | name=store purchase app |
"{551996B1-23D2-4856-8E1D-4C41C318DCFE}" = dir=in | name=microsoft solitaire collection |
"{5E3D2E0E-01EA-4FFF-AC62-D2C02B7B9CAF}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{622EA5A5-93AA-464F-97CD-6B8FD3A4372C}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{64D4F751-98FF-4A89-B147-92E2306F215A}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{64FB40B9-EBEF-4EE4-B9C9-EC91DDC87EC4}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{673C5713-DB4B-4FCC-B96D-31460DF1574F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{791D6CA1-59EF-40F5-A7F0-CCEB0AED8DD3}" = dir=out | name=onenote |
"{841E3059-73FB-46C1-A7D9-7D7A108E010D}" = dir=in | name=microsoft sticky notes |
"{868F3A23-BF9A-4FBB-AC86-5586DF832ACB}" = dir=out | name=@{microsoft.getstarted_5.0.13.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{8A2696E8-C316-475E-AEA1-71C713CFEE28}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{910089BA-904A-4AA3-A8C0-10C0B6097E05}" = dir=in | name=onenote |
"{913D44F4-D1D2-46F9-A9FB-1226A94CE060}" = dir=out | name=@{microsoft.windows.photos_17.313.10010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{91B98B10-6FD4-4C27-82BF-BDE471B14364}" = dir=out | name=@{microsoft.windowsmaps_5.1703.762.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{96E79830-7917-464E-9495-12F1223170C3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{9D1AA6A5-CAFC-4F4E-A749-B11D85B196D4}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1702.811.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{9DFE4E55-A394-4002-848E-2535418FA7D0}" = dir=out | name=microsoft sticky notes |
"{9FACEC59-103D-453B-BF5D-6DA7C4B10E43}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{A2458F68-89D5-42FA-8F54-2164EE88E074}" = dir=in | name=xbox |
"{A3DF2ECD-96CE-4DEC-97FE-9883DAB2B13A}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{A3E2816F-1E67-46A1-9421-8B2C199258DC}" = dir=out | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{A4B8C60F-D8DE-4DA4-B2AA-A07AD0AEB1B4}" = dir=in | name=@{microsoft.zunevideo_10.17022.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{A539C7E1-A543-4D8B-9315-EAE311E67104}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.8104.42387.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{A54EAFF7-73C7-4755-93E6-3761B1B9FA98}" = dir=out | name=@{microsoft.microsoftofficehub_17.8017.5925.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{A860CC78-068A-4DE8-9335-131C84021854}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{ADFFAC50-6CD5-4A2C-BBBB-B1BDA3D92A1E}" = dir=out | name=@{microsoft.bingweather_4.18.52.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{B208FDBB-4C05-4B68-B197-96EDB955CE4C}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{B356F034-8D86-4CB6-B983-FC4EE63ECD87}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{B4230E9C-1B45-4942-AB5A-C2195C146631}" = dir=out | name=@{microsoft.zunevideo_10.17022.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{B72DF16C-5ECF-4652-A40E-11ADB5B9B30C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B77DCDE1-D4F9-4817-9303-4234196BEC1A}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{B7959C21-520E-4D66-8120-C23D54FD6379}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{B978B15C-AEDC-487D-A28D-48F94D4BB400}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{BEC585D6-8C07-4B7E-96EE-010949FFB417}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{BF6A5066-3082-427B-B3D5-7883FA578FF8}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{C537E5CD-A7CA-45C3-9C55-36F4E406E44B}" = dir=out | name=@{microsoft.people_10.2.831.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{CE2E5B1E-8F9E-4302-BF9C-35BF620BED15}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{D70243FF-3A78-4580-B16A-C8E3CA934E3F}" = dir=out | name=@{microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{E0C6E304-1D13-42F6-8D87-63363714AC4F}" = dir=in | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{E9137936-1EAF-469F-B154-37B8D4884D21}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{EAEF4C49-EE6B-4D1F-845B-F4871AEFB289}" = dir=in | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{EBF81231-6A31-45B0-A313-0F653847F03C}" = dir=out | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{EC3BCA9D-9596-4179-BB7E-6BCF472D40F3}" = dir=out | name=@{microsoft.zunemusic_10.17022.10301.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{EE09773D-868D-4B50-BBA2-897CEACAC9B1}" = dir=in | name=@{microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{F3016F27-858F-4DE3-8710-49A37509A27F}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{F6F6E3B5-13FA-4C48-B9E1-E719BE2A2FB5}" = dir=in | name=@{microsoft.microsoftofficehub_17.8017.5925.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{FE6F6826-056E-40EA-8EAD-95BF66094B54}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FEBA95D1-C361-45F8-AD04-925C2087845D}" = dir=in | name=@{microsoft.windows.photos_17.313.10010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = NX PAD Driver
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = セキュリティ対策ツール
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"CCleaner" = CCleaner

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{139C06F6-2DC5-485F-B34A-D333AA122379}" = セキュリティ申込・設定ツール
"{5DD4998C-C190-424F-9EC9-58C38AD67BB0}" = スタートアップツール
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 52.0.2 (x86 ja)" = Mozilla Firefox 52.0.2 (x86 ja)
"MozillaMaintenanceService" = Mozilla Maintenance Service

