クリーンインストール後にルートキットの痕跡?
初めまして。

ネットサーフィン中にブラウザの挙動がおかしかったので(いつも見れているページが見られなくなる等)Malwarebytesでフルスキャンをかけたところ、Backdoor.Botが検出されました。その後、別PCで落としたRogue KillerやTDSSkiller等一通りのルートキット除去ソフトをセーフモードで検査してみましたが、Rogue KillerがSecurity task manをひとつ検出したぐらいで他は検出できませんでした。
ネット接続するとすぐにマルウェアをダウンロードされてしまうためクリーンインストールを行いました。ドライバやセキュリティーソフトをインストール、ネット接続前にルータをリセットし、Windows Updateを行いました。
その後、起動時に一瞬コマンドプロンプトが起動したあと消えるといった事が毎回起こります。MalwarebytesのAnti-Root kit DDAドライバが結構な頻度で有効にならないことやTDSSKillerがダウンロードに失敗する等ルートキットを除去しきれていないような気がするためルートキットによるBIOSの書き換えを疑っています。
Malwarebytes(旧バージョン・新バージョン両方をセーフモードで)、avast、aviraでフルスキャンをかけたのですが何も検出されませんでした。(現在はavast freeと新Malwarebytes' Anti-Malwareを常駐させています)
Rogue KillerではC:\ProgramDate\Partnerが検出されましたので削除しました。
現在ルートキットを仕掛けられマルウェアに汚染されているのか当方では判断ができない為、ご相談に参りました。

長々と失礼しましたが、よろしくお願いいたします。

HijackThisログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:32:08, on 2017/12/29
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Redfish23\Desktop\デスクトップ\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID サインイン ヘルパー - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7755 bytes

CCleanerログ

Adobe Flash Player 28 NPAPI Adobe Systems Incorporated 2017/12/28 19.8 MB 28.0.0.126
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2017/12/28 26.2 MB 8.0.877.0
AMD System Monitor Advanced Micro Devices, Inc. 2017/12/28 1.48 MB 1.0.8
ASUS Live Update ASUS 2017/12/27 3.98 MB 3.0.8
ASUS Power4Gear Hybrid ASUS 2017/12/27 15.7 MB 1.1.50
ASUS Sonic Focus Synopsys 2017/12/27 4.47 MB 1.0.0.5
ASUS Splendid Video Enhancement Technology ASUS 2017/12/27 20.7 MB 1.02.0036
ASUS USB Charger Plus ASUS 2017/12/27 6.50 MB 2.0.5
ASUS Virtual Camera asus 2017/12/27 3.12 MB 1.0.24
ATK Package ASUS 2017/12/27 12.0 MB 1.0.0014
Avast Free Antivirus AVAST Software 2017/12/27 17.9.2322
BUFFALO エアステーション設定ガイド 2017/12/27
BUFFALO エアステーション設定ツール BUFFALO INC. 2017/12/27 2.84 MB 2.0.5
BUFFALO パソコン環境表示ツール BUFFALO INC. 2017/12/27 1.0.3
CCleaner Piriform 2017/12/29 5.38
ETDWare PS/2-X64 8.0.5.1_WHQL ELAN Microelectronic Corp. 2017/12/27 8.0.5.1
Fast Boot ASUS 2017/12/27 1.46 MB 1.0.10
Malwarebytes バージョン 3.3.1.2183 Malwarebytes 2017/12/29 186 MB 3.3.1.2183
Microsoft .NET Framework 4.7 Microsoft Corporation 2017/12/28 38.8 MB 4.7.02053
Microsoft Silverlight Microsoft Corporation 2017/12/27 20.4 MB 4.0.50401.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2017/12/27 1.69 MB 3.1.0000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2017/12/27 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2017/12/27 596 KB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2017/12/27 13.6 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2017/12/27 11.0 MB 10.0.30319
Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 2017/12/27 9.2
Realtek Ethernet Controller Driver Realtek 2017/12/27 7.43.321.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/12/27 6.0.1.6482
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 2017/12/27 6.1.7600.30127
TCPEye 1.0 Free Software Relase 2017/12/28 3.86 MB
Waterfox 56.0.1 (x64 en-US) Waterfox Ltd 2017/12/28 191 MB 56.0.1
Windows Live Essentials Microsoft Corporation 2017/12/27 15.4.3538.0513
WinFlash ASUS 2017/12/27 856 KB 2.32.0
Wireless Console 3 ASUS 2017/12/27 9.11 MB 3.0.24
バッファロー らくらくアップデートツール Buffalo Inc. 2017/12/27 11.0 MB 1.12
  • 山猫
  • 2017/12/29 (Fri) 14:43:52
Re: クリーンインストール後にルートキットの痕跡?
BIOSの書き換えがされてるかどうかは
我々をふくめ一般的には判断できません。

それを調べたいのであればメーカーに依頼して頂いたほうが良いでしょう。
ただ、素直に基盤交換したほうが費用も期間もかからないような気もします。


つぎにルートキットに感染していたとするならどっちみちリカバリが必要なので、
感染を疑うならそのままリカバリしてもらったほうが良いです。


リカバリのやりかたが不適切だった可能性もあります。
オフラインでリカバリして、SP1も事前にCDなどに用意して適用後に
ネットにつないでupdateするようにしたほうが良いでしょう。


>Windows Live Essentials Microsoft Corporation 2017/12/27 15.4.3538.0513
これはもうサポート終了してるので使用しないでください。
  • 掃除屋
  • 2017/12/29 (Fri) 18:52:20
Re: クリーンインストール後にルートキットの痕跡?
掃除屋さん

ご返信、ありがとうございます。

>リカバリのやりかたが不適切だった可能性もあります。
オフラインでリカバリして、SP1も事前にCDなどに用意して適用後に
ネットにつないでupdateするようにしたほうが良いでしょう。

リカバリはWindows 7 Home Premium Service Pack 1のインストールディスクをオフラインで使いクリーンインストールしました。
実はルートキット感染後に2度クリーンインストールしていまして、最初のリカバリ後にMBAMのアンチルートキットドライバ起動エラーが結構な頻度で起きていたのでもう一度リカバリしました。今回は一度もMBAMのドライバ起動エラーは起きていませんが他の症状(起動時に一瞬コマンドプロンプトが起動したあと消える等)はおきています。
こちらの説明が足りず失礼しました。