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2017/04/11 8:16:26 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = アプリ Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca
のライセンス認証がエラーで失敗しました: -2144927149。詳しくは、Microsoft-Windows-TWinUI/Operational ログをご覧ください。

Error - 2017/04/11 8:16:36 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = アプリ Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe:App.AppXhqern91xdfs9nhcd85e2vgmtzqt3xcbq.mca
のライセンス認証がエラーで失敗しました: -2144927149。詳しくは、Microsoft-Windows-TWinUI/Operational ログをご覧ください。

Error - 2017/04/11 8:21:03 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = 暗号化サービスは VSS バックアップ "System Writer" オブジェクトを初期化できませんでした。 Details: Could
not query the status of the EventSystem service. System Error: システムシャットダウンが実行中です。
。

Error - 2017/04/11 18:23:02 | Computer Name = DESKTOP-1PRU7ED | Source = Windows Search Service | ID = 3104
Description =

Error - 2017/04/11 18:35:18 | Computer Name = DESKTOP-1PRU7ED | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: MRT.exe、バージョン: 5.47.13703.0、タイムスタンプ: 0x58dec9f9
障害が発生しているモジュール名:
combase.dll、バージョン: 10.0.14393.953、タイムスタンプ: 0x58ba5954 例外コード: 0xc0000005 障害オフセット:
0x00000000000b071c 障害が発生しているプロセス ID: 0xd00 障害が発生しているアプリケーションの開始時刻: 0x01d2b31393a21cc6
障害が発生しているアプリケーション
パス: C:\WINDOWS\system32\MRT.exe 障害が発生しているモジュールパス: C:\WINDOWS\System32\combase.dll
レポート
ID: 1505fe78-557c-4737-adfd-2e2c4980ca3a 障害が発生しているパッケージの完全な名前: 障害が発生しているパッケージに関連するアプリケーション
ID:

Error - 2017/04/12 13:31:55 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = アプリ Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca
のライセンス認証がエラーで失敗しました: -2144927149。詳しくは、Microsoft-Windows-TWinUI/Operational ログをご覧ください。

Error - 2017/04/12 14:07:44 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = アプリ Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca
のライセンス認証がエラーで失敗しました: -2144927149。詳しくは、Microsoft-Windows-TWinUI/Operational ログをご覧ください。

Error - 2017/04/12 15:41:41 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = アプリ Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca
のライセンス認証がエラーで失敗しました: -2144927149。詳しくは、Microsoft-Windows-TWinUI/Operational ログをご覧ください。

Error - 2017/04/12 18:31:50 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = アプリ Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca
のライセンス認証がエラーで失敗しました: -2144927149。詳しくは、Microsoft-Windows-TWinUI/Operational ログをご覧ください。

Error - 2017/04/13 8:43:49 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = 暗号化サービスで、システムライターオブジェクトで OnIdentity() の呼び出しを処理中にエラーが発生しました。 Details:
AddLegacyDriverFiles:
Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System
Error: アクセスが拒否されました。。

Error - 2017/04/13 8:44:27 | Computer Name = DESKTOP-1PRU7ED | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 2017/04/12 19:13:54 | Computer Name = DESKTOP-1PRU7ED | Source = DCOM | ID = 10005
Description =

Error - 2017/04/12 19:13:54 | Computer Name = DESKTOP-1PRU7ED | Source = DCOM | ID = 10005
Description =

Error - 2017/04/12 19:13:55 | Computer Name = DESKTOP-1PRU7ED | Source = DCOM | ID = 10005
Description =

Error - 2017/04/13 6:06:37 | Computer Name = DESKTOP-1PRU7ED | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 6:12:42 | Computer Name = DESKTOP-1PRU7ED | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 6:12:52 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 2017/04/13 7:18:19 | Computer Name = DESKTOP-1PRU7ED | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 7:50:44 | Computer Name = DESKTOP-1PRU7ED | Source = DCOM | ID = 10016
Description =

Error - 2017/04/13 7:50:52 | Computer Name = DESKTOP-1PRU7ED | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 2017/04/13 8:30:23 | Computer Name = DESKTOP-1PRU7ED | Source = DCOM | ID = 10016
Description =

< End of report >

お聞きしたいのですが、今の状態でメールを確認してもよろしいのでしょうか？
今回の件で、もしかしたらPCはマルウェアやウィルスに侵されているのではと思い、
不安でリカバリ以降は一度もメールソフトを使っていなかったのですが、
逆にチェックしてないことが不安になってきてしまいまして。

また、メール関連が問題なかった場合、普段私はOutlookを使用しておりますが、
新しくインストールしたりすると今現在進行中の作業に影響を及ぼすものなのでしょうか？

ペソネ
2017/04/13 (Thu) 22:33:49

返信フォームへ

OTLで少し掃除を

作業と報告、ご苦労様です。
OTLスキャンログを見せてもらいました。

>今の状態でメールを確認してもよろしいのでしょうか？

はい、ログを見た範囲ではデータ漏えいの痕跡は見えないので、そこはいいでしょう。
ただ大事を取って、メール等のパスワードは変更しておくといいです。

>普段私はOutlookを使用しておりますが

メールソフトではOutlookよりも別のメールソフトを検討しておいてください。
セキュリティや迷惑メール対策を考えるなら下記あたりが無難です。
http://forest.watch.impress.co.jp/library/software/thunderbird/

さて、ログでは思ったよりはきれいですが、それでもいくらかゴミが見つかってますね。
では今度はそれをOTLから掃除にかかりますか。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」（赤字のボタン）を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja-JP
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 1B EC A7 C1 B2 D2 01 [binary data]
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = D6 C0 AF E0 5B B2 D2 01 [binary data]
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.