>Windows Live Essentials Microsoft Corporation 2017/12/27 15.4.3538.0513
これはもうサポート終了してるので使用しないでください。

アンインストールさせていただきました。
  • 山猫
  • 2017/12/29 (Fri) 19:53:37
Re: クリーンインストール後にルートキットの痕跡?
>起動時に一瞬コマンドプロンプトが起動したあと消える
別にマルウエアだけがこういった挙動をするわけではないのです。
正規のものでもこういったものがありますので、それだけでは判断できません。


適切なリカバリをされたという事であれば
インストールしたセキュリティソフトでのスキャン結果で
判断されたらいいんじゃないでしょうか。



>アンインストールさせていただきました。
ログでの確認事項がありますので、ログを再度おねがいします。
  • 掃除屋
  • 2017/12/29 (Fri) 20:34:28
Re: クリーンインストール後にルートキットの痕跡?
掃除屋さん

ご返信、ありがとうございます。

以下新しいCCleanerのログです。

Adobe Flash Player 28 NPAPI Adobe Systems Incorporated 2017/12/28 19.8 MB 28.0.0.126
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2017/12/28 26.2 MB 8.0.877.0
AMD System Monitor Advanced Micro Devices, Inc. 2017/12/28 1.48 MB 1.0.8
ASUS Live Update ASUS 2017/12/27 3.98 MB 3.0.8
ASUS Power4Gear Hybrid ASUS 2017/12/27 15.7 MB 1.1.50
ASUS Sonic Focus Synopsys 2017/12/27 4.47 MB 1.0.0.5
ASUS Splendid Video Enhancement Technology ASUS 2017/12/27 20.7 MB 1.02.0036
ASUS USB Charger Plus ASUS 2017/12/27 6.50 MB 2.0.5
ASUS Virtual Camera asus 2017/12/27 3.12 MB 1.0.24
ATK Package ASUS 2017/12/27 12.0 MB 1.0.0014
Avast Free Antivirus AVAST Software 2017/12/27 17.9.2322
BUFFALO エアステーション設定ガイド 2017/12/27
BUFFALO エアステーション設定ツール BUFFALO INC. 2017/12/27 2.84 MB 2.0.5
BUFFALO パソコン環境表示ツール BUFFALO INC. 2017/12/27 1.0.3
CCleaner Piriform 2017/12/29 5.38
ETDWare PS/2-X64 8.0.5.1_WHQL ELAN Microelectronic Corp. 2017/12/27 8.0.5.1
Fast Boot ASUS 2017/12/27 1.46 MB 1.0.10
Malwarebytes バージョン 3.3.1.2183 Malwarebytes 2017/12/29 186 MB 3.3.1.2183
Microsoft .NET Framework 4.7 Microsoft Corporation 2017/12/28 38.8 MB 4.7.02053
Microsoft Silverlight Microsoft Corporation 2017/12/27 20.4 MB 4.0.50401.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2017/12/27 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2017/12/27 596 KB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2017/12/27 13.6 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2017/12/27 11.0 MB 10.0.30319
Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 2017/12/27 9.2
Realtek Ethernet Controller Driver Realtek 2017/12/27 7.43.321.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/12/27 6.0.1.6482
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 2017/12/27 6.1.7600.30127
TCPEye 1.0 Free Software Relase 2017/12/28 3.86 MB
Waterfox 56.0.1 (x64 en-US) Waterfox Ltd 2017/12/28 191 MB 56.0.1
WinFlash ASUS 2017/12/27 856 KB 2.32.0
Wireless Console 3 ASUS 2017/12/27 9.11 MB 3.0.24
バッファロー らくらくアップデートツール Buffalo Inc. 2017/12/27 11.0 MB 1.12

以下新しいHJTのログです。

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:40:27, on 2017/12/29
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\TCPEye\TCPEye.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Redfish23\Desktop\デスクトップ\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6815 bytes

では、よろしくお願いいたします。
  • 山猫
  • 2017/12/29 (Fri) 20:51:13
感染を恐れるあまり疑心暗鬼にとらわれないよう
こんばんは。
ここの管理人の悪代官です。
夜8時45分頃に成敗されるのが嫌なので、日アサ8時45分頃のスマイルな美少女戦隊にお仕置きされてます。
♪逝こう 遺影 遺影 遺影!(謎

掃除屋さん、フォローありがとうございます。

山猫さん、説明とログも見せてもらいました。

掃除屋さんもレスされてますが、BIOSについては自分でもここで解析や処置できるものでもないのでそのあたりはご了承ください。

次に、MalwareBytes(MBAM)はともかく、Rogue KillerやTDSSkillerなどのツールもいろいろ使ったようですが、かなり不安がられているようですね。

セキュリティ意識を持つのはいいことですが、感染受けてないかを恐れるあまりセキュリティツールを多数投入するのは控えたほうがいいかもしれません。

疑心暗鬼にとらわれて、ネット上に多数転がる「高性能を謳う聞きなれない偽セキュリティツール」に手を出した挙句その偽ツールの虚偽警告に乗せられて効果も薄い有償アプリを購入させられて傷口を広げてしまった方は今まで幾人も見てきました。

Rogue Killerでも高性能との評価はありますが同時に過剰反応による誤検出も結構出ます。
過剰反応で検出されたものを実際はWindowsの正規ファイルと知らず慌てて削除したら、セキュリティ以前にWindowsがまともに動かなくなる危険も起きます。

>C:\ProgramDate\Partner

これがGoogle製のアプリのエントリなのもご存知ですか?
状況にもよりますが危険なものの疑いは薄いでしょう。

現在までの2つのログを見た範囲では感染受けた恐れはなさそうですが、まだ断定はできませんので、ひとつずつ慎重に調べましょう。
全部片付くまでにはどうしてもそれなりの手間はかかるので、焦らなくていいですから腰を据えてひとつずつ進めてください。

『お覚悟はよろしくて?』(←それ悪代官側のセリフじゃないから

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」(通称:GU)
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
https://www.piriform.com/ccleaner/builds
最新バージョンの「ポータブル版」(Portable)をダウンロード後、解凍して起動してください。
片付けるときはそのフォルダを削除すればいいです。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

最初にWindowsUpdateの確認して、必要な更新があればそれを全部更新してください。
ですがそこで更新ができないようならこの後に説明する作業はせずに更新失敗の旨をレスで教えてください。
WUが正常にできなくすることで、感染の解析処置を阻害してくる危険なマルウェアが激増しているためです。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

なお、Windows10への更新はユーザー自身がよほど必要でなければ非推奨です。
http://www.japan-secure.com/entry/Windows_Update_7.html
http://www.japan-secure.com/entry/how_to_suppress_the_free_upgrade_of_Windows_10.html

まずWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

スタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとCCの各ログを返信に貼り付けてレスで見せてください。
このログで怪しいものが見つかるかどうかが最初の鍵になるかもしれません
  • 悪代官
  • 2017/12/29 (Fri) 21:22:01
Re: クリーンインストール後にルートキットの痕跡?
Windows Live Essentialsのアンインストールについては
きちんと削除されているようです。
  • 掃除屋
  • 2017/12/29 (Fri) 21:58:43
Re: クリーンインストール後にルートキットの痕跡?
悪代官さん

ご返信いただきありがとうございます。

指示された作業をすべて終えました。

以下↓CCの各ログです。

「Windows」タブログ

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run AMD AVT Microsoft Corporation Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
有効 HKLM:Run ATKMEDIA ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
有効 HKLM:Run ATKOSD2 ASUS C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
有効 HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run HControlUser ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
有効 HKLM:Run RtHDVBg Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
無効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SonicMasterTray Virage Logic Corporation / Sonic Focus C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
有効 HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
有効 HKLM:Run Wireless Console 3 ASUS C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

「スケジュールされたタスク」タブログ

有効 Task ACMON ASUS C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
無効 Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
有効 Task ASUS P4G ASUS C:\Program Files\ASUS\P4G\BatteryLife.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task USBChargerPlus ASUSTek Computer Inc. C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

「コンテキストメニュー」タブログ

有効 File 00asw AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

「InternetExplorer」タブログ

有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
有効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
有効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

ひとつ質問があるのですが、スケジュールされたタスクタブに上級モードと有りチェックをいれるといれる前より多く表示されますが、チェックはいれなくて良いのでしょうか?

では、よろしくお願いいたします。

  • 山猫
  • 2017/12/29 (Fri) 22:10:39
Re: クリーンインストール後にルートキットの痕跡?
掃除屋さん

アンインストール確認していただき、ありがとうございます。
  • 山猫
  • 2017/12/29 (Fri) 22:19:33
SteadyVideo無効後、2ツールで作業です
作業と報告、ご苦労様です。
続きのログも見せてもらいました。

掃除屋さん、今度もフォローありがとうございます。

>スケジュールされたタスクタブに上級モードと有りチェックをいれるといれる前より多く表示されますが、チェックはいれなくて良いのでしょうか?

はい、ここで解析する中では上級モードは使わなくていいです。
そのモードは詳細な内容を見ることが可能ですが、多くの場合上級モードでの解析は必要ないことが多いので。

さて、見せてもらったログでは特に怪しいモノは見えないようですが、IEタブの下記をちょっと確認です。

>有効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
>有効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

この2つはご自身で必要としてお使いでしょうか?
AMDが入っているPCなら最初から入っていたかと思いますが、特に必要でなければCCのIEタブ画面で該当エントリを選択して「無効」にしておいてください。
必要としてお使いならそれでいいですが、その場合でも確認のためにいったん無効化してください。

無効化したらそこでブラウザを起動してしばらく様子見のあと、次の作業です。

以下のアプリを準備してください。
既にお使いのはずですが、状態の解析を兼ねて使ってもらいます。

「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://www.japan-secure.com/entry/blog-entry-7.html

以下のURLからMBAMの旧バージョンをダウンロードしてください。
https://filehippo.com/jp/download_malwarebytes_anti_malware/14815/
ファイル直リンです。保存しておいてください。
作業終了後はPCをセーフモード状態で、GUを使ってアンインストールすればいいですが、うまくできないときはセーフモード状態でスタートメニューのMBAM項目で「アンインストール」選択しても削除可能です。

注)インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。
アップデートできたらスキャンはせず、ここでMABMは終了してください。

両ツールのアップデートまでできたらPCをセーフモードで再起動してから、ディスククリーンアップを使ってゴミファイルの掃除してください。
ただしここでは普通のセーフモードではなく、「セーフモードとネットワーク」を選んで起動してください。

クリーンアップが済んだらセーフモードのまま、ACを起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

続いて再度セーフモードにして、今度はMBAMでスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」してください。
対象ドライブはCを含めて全ドライブを選択してください。

スキャン対象は全ドライブを選択(チェック)してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとMBAMとACのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。

もし両ツールを使う前のSteadyVideo無効化の時点で何か状態変化があれば、そのことも教えてください。
それらを見てから続きの対処にかかりましょう
  • 悪代官
  • 2017/12/30 (Sat) 21:06:58
Re: クリーンインストール後にルートキットの痕跡?
悪代官様。

ご返信いただきありがとうございます。

指示された作業をすべて終えました。

以下↓MBAMのログです。

Malwarebytes Anti-Malware (試用) 1.75.0.1300
www.malwarebytes.org

定義バージョン: v2017.12.30.03

Windows 7 Service Pack 1 x64 NTFS (セーフモード)
Internet Explorer 11.0.9600.18860
Redfish23 :: REDFISH23-PC [管理者]

リアルタイム保護: 無効

2017/12/30 22:49:17
mbam-log-2017-12-30 (22-49-17).txt

スキャンタイプ: フルスキャン (C:\|D:\|)
有効なスキャン領域: メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン  | ヒューリスティック/Shuriken エンジンを使用してスキャン  | 不審なプログラム (PUP) | 不審な変更 (PUM) | ピア・ツー・ピアプログラム(P2P)
無効なスキャン領域:
スキャンしたアイテム数: 336006
経過時間: 26 分, 15 秒

メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)

メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリキーの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリ値の検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリデータ項目の検出: 0
(悪意のあるアイテムは検出されていません。)

フォルダの検出: 0
(悪意のあるアイテムは検出されていません。)

ファイルの検出: 0
(悪意のあるアイテムは検出されていません。)

(終)

以下↓ACのログです。

# AdwCleaner 7.0.6.0 - Logfile created on Sat Dec 30 13:42:10 2017
# Updated on 2017/21/12 by Malwarebytes
# Database: 12-29-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [952 B] - [2017/12/30 13:35:25]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