:Files

:reg

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------

悪代官
2017/04/14 (Fri) 22:19:34

返信フォームへ

Re: レジストリに異変？

悪代官さん、ご返答ありがとうございます。ペソネです。

メールソフトの件ですが、親切に教えてくださりありがとうございました。
機能が充実していて素晴らしいですね。
これからはThunderbirdを使っていこうと思います。

それと作業が終わりましたので報告します。

今回、OTLがセーフモードではいくらクリックしても反応が無かったので、
通常モードで起動を試みたら、Windows SmartscreenによってブロックされていたらしくRunをクリック。
（OTLを前回の作業終了時に削除しておりましたのでそのせいかもしれません）
その後、セーフモードでも起動を確認できましたので
おっしゃって頂いた通りにスクリプトを貼り付けRun Fixを押し、
処置が終わると自動で再起動されましたので通常モードでログイン。
OTLのログを保存し、2時間放置しておきましたが
デスクトップにdesktop.iniが二つ表示されている他に以前と変わったことはありませんでした。

OTLのログはこちらになります。

All processes killed
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully!
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: defaultuser0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 588289 bytes

User: imagawa
->Temp folder emptied: 21486114 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 20902127 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 830235 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 04142017_235403

Files\Folders moved on Reboot...
File move failed. C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ペソネ
2017/04/15 (Sat) 02:06:01

返信フォームへ

ここで全体の洗い直しを

レスが遅くなってすみません。

セーフモードでOTLが使えなかったわけですか。
まあ通常モードで起動できたならそれでもいいです。

>デスクトップにdesktop.iniが二つ表示されている他に以前と変わったことはありませんでした

これは元々存在していた隠しファイルがOTL作業で表示状態になっただけなので、感染ではありませんから不安がらなくていいです。

掃除対象エントリはsuccessfully（処置成功）になっているのでこれもいいです。
OTLは準備時の説明に沿って片付けていいです。

では現在特におかしな動きは出てませんか。
それならここで全体を見直しましょう。
お手数ですがまたHJTログと、CCでインストール情報ログと各タブのログを取り直して、それらをレスください。
なにか見落としがないかを含めて全体を洗い直します

悪代官
2017/04/15 (Sat) 21:20:52

返信フォームへ

Re: レジストリに異変？

悪代官さん、返答ありがとうございます。ペソネです。

>セーフモードでOTLが使えなかったわけですか。
>まあ通常モードで起動できたならそれでもいいです。

私の説明が不十分で申し訳ありませんでした。
OTLを通常モードで許可してから、そこでは何も作業せずに一旦閉じ、
PCをセーフモードにして、OTLを起動しRun Scanしました。

現在のPCの挙動ですが、特に異常はないと思います。
各ログを取りましたので、お手数をおかけしますがご確認のほど宜しくお願い致します。

ペソネ
2017/04/15 (Sat) 22:36:23

返信フォームへ

Re: レジストリに異変？

HJTログ
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:12:38, on 2017/04/15
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 52.0.2 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\uiWinMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: トレンドマイクロネットワークフィルタプラグイン - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O2 - BHO: トレンドマイクロIEプロテクション - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - Global Startup: スタートアップツール.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6118 bytes