では、よろしくお願いいたします。
  • 山猫
  • 2017/12/30 (Sat) 23:50:39
Re: クリーンインストール後にルートキットの痕跡?
追記です。
SteadyVideo無効化の時点で状態変化はありませんでした。
  • 山猫
  • 2017/12/31 (Sun) 07:49:25
RKのログを見ましょう
作業と報告、ご苦労様です。
両ツールのログを見せてもらいましたが、どちらも検出はありませんね。
では両ツールは準備時の説明に沿って片付けてください。

>SteadyVideo無効化の時点で状態変化はありませんでした。

はい、それも必要でなければそのまま無効化しておいていいでしょう。
ネット使用時にどこかのサイトで画像動画を表示できないことでもあれば有効に戻して確認すればいいです。

ここでの解析結果ではやはり感染の可能性は見えませんね。
先にご自身で使ったRogue KillerでPartnerが検出された件を見てみましょうか。
その時のスキャンログが残っていればレスに貼って見せてください。

該当のログが残ってなければ新たにRogue Killerでスキャンして、その結果ログを見せてください。

RKでスキャンしてしばらく待ってスキャン終了したら結果画面の左下の「Open Report」を押すとログ保存画面になりますから、「Open TXT」を選択するとログがメモ帳で開きます。
そのログをデスクトップ上に保存してからRKも終了し、そのあとログの内容を返信にコピペしてレスください
  • 悪代官
  • 2017/12/31 (Sun) 17:39:03
Re: クリーンインストール後にルートキットの痕跡?
悪代官様。

ご返信いただきありがとうございます。

以下↓RKのPartner検出時ログです。
※注:この時Administratorアカウントを有効にしていたので、ユーザー名はAdministratorになっています。

RogueKiller V12.11.30.0 (x64) [Dec 26 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Users\Administrator\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 12/28/2017 09:30:19 (Duration : 00:14:29)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Partner -> Found
[PUP.Gen1][Folder] C:\ProgramData\Partner -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] 0c26romo.default : user_pref("browser.startup.homepage", "http://www.tnc.ne.jp/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541515A9E630 ATA Device +++++
--- User ---
[MBR] 173f186f94339716ad4b55298d7c7f3a
[BSP] 1981d1ddda6913460f699c7c946b0136 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1225698 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2510436352 | Size: 204999 MB [Error reading VBR! ([83] ???????????????? ????????????????? )]
User != LL1 ... KO!
--- LL1 ---
[MBR] 173f186f94339716ad4b55298d7c7f3a
[BSP] 1981d1ddda6913460f699c7c946b0136 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1225698 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2510436352 | Size: 204999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] 173f186f94339716ad4b55298d7c7f3a
[BSP] 1981d1ddda6913460f699c7c946b0136 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1225698 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2510436352 | Size: 204999 MB[Invalid]

また、aswMBRのレジストリキーの検出時(当方では誤検出と判断しました)のログも併せて貼らせていただきます。

RogueKiller V12.11.30.0 (x64) [Dec 26 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Redfish23 [Administrator]
Started from : C:\Users\Redfish23\Desktop\??????\RogueKiller_portable64.exe
Mode : Scan -- Date : 12/28/2017 22:48:41 (Duration : 00:36:14)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\REDFIS~1\AppData\Local\Temp\aswMBR.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541515A9E630 ATA Device +++++
--- User ---
[MBR] 173f186f94339716ad4b55298d7c7f3a
[BSP] 1981d1ddda6913460f699c7c946b0136 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1225698 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2510436352 | Size: 204999 MB [Error reading VBR! ([83] ???????????????? ????????????????? )]
User != LL1 ... KO!
--- LL1 ---
[MBR] 173f186f94339716ad4b55298d7c7f3a
[BSP] 1981d1ddda6913460f699c7c946b0136 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1225698 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2510436352 | Size: 204999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] 173f186f94339716ad4b55298d7c7f3a
[BSP] 1981d1ddda6913460f699c7c946b0136 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1225698 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2510436352 | Size: 204999 MB[Invalid]

では、よろしくお願いいたします。

皆様、よいお年を。
  • 山猫
  • 2017/12/31 (Sun) 18:39:18
今度はSASでスキャンしてください
レスが遅くなってすみません。
こうやって敵を焦らしてから隙を突いて倒すのが悪代官の策略です(←いったい何と戦ってるんだ

RKのログも見せてもらいました。
やはり検出されたのはGoogleのエントリですね。

気になるならRK上からそれを削除してもいいですが、今後またGoogleのアプリやサービスを利用すると再度入る可能性もあるのでそれは認識しておいてください。

各社のセキュリティソフトは高性能になればなるほど過剰反応による誤検出も高まります。
検出されたものをあわててすぐ削除する前に、それが本当に脅威か誤検出かの見極めはユーザー自身が判断することになります。

aswMBRのログも見せてもらいましたが、そちらも気にすることはないでしょう。

RKもaswMBRも「ルートキット」と称される類のマルウェアに効果を期待できるツールですが、同時に過剰反応も増えます。
自分の環境で検証した時も正規のファイル、エントリを多数検出していました。
何も考えず検出されたものをすぐに隔離削除してたらPCの動作に支障出ていたのは明らかでした。

対ルートキットツールは使い方を誤れば深刻なダメージにも直結する「諸刃の剣」であることを認識してください。
これは対ルートキットツールに限らずセキュリティソフト全般に共通します。

では案内もかねて別のツールで解析しますか。

今度は以下のツールを準備して、基本操作を見ておいてください。
「SuperAntiSpyware」(以下SAS)

https://www.gigafree.net/security/superantispyware.html

ここで使うのはポータブル版でいいです。ポータブル版は片付ける時はそのフォルダごと削除すればいいです。

準備できたらSASを起動して定義更新してください。
使いにくければ日本語化してもいいですが、日本語化しなくても特に難しい操作は必要ありませんので英語表示のままでもいいです。

定義も更新したらそのままSASでスキャンしてください。
「scan this computer」(このコンピューターをスキャン)から「complete scan」(完全なスキャン」選択してスキャン開始です。

しばらく待ってスキャン終了したら結果が出るので、そこで画面下の「view scan logs」を押すとSASログが表示されるので、そのログをデスクトップ上に保存した後、そのログ内容をレスで見せてください。
SASで検出されたものは何も処置しないままSAS終了していいです。
危険なモノが見つかったら次回それも対処指示します。

このSAS作業は確認程度が目的なので急がなくていいです。
紅白でも見ながらのんびりしつつ良いお年を
  • 悪代官
  • 2017/12/31 (Sun) 21:49:30
Re: クリーンインストール後にルートキットの痕跡?
悪代官様。

ご返信いただきありがとうございます。

SASなんですが、リンク先のSASポータブル版のダウンロードリンクをクリックしてもインストーラーしかダウンロードできませんでしたのでインストールしました。

以下↓SASのログです。

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/31/2017 at 11:07 PM

Application Version : 6.0.1250
Database Version : 14262

Scan type : Complete Scan
Total Scan Time : 00:09:14

オペレーションシステムの情報
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 781
Memory items detected : 0
Registry items scanned : 60431
Registry items detected : 0
File items scanned : 16916
File items detected : 0

============
End of Log
============

では、よろしくお願いいたします。

今度こそ本当に皆様、よいお年を。
  • 山猫
  • 2017/12/31 (Sun) 23:17:14
結論としては感染はないと見てよさそうです
新年あけましておめでとうございます。

作業と報告、ご苦労様です。
SASのログを見せてもらいました。
ポータブル版がDL出来なかったようで、通常版を使われたならそれでもいいです。
SASでの検出はなかったようですね。

SASは元々はMBAMと並ぶほど高性能なツールで、MBAMで検出処置できなかったモノでも処置できたこともあり、逆にSASが取りこぼしたモノをMBAMが処置したこともあるので、両ツールを併用することで解析処置の成功率が高まりました。
ですが数年前、SASは別のベンダーに買収されて以降どういうわけかMBAMにどんどん水をあけられるほど性能が伸び悩んでしまいました。

そのSASがここ2年程の間にまた精度が高まってきたようで、まだMBAMに完全に追いついてはいないものの疑わしいプログラム類の検出処置率も上がってきました。
なので今回山猫さんにもSASでのスキャンを試してもらったのですが、検出がないならそれに越したこともありません。
ただSASは欠点というほどではありませんが、PC内のcookieに対する検出が他のセキュリティソフトよりも格段に高く、さほど危険性の薄いcookieでもことごとく検出してしまうので、これで検出した結果を全部慌てて隔離削除すると余計な手間が増えることもあるのです。
まあ今回はそのcookieもほとんど検出なかったのでいいでしょう。
SASはセーフモードでGUを使ってアンインストールしていいです。

ここまでの解析と作業を踏まえて総括すると、山猫さんのPCに危険な感染受けた可能性はまずないと見ていいでしょう。
先のMBAMとACのスキャンだけでも、当掲示板に来られる相談者さんがたのPCでは低レベルでもいくらかの検出あるものですが、それもほとんどなかったなら被害のおそれもごくごく低いです。

問題があったとすればやはりRKやTDSSKillerなど、高性能すぎて誤検出もある特殊なツールの性質を十分把握しないまま使ったためその結果を判断できず不安に陥ったことですね。

「過ぎたるは及ばざるが如し」という諺があるように、優れた能力を持つものでも無駄に多用が過ぎると本来の能力を損ねてしまいます。

特にSymantec社のノートンパワーイレイサー(NPE)などは強力過ぎて誤検出によりWindows正規のシステムまで誤検出しかねない危険を案内したうえで、使うなら完全にユーザーの自己責任で判断するようベンダー自身が警告しているほどです。
セキュリティソフトは必須ですがセキュリティソフトを多数入れれば防御力が高まるものではないので、各ツールの設定と操作をつかむことをまず目指してください。

それでは現在異常は出てないと思いますが、PCの全体状態を見直しましょう。
またHJTログと、CCでインストール情報と各タブのログを取り直して、それらをレスで見せてください。
もしや何か取りこぼしか、処置後に新たに入り込んだモノでもないかを洗い直しましょう
  • 悪代官
  • 2018/01/01 (Mon) 20:53:11
Re: 結論としては感染はないと見てよさそうです
あけましておめでとうございます。
本年もよろしくお願いいたします。

たしかに恐れるばかりに過剰に強力なツールを使用しすぎていたのかもしれません。
起動時に現れては消えるコマンドプロンプトはインストールしたドライバのどれかによるものだと今では思います。

以下↓HJTのログです。

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:01:12, on 2018/01/01
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\TCPEye\TCPEye.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Redfish23\Desktop\デスクトップ\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7154 bytes

以下↓CCの各ログです。

インストール情報ログ

Adobe Flash Player 28 NPAPI Adobe Systems Incorporated 2017/12/28 19.8 MB 28.0.0.126
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2017/12/28 26.2 MB 8.0.877.0
AMD System Monitor Advanced Micro Devices, Inc. 2017/12/28 1.48 MB 1.0.8
ASUS Live Update ASUS 2017/12/27 3.98 MB 3.0.8
ASUS Power4Gear Hybrid ASUS 2017/12/27 15.7 MB 1.1.50
ASUS Sonic Focus Synopsys 2017/12/27 4.47 MB 1.0.0.5
ASUS Splendid Video Enhancement Technology ASUS 2017/12/27 20.7 MB 1.02.0036
ASUS USB Charger Plus ASUS 2017/12/27 6.50 MB 2.0.5
ASUS Virtual Camera asus 2017/12/27 3.12 MB 1.0.24
ATK Package ASUS 2017/12/27 12.0 MB 1.0.0014
Avast Free Antivirus AVAST Software 2017/12/27 17.9.2322
BUFFALO エアステーション設定ガイド 2017/12/27
BUFFALO エアステーション設定ツール BUFFALO INC. 2017/12/27 2.84 MB 2.0.5
BUFFALO パソコン環境表示ツール BUFFALO INC. 2017/12/27 1.0.3
CCleaner Piriform 2017/12/29 5.38
ETDWare PS/2-X64 8.0.5.1_WHQL ELAN Microelectronic Corp. 2017/12/27 8.0.5.1
Fast Boot ASUS 2017/12/27 1.46 MB 1.0.10
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2017/12/30 19.2 MB 1.75.0.1300
Microsoft .NET Framework 4.7 Microsoft Corporation 2017/12/28 38.8 MB 4.7.02053
Microsoft Silverlight Microsoft Corporation 2017/12/27 20.4 MB 4.0.50401.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2017/12/27 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2017/12/27 596 KB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2017/12/27 13.6 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2017/12/27 11.0 MB 10.0.30319
Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 2017/12/27 9.2
Realtek Ethernet Controller Driver Realtek 2017/12/27 7.43.321.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/12/27 6.0.1.6482
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 2017/12/27 6.1.7600.30127
SUPERAntiSpyware SUPERAntiSpyware.com 2017/12/31 78.1 MB 6.0.1250
TCPEye 1.0 Free Software Relase 2017/12/28 3.86 MB
Waterfox 56.0.1 (x64 en-US) Waterfox Ltd 2017/12/28 191 MB 56.0.1
WinFlash ASUS 2017/12/27 856 KB 2.32.0
Wireless Console 3 ASUS 2017/12/27 9.11 MB 3.0.24
バッファロー らくらくアップデートツール Buffalo Inc. 2017/12/27 11.0 MB 1.12