なぜか文字化けしてしまいますが、は・です。

ペソネ
2017/04/15 (Sat) 22:43:31

返信フォームへ

Re: レジストリに異変？

CCインストール
3D Builder Microsoft Corporation 2017/04/10 12.0.3131.0
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 2017/04/12 5.94 MB 25.0.0.148
CCleaner Piriform 2017/04/13 19.5 MB 5.28
Groove ミュージック Microsoft Corporation 2017/04/10 10.17022.10301.0
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2017/04/12 13.3 MB 1.75.0.1300
Microsoft OneDrive Microsoft Corporation 2017/04/10 84.8 MB 17.3.6798.0207
Microsoft Solitaire Collection Microsoft Studios 2017/04/12 3.16.3302.0
Microsoft Sticky Notes Microsoft Corporation 2017/04/10 1.8.0.0
Mozilla Firefox 52.0.2 (x86 ja) Mozilla 2017/04/13 147 MB 52.0.2
Mozilla Maintenance Service Mozilla 2017/04/11 256 KB 52.0.2
NX PAD Driver Alps 2017/04/13 24.2 MB 8.100.909.312
OneNote Microsoft Corporation 2017/04/10 17.7967.57751.0
People Microsoft Corporation 2017/04/10 10.2.831.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/04/13 17.0 MB 6.0.1.6186
Store Purchase App Microsoft Corporation 2017/04/10 11608.1000.2431.0
Xbox Microsoft Corporation 2017/04/12 27.28.8007.0
Xbox Identity Provider Microsoft Corporation 2017/04/10 11.19.19003.0
アプリインストーラー Microsoft Corporation 2017/04/10 1.0.10332.0
アラーム & クロック Microsoft Corporation 2017/04/10 10.1703.602.0
カメラ Microsoft Corporation 2017/04/10 2017.214.20.0
スタートアップツール西日本電信電話株式会社 2017/04/11 2.73 MB 8.0.2
ストア Microsoft Corporation 2017/04/10 11701.1001.99.0
セキュリティ対策ツール西日本電信電話株式会社 2017/04/11 206 MB 11.11
セキュリティ申込・設定ツール西日本電信電話株式会社 2017/04/11 7.24 MB 7.5.0.13
ニュース Microsoft Corporation 2017/04/10 4.18.41.0
ヒント Microsoft Corporation 2017/04/10 5.0.13.0
フィードバック Hub Microsoft Corporation 2017/04/10 1.1702.811.0
フォト Microsoft Corporation 2017/04/10 17.313.10010.0
ボイスレコーダー Microsoft Corporation 2017/04/10 10.1703.601.0
マップ Microsoft Corporation 2017/04/10 5.1703.762.0
メッセージング Microsoft Corporation 2017/04/10 3.19.1001.0
メール/カレンダー Microsoft Corporation 2017/04/13 17.8104.42387.0
天気 Microsoft Corporation 2017/04/10 4.18.52.0
新しい Office を始めよう Microsoft Corporation 2017/04/10 17.8017.5925.0
映画 & テレビ Microsoft Corporation 2017/04/10 10.17022.10311.0
有料 Wi-Fi & 携帯ネットワーク Microsoft Corporation 2017/04/10 1.1607.6.0
電卓 Microsoft Corporation 2017/04/10 10.1703.601.0
電話 Microsoft Corporation 2017/04/10 1.10.15000.0

ペソネ
2017/04/15 (Sat) 22:46:58

返信フォームへ

Re: レジストリに異変？

CC各ログ
Windows
有効 HKCU:Run OneDrive Microsoft Corporation "C:\Users\imagawa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"
有効 Startup Common スタートアップツール.lnk C:\WINDOWS\Installer\{5DD4998C-C190-424F-9EC9-58C38AD67BB0}\_9B3CE635A99B6F92D5462F.exe

スケジュールされたタスク
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

Internet Explorer
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

Firefox
有効 Extension Application Update Service Helper 2.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Disable Prefetch 1.0 default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\disable-prefetch@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.12 default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\e10srollout@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.9 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Site Deployment Checker 1.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi
無効 Extension Trend Micro BEP Firefox Extension 9.2.0.1026 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
無効 Extension Trend Micro Osprey Firefox Extension 2.0.0.1090 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 11.0.0.1186 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.12.0 All uBlock Origin contributors default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension uMatrix 0.9.3.6 Raymond Hill default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uMatrix@raymondhill.net.xpi
有効 Extension Web Compat 1.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
有効 Plugin Shockwave Flash 25.0.0.148 Adobe Systems Incorporated default Firefox 52.0.2 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll

CCleanerのモニタリング機能は重かったので切りました。

ペソネ
2017/04/15 (Sat) 22:50:57

返信フォームへ

洗い直しに来ました

こんばんは。
状態の洗い直しにきた「あらいぐま悪代官」です（←悪代官なら悪事から足を洗え

>CCleanerのモニタリング機能は重かったので切りました

はい、それはオフのほうが推奨です。
実際オンにすると環境にもよりますが結構動作に負担かけて重くなることが多いので。

現在の各ログも見せてもらいました。
現在は特に怪しい物もなさそうですね。
異常も出てないならそこもいいです。

MBAMはGUを使ってアンインストールしておいていいです。

あとはしばらく様子見しますか。
普通にPCを使いながらでいいので1週間様子見をお願いします。

1週間後にまた今回と同じHJTログと、CCのインストール情報と各タブのログを取り直して、それらを様子見中の状態報告とともにレスください。

この時点でまた異常再発も出なければヤマも越えられそうですが、何か異常見えたら1週間待たなくていいのでそこでレスください

あらいぐま悪代官
2017/04/16 (Sun) 20:58:41

返信フォームへ

Re: レジストリに異変？

悪代官さん、こんばんは。ペソネです。
先ほどネットサーフィン中に突然「アプリの規定値がリセットされました」と通知が来て
iniがどうとかLaunch Windows Appが何とかと書いてありました。（すぐに消えてしまったので詳細は分かりません）
この現象は異常なことなのでしょうか？