スタートアップ「Windows」タブログ

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
有効 HKLM:Run AMD AVT Microsoft Corporation Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
有効 HKLM:Run ATKMEDIA ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
有効 HKLM:Run ATKOSD2 ASUS C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
有効 HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run HControlUser ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
有効 HKLM:Run RtHDVBg Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
無効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SonicMasterTray Virage Logic Corporation / Sonic Focus C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
有効 HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
有効 HKLM:Run Wireless Console 3 ASUS C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

スタートアップ「スケジュールされたタスク」タブログ

有効 Task ACMON ASUS C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
無効 Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
有効 Task ASUS P4G ASUS C:\Program Files\ASUS\P4G\BatteryLife.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task USBChargerPlus ASUSTek Computer Inc. C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

スタートアップ「コンテキストメニュー」タブログ

有効 File 00asw AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 Folder MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

「InternetExplorer」タブログ

有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
無効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
無効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

では、よろしくお願いいたします。
  • 山猫
  • 2018/01/01 (Mon) 21:28:24
AMDエントリを無効化しましょう
作業と報告、ご苦労様です。

現在の各ログを見せてもらいました。
SASはまだ入ってますが、これもそのまま継続使用されますか?
これもうまく使えば有用なツールなので、使用するなら判断はお任せします。

次にCCを起動して「Windows」タブで下記を選択して「無効」にしてください。
>有効 HKLM:Run AMD AVT Microsoft Corporation Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

これもAMDのエントリですが、これがコマンドプロンプトに絡んでいたようなのでとりあえず無効化しましょう。

無効化したら一度PC再起動後、またしばらく様子見して、コマンドプロンプトが現れるかどうかの確認後、その状態報告を教えてもらえますか
  • 悪代官
  • 2018/01/02 (Tue) 21:20:12
Re: AMDエントリを無効化しましょう
悪代官様。

ご返信いただきありがとうございます。

SASは今後使用する予定はない為、セーフモードにてGUでアンインストールしました。
また、指定のAMDエントリを無効にしたところ、コマンドプロンプトは現れなくなりました。
  • 山猫
  • 2018/01/02 (Tue) 22:14:54
SAS残骸の確認も
今夜もレスが遅くなりました。
まあ人生が手遅れなのでこれが芸風と思って生暖かく見守ってください(謎

>SASは今後使用する予定はない為、セーフモードにてGUでアンインストールしました。

はい、SASは削除しましたか。ではそこはいいとして

>また、指定のAMDエントリを無効にしたところ、コマンドプロンプトは現れなくなりました。

やはりですね。ログでも見えてましたがAMDのエントリなので先の時点ではいじらなかったのですが、無効化して正解でした。
ではそのエントリはそのまま無効化しておいていいでしょう。
今後山猫さんが必要なことがあったらその時にCC上から有効に戻せばいいですが、たぶん必要な局面はないかと思います。
AMDはなんだかよくない評価が増えてきているようですがいったいどこへ向かおうとしてるのやら…

では削除したSASの残がいが残ってないか確認もしましょう。

CCの「Windows」タブを見て、その中に下記エントリがまだ残ってないか確認してください。
>有効 HKCU:Run SUPERAntiSpyware SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

SASは普通にアンインストールしたあとでも中途半端に残って、Windowsの自動起動のこの部分に貼りつくことがあります。
なのでもしここにSASの上記エントリが残っていればそこも「無効」にしてから続けて「エントリの削除」すればいいです。
「無効」状態で残っていても同様に「エントリの削除」していいです。
「Windows」タブ内から上記エントリが消えていれば問題ないです。

この確認作業ができたらその結果をまたレスで教えてください
  • 悪代官
  • 2018/01/03 (Wed) 21:22:42
Re: SAS残骸の確認も
悪代官様。

ご返信いただきありがとうございます。

SASのエントリはCCのWindowsタブにはなかったので完全に削除できていると思います。
  • 山猫
  • 2018/01/03 (Wed) 23:09:15
大詰めの解析しましょう
こんばんは。
SASのエントリは残ってなかったようですね。
アンインストールは成功したと見ていいでしょう。

では念押しに大詰めの解析もしますか。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。
ただし、Windows10をお使いの場合は本体ファイルをそのまま削除すればいいです。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで1万文字以内に分割して、複数回に分けてレス送信してください。
1万文字を越えた投稿はfc2の文字数制限で途切れてしまうためです。
http://www1.odn.ne.jp/megukuma/count.htm

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
  • 悪代官
  • 2018/01/04 (Thu) 20:37:24
OTLログ1です
悪代官様。