セキュリティ対策ツール、MBAMでフルスキャンをかけましたがどちらも検出なし
PCの挙動にもおかしな点は見当たりません。

ついでにログも張っておきます。
Hijackthis　（一部の使いそうもないサービスはサイトを参考にして無効にしました）
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:38:00, on 2017/04/19
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 52.0.2 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\uiWinMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: トレンドマイクロネットワークフィルタプラグイン - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O2 - BHO: トレンドマイクロIEプロテクション - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5750 bytes

MBAM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

定義バージョン： v2017.04.18.04

Windows 8 x64 NTFS (セーフモード)
Internet Explorer 11.1066.14393.0
imagawa :: DESKTOP-1PRU7ED [管理者]

2017/04/19 0:18:47
mbam-log-2017-04-19 (00-18-47).txt

スキャンタイプ：フルスキャン (C:\|D:\|)
有効なスキャン領域：メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン　 | ヒューリスティック/Shuriken　エンジンを使用してスキャン　 | 不審なプログラム　（PUP） | 不審な変更　（PUM） | ピア・ツー・ピアプログラム（P2P）
無効なスキャン領域:
スキャンしたアイテム数: 405351
経過時間： 39 分, 18 秒

メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)

メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリキーの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリ値の検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリデータ項目の検出: 0
(悪意のあるアイテムは検出されていません。)

フォルダの検出: 0
(悪意のあるアイテムは検出されていません。)

ファイルの検出: 0
(悪意のあるアイテムは検出されていません。)

(終)

CC
インストールリスト　（使いそうもないプログラムは消しました）
3D Builder Microsoft Corporation 2017/04/10 12.0.3131.0
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 2017/04/12 5.94 MB 25.0.0.148
Apple Application Support（64 ビット） Apple Inc. 2017/04/17 145 MB 5.4.1
Apple Mobile Device Support Apple Inc. 2017/04/17 27.4 MB 10.3.1.2
CCleaner Piriform 2017/04/13 19.5 MB 5.28
Groove ミュージック Microsoft Corporation 2017/04/10 10.17022.10301.0
iTunes Apple Inc. 2017/04/17 426 MB 12.6.0.100
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2017/04/12 13.3 MB 1.75.0.1300
Microsoft Solitaire Collection Microsoft Studios 2017/04/12 3.16.3302.0
Microsoft Sticky Notes Microsoft Corporation 2017/04/10 1.8.0.0
Mozilla Firefox 52.0.2 (x86 ja) Mozilla 2017/04/13 147 MB 52.0.2
Mozilla Maintenance Service Mozilla 2017/04/16 428 KB 52.0.1
Mozilla Thunderbird 52.0.1 (x86 ja) Mozilla 2017/04/16 91.1 MB 52.0.1
NX PAD Driver Alps 2017/04/13 24.2 MB 8.100.909.312
OneNote Microsoft Corporation 2017/04/10 17.7967.57751.0
People Microsoft Corporation 2017/04/10 10.2.831.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/04/13 17.0 MB 6.0.1.6186
Store Purchase App Microsoft Corporation 2017/04/10 11608.1000.2431.0
Xbox Microsoft Corporation 2017/04/12 27.28.8007.0
Xbox Identity Provider Microsoft Corporation 2017/04/10 11.19.19003.0
アプリインストーラー Microsoft Corporation 2017/04/10 1.0.10332.0
アラーム & クロック Microsoft Corporation 2017/04/10 10.1703.602.0
カメラ Microsoft Corporation 2017/04/10 2017.214.20.0
ストア Microsoft Corporation 2017/04/10 11701.1001.99.0
セキュリティ対策ツール西日本電信電話株式会社 2017/04/11 206 MB 11.11
ニュース Microsoft Corporation 2017/04/10 4.18.41.0
ヒント Microsoft Corporation 2017/04/10 5.0.13.0
フィードバック Hub Microsoft Corporation 2017/04/10 1.1702.811.0
フォト Microsoft Corporation 2017/04/10 17.313.10010.0
ボイスレコーダー Microsoft Corporation 2017/04/10 10.1703.601.0
マップ Microsoft Corporation 2017/04/10 5.1703.762.0
メッセージング Microsoft Corporation 2017/04/10 3.19.1001.0
メール/カレンダー Microsoft Corporation 2017/04/13 17.8104.42387.0

Windows
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"

スケジュールされたタスク
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

ブラウザプラグイン
IE
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

FF
有効 Extension Application Update Service Helper 2.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Disable Prefetch 1.0 default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\disable-prefetch@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.12 default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\features\{9f74f674-3e66-45e2-907a-552d0a823446}\e10srollout@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.9 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Site Deployment Checker 1.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi
無効 Extension Trend Micro BEP Firefox Extension 9.2.0.1026 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
無効 Extension Trend Micro Osprey Firefox Extension 2.0.0.1090 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 11.0.0.1186 Trend Micro default Firefox 52.0.2 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.12.1 All uBlock Origin contributors default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension uMatrix 0.9.3.6 Raymond Hill default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uMatrix@raymondhill.net.xpi
有効 Extension Web Compat 1.0 default Firefox 52.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 52.0.2 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
有効 Plugin Shockwave Flash 25.0.0.148 Adobe Systems Incorporated default Firefox 52.0.2 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll

ペソネ
2017/04/18 (Tue) 23:35:00

返信フォームへ

既定ブラウザをMS標準に戻してみてください

レスが遅くなってすみません。
昨日は用事でレスに来れませんでした。

>iniがどうとかLaunch Windows Appが何とかと書いてありました。

はい、では以下のサイトをサンショウオ↓
https://pc-karuma.net/windows-10-default-apps-select-reset/

サイトの説明を読んだあと、その手順に沿って既定のブラウザを「リセット」してみてください。
今は既定のブラウザをFirefoxにしているせいでそのメッセージが出る可能性があります。

このあと念のため一度PC再起動後、
そこでまた少し様子見後、異常が続くか沈静化したかを返信ください。
これで沈静化したらまたそのまま1週間様子見の続きをどうぞ

悪代官
2017/04/20 (Thu) 21:26:57

返信フォームへ

新たな問題

悪代官さん、こんばんは。ペソネです。
通知の件は解決したのですが、新たな問題が発生してしまいました。

様子見でネットサーフィン中に、uBlockOriginの接続履歴に
普段見慣れない「ib.adnxs.com」なるドメインがありまして、
不信に思い調べたところ、マルウェアとのことでした。

幸い、uBlockやumatrixのフィルタによって読み込む前にブロックされていたのか
ib.adnxs.comのクッキーはありませんでしたし、
ACやセキュリティ対策ツール、MBAMでも検出はなく、
他のサイトの広告がib.adnxs.comに置き換わっていることも無かったのですが、
そういったスキャンで引っ掛かりにくいマルウェアらしいので
今でもPCのどこかで生き続けているのではないか、と不安で仕方がありません。

何度もお手間を取らせてしまい、大変申し訳ないのですが
どうか、もう一つだけお力添えいただけませんでしょうか？

ログはこちらになります。
HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:52:26, on 2017/04/21
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 53.0 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\uiWinMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: トレンドマイクロネットワークフィルタプラグイン - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O2 - BHO: トレンドマイクロIEプロテクション - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5800 bytes

CC
インストール
3D Builder Microsoft Corporation 2017/04/19 14.0.1031.0
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 2017/04/12 5.94 MB 25.0.0.148
Apple Application Support（64 ビット） Apple Inc. 2017/04/17 182 MB 5.4.1
Apple Mobile Device Support Apple Inc. 2017/04/17 41.8 MB 10.3.1.2
CCleaner Piriform 2017/04/21 19.5 MB 5.29
Groove ミュージック Microsoft Corporation 2017/04/10 10.17022.10301.0
iTunes Apple Inc. 2017/04/17 564 MB 12.6.0.100
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2017/04/12 13.3 MB 1.75.0.1300
Microsoft Solitaire Collection Microsoft Studios 2017/04/12 3.16.3302.0
Microsoft Sticky Notes Microsoft Corporation 2017/04/10 1.8.0.0
Mozilla Firefox 53.0 (x86 ja) Mozilla 2017/04/21 143 MB 53.0
Mozilla Maintenance Service Mozilla 2017/04/20 428 KB 53.0.0.6312
Mozilla Thunderbird 52.0.1 (x86 ja) Mozilla 2017/04/21 91.2 MB 52.0.1
NX PAD Driver Alps 2017/04/13 24.2 MB 8.100.909.312
OneNote Microsoft Corporation 2017/04/19 17.8067.57631.0
People Microsoft Corporation 2017/04/10 10.2.831.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/04/13 17.0 MB 6.0.1.6186
Store Purchase App Microsoft Corporation 2017/04/10 11608.1000.2431.0
Xbox Microsoft Corporation 2017/04/12 27.28.8007.0
Xbox Identity Provider Microsoft Corporation 2017/04/10 11.19.19003.0
アプリインストーラー Microsoft Corporation 2017/04/10 1.0.10332.0
アラーム & クロック Microsoft Corporation 2017/04/10 10.1703.602.0
カメラ Microsoft Corporation 2017/04/10 2017.214.20.0
ストア Microsoft Corporation 2017/04/10 11701.1001.99.0
セキュリティ対策ツール西日本電信電話株式会社 2017/04/11 328 MB 11.11
ニュース Microsoft Corporation 2017/04/19 4.20.951.0
ヒント Microsoft Corporation 2017/04/10 5.0.13.0
フィードバック Hub Microsoft Corporation 2017/04/10 1.1702.811.0
フォト Microsoft Corporation 2017/04/10 17.313.10010.0
ボイスレコーダー Microsoft Corporation 2017/04/10 10.1703.601.0
マップ Microsoft Corporation 2017/04/10 5.1703.762.0
メッセージング Microsoft Corporation 2017/04/10 3.19.1001.0
メール/カレンダー Microsoft Corporation 2017/04/13 17.8104.42387.0
天気 Microsoft Corporation 2017/04/19 4.20.951.0
新しい Office を始めよう Microsoft Corporation 2017/04/19 17.8107.7600.0
映画 & テレビ Microsoft Corporation 2017/04/10 10.17022.10311.0
有料 Wi-Fi & 携帯ネットワーク Microsoft Corporation 2017/04/10 1.1607.6.0
電卓 Microsoft Corporation 2017/04/10 10.1703.601.0
電話 Microsoft Corporation 2017/04/10 1.10.15000.0

Windows
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
無効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"

スケジュールされたタスク
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

IE
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

FF
有効 Extension Application Update Service Helper 2.0 default Firefox 53.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.14 default Firefox 53.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 53.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
無効 Extension Trend Micro BEP Firefox Extension 9.2.0.1026 Trend Micro default Firefox 53.0 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
無効 Extension Trend Micro Osprey Firefox Extension 2.0.0.1090 Trend Micro default Firefox 53.0 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 11.0.0.1186 Trend Micro default Firefox 53.0 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.12.1 All uBlock Origin contributors default Firefox 53.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension uMatrix 0.9.3.6 Raymond Hill default Firefox 53.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uMatrix@raymondhill.net.xpi
有効 Extension Web Compat 1.0 default Firefox 53.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 53.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 53.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
有効 Plugin Shockwave Flash 25.0.0.148 Adobe Systems Incorporated default Firefox 53.0 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll

ペソネ
2017/04/20 (Thu) 23:57:35

返信フォームへ

UCが弾いた履歴な気に金しなくていいです

今夜もレスが遅くなりました。

>通知の件は解決したのですが、新たな問題が発生してしまいました。

はい、先の問題は沈静化したものの、今度はib.adnxs.comですか。
そこはマルウェアかどうかはさておき、「行儀悪い広告」を多く配信しているところと思えばわかりやすいでしょうか。
なのでuBlockOriginがそこを弾くのも無理ないですが、弾いてくれている分には実害はないでしょう。

ペソネさんのPCで直接ib.adnxs.comのサイトにアクセスしなくても、外部のサイトでib.adnxs.comにサーバーを置く広告ページへのリンクが貼られていればそれに反応することもあります。

現在のネット上では残念なことに、行儀悪い広告ほど利用したがるクライアントも多いと思ってください。
良質なコンテンツを作成配信してユーザーがそれを利用したがる中で広告を見せて広告依頼主の業績upに協力するより、ユーザーが興味もない広告をどうやって見せるかに重点を置いているわけです。

日本国内の大手サイトでも、広告のリンクはあまりよろしくないところへの誘導も少なくありません。

まあUCで弾かれた履歴に含まれたモノならアクセスさえしてなければ不安がらなくていいと思っていいです

悪代官
2017/04/21 (Fri) 20:49:24

返信フォームへ

Re: レジストリに異変？

悪代官さん、返答ありがとうございます。ペソネです。

ネットでib.adnxs.comを調べた際、やれマルウェアだとかウィルスだと紹介されているサイトばかりで
どうしたらいいものかと思っておりました。
また四月二十三日にお世話になりますが、その時もよろしくお願いします。

ペソネ
2017/04/21 (Fri) 21:28:11

返信フォームへ

Re: レジストリに異変？

悪代官さん、こんばんは。ペソネです。
一週間経ちましたが、PCの挙動に異常はありません。

また、ログはこちらになります。お手数をおかけしますがご確認のほど宜しくお願い致します。
HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 0:07:52, on 2017/04/24
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 53.0 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\uiWinMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O2 - BHO: トレンドマイクロネットワークフィルタプラグイン - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O2 - BHO: トレンドマイクロIEプロテクション - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5799 bytes

CC
インストールリスト
3D Builder Microsoft Corporation 2017/04/19 14.0.1031.0
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 2017/04/12 5.94 MB 25.0.0.148
Apple Application Support（64 ビット） Apple Inc. 2017/04/17 182 MB 5.4.1
Apple Mobile Device Support Apple Inc. 2017/04/17 41.8 MB 10.3.1.2
CCleaner Piriform 2017/04/21 19.5 MB 5.29
Groove ミュージック Microsoft Corporation 2017/04/10 10.17022.10301.0
iTunes Apple Inc. 2017/04/17 564 MB 12.6.0.100
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2017/04/12 13.3 MB 1.75.0.1300
Microsoft Solitaire Collection Microsoft Studios 2017/04/12 3.16.3302.0
Microsoft Sticky Notes Microsoft Corporation 2017/04/10 1.8.0.0
Mozilla Firefox 53.0 (x86 ja) Mozilla 2017/04/21 143 MB 53.0
Mozilla Maintenance Service Mozilla 2017/04/20 428 KB 53.0.0.6312
Mozilla Thunderbird 52.0.1 (x86 ja) Mozilla 2017/04/21 91.2 MB 52.0.1
NX PAD Driver Alps 2017/04/13 24.2 MB 8.100.909.312
OneNote Microsoft Corporation 2017/04/19 17.8067.57631.0
People Microsoft Corporation 2017/04/10 10.2.831.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/04/13 17.0 MB 6.0.1.6186
Store Purchase App Microsoft Corporation 2017/04/10 11608.1000.2431.0
Xbox Microsoft Corporation 2017/04/12 27.28.8007.0
Xbox Identity Provider Microsoft Corporation 2017/04/10 11.19.19003.0
アプリインストーラー Microsoft Corporation 2017/04/10 1.0.10332.0
アラーム & クロック Microsoft Corporation 2017/04/10 10.1703.602.0
カメラ Microsoft Corporation 2017/04/10 2017.214.20.0
ストア Microsoft Corporation 2017/04/10 11701.1001.99.0
セキュリティ対策ツール西日本電信電話株式会社 2017/04/11 328 MB 11.11
ニュース Microsoft Corporation 2017/04/22 4.20.1102.0
ヒント Microsoft Corporation 2017/04/10 5.0.13.0
フィードバック Hub Microsoft Corporation 2017/04/21 1.1703.971.0
フォト Microsoft Corporation 2017/04/10 17.313.10010.0
ボイスレコーダー Microsoft Corporation 2017/04/10 10.1703.601.0
マップ Microsoft Corporation 2017/04/10 5.1703.762.0
メッセージング Microsoft Corporation 2017/04/10 3.19.1001.0
メール/カレンダー Microsoft Corporation 2017/04/13 17.8104.42387.0
天気 Microsoft Corporation 2017/04/22 4.20.1102.0
新しい Office を始めよう Microsoft Corporation 2017/04/19 17.8107.7600.0
映画 & テレビ Microsoft Corporation 2017/04/10 10.17022.10311.0
有料 Wi-Fi & 携帯ネットワーク Microsoft Corporation 2017/04/10 1.1607.6.0
電卓 Microsoft Corporation 2017/04/10 10.1703.601.0
電話 Microsoft Corporation 2017/04/10 1.10.15000.0

スタートアップ
Windows
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
無効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"

スケジュールされたタスク
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location '%V'
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

IE
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
無効 Helper トレンドマイクロIEプロテクション Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll
無効 Helper トレンドマイクロネットワークフィルタプラグイン Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

FF
有効 Extension Application Update Service Helper 2.0 default Firefox 53.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.14 default Firefox 53.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 53.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
無効 Extension Trend Micro BEP Firefox Extension 9.2.0.1026 Trend Micro default Firefox 53.0 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
無効 Extension Trend Micro Osprey Firefox Extension 2.0.0.1090 Trend Micro default Firefox 53.0 C:\Program Files (x86)\NTTW\SECURITY\AMSP\module\20013\FxExt\firefoxextension
無効 Extension Trend Micro Toolbar 11.0.0.1186 Trend Micro default Firefox 53.0 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.12.1 All uBlock Origin contributors default Firefox 53.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension uMatrix 0.9.3.6 Raymond Hill default Firefox 53.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uMatrix@raymondhill.net.xpi
有効 Extension Web Compat 1.0 default Firefox 53.0 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 53.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 53.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
有効 Plugin Shockwave Flash 25.0.0.148 Adobe Systems Incorporated default Firefox 53.0 C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll

ペソネ
2017/04/24 (Mon) 00:17:49

返信フォームへ

何とか片付きましたか

こんばんは。
様子見後の状態報告ですね。

その後異常再発は出てないようで何よりです。
各ログも見せてもらいましたが、ログ上でも怪しいものはなさそうです。

では本題の処置は終了と言うことでいいでしょう。
作業に使った各ツールも準備時の説明に沿って片付けてください。

異常は消えても以後の再被害を防ぐための自衛はここからが始まりと思ってください。

ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

以前に他の相談者さんがたにも何度も語ったことですが、この掲示板で解決に至った最大の功績は相談者さんが手間を覚悟でひとつずつ作業してくれたこととともに、過去の相談者さんの作業と解析による貴重なデータによるものです。
以前の相談者さんが残してくれたログのおかげで、悪質なプログラム類のエントリや動作挙動と、その処置手順が多数発見できました。

つまり過去の相談者さんがその後の相談者さんを助けてくれたということです。
こうやって何十人何百人もの相談者さんによる次の方への救済の手が続いています。

ペソネさんも過去の相談者さんの協力に感謝するなら、ここまで苦労して作業して解決したトラブルを繰り返さないよう、少しずつでもいいのでPC環境とセキュリティ意識を向上させる努力を持ってください。

PCのセキュリティの上では覚えるべきことも山ほどありますが、最初から全部頭に詰め込む必要はありません。
わかる範囲から一つずつでも消化しながら、無理のない範囲とペースで身につけていきましょう。

慣れない作業を長期間頑張ってくれてお疲れ様でした。
以後は安全で快適なPCライフを

悪代官
2017/04/24 (Mon) 21:00:09

返信フォームへ

お世話になりました

悪代官さん、お世話になりました。ペソネです。

今回の案件が無事に片付き、久しぶりにホッとしています。
こうやってPCに何事もなく終われたのも、
私の問題に二週間もの間真摯にお付き合いしてくださった、悪代官さんのおかげです。
これからは、毎日セキュリティ関係の掲示板やサイトをチェックして自衛に努めたいと思います。

悪代官さんには感謝してもしきれません。重ね重ねありがとうございました。

ペソネ
2017/04/24 (Mon) 22:29:11

返信フォームへ

返信フォーム

Template by マシマロック