ご返信いただきありがとうございます。

以下↓OTLログです。

OTL logfile created on: 2018/01/04 21:26:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Redfish23\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.48 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 74.59% Memory free
14.95 Gb Paging File | 12.87 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.19 Gb Total Space | 141.02 Gb Free Space | 70.44% Space Free | Partition Type: NTFS
Drive D: | 1196.97 Gb Total Space | 1195.35 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: REDFISH23-PC | User Name: Redfish23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2018/01/04 21:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Redfish23\Desktop\OTL.exe
PRC - [2017/12/27 20:47:40 | 011,080,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2017/12/27 20:47:32 | 000,301,168 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/11/22 15:09:34 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/11/22 15:09:30 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011/10/14 18:04:40 | 000,504,488 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011/10/03 15:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/09/13 13:33:14 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011/07/21 15:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/10/07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/07/09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2017/12/27 20:47:45 | 067,109,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2017/12/27 20:47:35 | 000,289,272 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\tasks_core.dll
MOD - [2017/12/27 20:47:33 | 000,206,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2017/12/27 20:47:33 | 000,058,016 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\module_lifetime.dll
MOD - [2017/12/27 20:47:32 | 000,057,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\dll_loader.dll
MOD - [2017/12/27 20:47:15 | 000,282,560 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
MOD - [2011/11/22 15:09:30 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/09/13 13:33:14 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2017/12/27 20:47:32 | 000,301,168 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2017/12/27 20:47:17 | 007,538,536 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe -- (aswbIDSAgent)
SRV:[b]64bit:[/b] - [2017/11/14 12:20:46 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2016/08/23 01:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/06/05 13:55:50 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2012/06/05 13:46:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2011/03/03 16:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2017/12/28 15:12:23 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/04/21 14:53:36 | 000,107,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2018/01/04 17:36:53 | 000,028,272 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:[b]64bit:[/b] - [2017/12/28 11:32:27 | 000,485,512 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:49 | 000,358,672 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:49 | 000,204,456 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,457,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,185,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswArPot.sys -- (aswArPot)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,146,664 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,110,336 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,084,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,046,976 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:20 | 001,025,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:15 | 000,149,344 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswHdsKe.sys -- (aswHdsKe)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:13 | 000,343,768 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbloga.sys -- (aswblog)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:13 | 000,321,512 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys -- (aswbidsdriver)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:13 | 000,199,448 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbidsha.sys -- (aswbidsh)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:13 | 000,057,696 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbuniva.sys -- (aswbuniv)
DRV:[b]64bit:[/b] - [2016/04/01 02:31:20 | 000,104,976 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:[b]64bit:[/b] - [2012/06/05 14:33:38 | 010,242,560 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012/06/05 13:01:42 | 000,360,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/01/13 16:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2012/01/12 10:28:42 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012/01/12 10:28:42 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/12/03 07:06:04 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:[b]64bit:[/b] - [2011/12/03 07:06:00 | 000,565,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2011/10/25 23:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:[b]64bit:[/b] - [2011/10/25 23:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:[b]64bit:[/b] - [2011/10/14 18:04:40 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:[b]64bit:[/b] - [2011/10/03 23:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2011/09/23 18:59:08 | 000,290,600 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:[b]64bit:[/b] - [2011/03/21 21:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/01/18 17:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010/12/31 18:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2009/07/20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/14 18:04:40 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=MOCJ&bmod=MOCJ
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=MOCJ&bmod=MOCJ
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=MOCJ&bmod=MOCJ
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tnc.ne.jp/
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = F6 C1 90 9C 6B 81 D3 01 [binary data]
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 56.0.1\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 56.0.1\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS

[2017/12/29 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redfish23\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\らくらくアップデートツール.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:[b]64bit:[/b] - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.138.38.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE065A98-6AA8-485D-A85D-F440CF3986AC}: DhcpNameServer = 205.138.38.1
O18:[b]64bit:[/b] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:[b]64bit:[/b] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB} - .NET Framework
ActiveX:[b]64bit:[/b] {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB} - .NET Framework
ActiveX: {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2018/01/04 21:22:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Redfish23\Desktop\OTL.exe
[2018/01/04 18:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SWCUTemp
[2018/01/04 13:45:45 | 001,840,352 | ---- | C] (Malwarebytes ) -- C:\Users\Redfish23\Desktop\mbae-setup-1.11.1.48.exe
[2018/01/03 02:56:22 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\Desktop\ひま動
[2018/01/01 09:45:52 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Desktop\済み
[2017/12/31 22:55:54 | 000,000,000 | ---D | C] -- C:\Patcher
[2017/12/31 21:35:36 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\dwhelper
[2017/12/31 08:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2017/12/31 08:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\install_backup
[2017/12/31 08:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2017/12/30 22:14:07 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Malwarebytes
[2017/12/30 22:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2017/12/30 22:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/12/30 22:13:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/12/30 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2017/12/29 19:18:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2017/12/29 09:51:51 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Diagnostics
[2017/12/29 09:30:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/12/29 08:14:30 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Geek Uninstaller
[2017/12/29 07:45:55 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Programs
[2017/12/29 07:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/12/29 07:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2017/12/29 07:23:01 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Mozilla
[2017/12/28 21:05:47 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Waterfox
[2017/12/28 21:05:47 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Waterfox
[2017/12/28 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2017/12/28 20:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TCPEye
[2017/12/28 20:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TCPEye
[2017/12/28 19:58:05 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Macromedia
[2017/12/28 18:48:57 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Mozilla
[2017/12/28 18:24:18 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\CEF
[2017/12/28 18:24:18 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\AVAST Software
[2017/12/28 18:23:41 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2017/12/28 18:23:40 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\AMD
[2017/12/28 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\ATI
[2017/12/28 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\ATI
[2017/12/28 18:17:31 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Adobe
[2017/12/28 15:12:22 | 000,803,328 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/12/28 15:12:22 | 000,144,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/12/28 15:12:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2017/12/28 15:11:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2017/12/28 13:53:04 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2017/12/28 13:53:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2017/12/28 13:34:12 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2017/12/28 13:33:49 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2017/12/28 13:33:49 | 000,407,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\centel.dll
[2017/12/28 13:33:49 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2017/12/28 13:33:48 | 001,570,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2017/12/28 13:33:48 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2017/12/28 13:33:48 | 000,605,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2017/12/28 13:33:48 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2017/12/28 13:33:48 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2017/12/28 13:33:48 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2017/12/28 13:33:48 | 000,134,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2017/12/28 13:33:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2017/12/28 13:33:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2017/12/28 13:33:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2017/12/28 13:33:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2017/12/28 11:32:28 | 000,485,512 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2017/12/28 11:32:17 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2017/12/28 11:32:16 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2017/12/28 11:32:15 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll
[2017/12/28 11:32:13 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll
[2017/12/28 11:32:12 | 000,156,392 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2017/12/28 11:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2017/12/28 11:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2017/12/28 10:02:11 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\Desktop\デスクトップ
[2017/12/28 09:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2017/12/28 07:53:56 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2017/12/28 07:53:53 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2017/12/28 07:53:52 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2017/12/28 07:53:51 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2017/12/28 07:53:51 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2017/12/28 07:53:12 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2017/12/28 07:53:12 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2017/12/28 07:52:52 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2017/12/28 07:52:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2017/12/28 07:52:38 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2017/12/28 07:52:38 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2017/12/28 07:52:38 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2017/12/28 07:52:38 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2017/12/28 07:52:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2017/12/28 07:52:38 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2017/12/28 07:52:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2017/12/28 07:52:37 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2017/12/28 07:52:37 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2017/12/28 07:52:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2017/12/28 07:52:37 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2017/12/28 07:52:37 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2017/12/28 07:52:35 | 002,058,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2017/12/28 07:52:35 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2017/12/28 07:52:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2017/12/28 07:52:35 | 000,662,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2017/12/28 07:52:35 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2017/12/28 07:52:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2017/12/28 07:52:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2017/12/28 07:52:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2017/12/28 07:52:35 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2017/12/28 07:52:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2017/12/28 07:52:34 | 000,807,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2017/12/28 07:52:34 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2017/12/28 07:52:34 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2017/12/28 07:52:34 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2017/12/28 07:52:33 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2017/12/28 07:52:33 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2017/12/28 07:52:32 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2017/12/28 07:52:32 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2017/12/28 07:52:31 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2017/12/28 07:52:31 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2017/12/28 07:52:31 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2017/12/28 07:52:31 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2017/12/28 07:52:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2017/12/28 07:52:31 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2017/12/28 07:52:30 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2017/12/28 07:52:30 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2017/12/28 07:52:29 | 005,925,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2017/12/28 07:52:29 | 000,817,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2017/12/28 07:52:29 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2017/12/28 07:52:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2017/12/28 07:52:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2017/12/28 07:52:27 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2017/12/28 07:52:25 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2017/12/28 07:52:24 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2017/12/28 07:52:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2017/12/28 07:52:24 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2017/12/28 07:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
[2017/12/28 00:45:25 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2017/12/28 00:45:25 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2017/12/28 00:41:30 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2017/12/28 00:30:16 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2017/12/28 00:30:12 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2017/12/28 00:30:12 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2017/12/28 00:30:12 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2017/12/28 00:30:12 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2017/12/28 00:30:12 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2017/12/28 00:30:12 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2017/12/28 00:30:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2017/12/28 00:30:12 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2017/12/28 00:30:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2017/12/28 00:30:11 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2017/12/28 00:30:11 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2017/12/28 00:30:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2017/12/28 00:30:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2017/12/28 00:30:11 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2017/12/28 00:30:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2017/12/28 00:30:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2017/12/28 00:30:10 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2017/12/28 00:30:10 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2017/12/28 00:30:10 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2017/12/28 00:30:10 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2017/12/28 00:30:10 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2017/12/28 00:30:10 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2017/12/28 00:30:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2017/12/28 00:30:10 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2017/12/28 00:30:10 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2017/12/28 00:30:10 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2017/12/28 00:30:10 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2017/12/28 00:30:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2017/12/28 00:30:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2017/12/28 00:30:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2017/12/28 00:30:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2017/12/28 00:30:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2017/12/28 00:30:10 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2017/12/28 00:30:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2017/12/28 00:12:09 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2017/12/28 00:12:09 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2017/12/28 00:12:09 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2017/12/28 00:12:09 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2017/12/28 00:12:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/12/28 00:12:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/12/28 00:12:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/12/28 00:12:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/12/28 00:12:08 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2017/12/28 00:12:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2017/12/28 00:12:08 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2017/12/28 00:12:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2017/12/28 00:12:08 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2017/12/28 00:12:08 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2017/12/27 22:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2017/12/27 22:57:17 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2017/12/27 22:33:01 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2017/12/27 22:33:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2017/12/27 22:33:00 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2017/12/27 22:33:00 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2017/12/27 22:18:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2017/12/27 22:15:10 | 004,296,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_47.dll
[2017/12/27 22:15:10 | 003,550,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_47.dll
[2017/12/27 22:11:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2017/12/27 22:11:41 | 133,326,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MRT-KB890830.exe
[2017/12/27 22:06:21 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2017/12/27 22:06:21 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2017/12/27 22:06:21 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2017/12/27 22:06:21 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2017/12/27 22:06:20 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2017/12/27 22:06:20 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2017/12/27 22:06:03 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2017/12/27 22:06:03 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2017/12/27 22:02:13 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2017/12/27 22:02:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll
[2017/12/27 22:02:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll
[2017/12/27 22:02:01 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2017/12/27 22:02:01 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2017/12/27 22:02:00 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2017/12/27 22:02:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2017/12/27 22:01:59 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2017/12/27 22:01:59 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2017/12/27 22:01:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2017/12/27 22:01:57 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2017/12/27 22:01:54 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2017/12/27 22:01:53 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2017/12/27 22:01:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2017/12/27 22:01:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2017/12/27 22:01:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2017/12/27 22:01:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2017/12/27 22:01:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2017/12/27 22:01:33 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2017/12/27 22:01:33 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2017/12/27 22:01:32 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2017/12/27 22:01:32 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2017/12/27 22:01:09 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe
[2017/12/27 22:01:09 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2017/12/27 22:01:09 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2017/12/27 22:01:09 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2017/12/27 22:01:09 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2017/12/27 22:01:09 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe
[2017/12/27 22:01:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2017/12/27 22:01:09 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe
[2017/12/27 22:01:09 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2017/12/27 22:01:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe
[2017/12/27 22:01:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe
[2017/12/27 22:00:49 | 003,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2017/12/27 22:00:49 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2017/12/27 22:00:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2017/12/27 22:00:49 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2017/12/27 22:00:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2017/12/27 22:00:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2017/12/27 22:00:45 | 000,451,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2017/12/27 22:00:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2017/12/27 22:00:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tbs.dll
[2017/12/27 22:00:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tbs.dll
[2017/12/27 22:00:31 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basesrv.dll
[2017/12/27 22:00:06 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2017/12/27 22:00:06 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2017/12/27 22:00:06 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2017/12/27 22:00:06 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2017/12/27 22:00:06 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2017/12/27 22:00:06 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2017/12/27 22:00:06 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2017/12/27 22:00:06 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2017/12/27 22:00:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2017/12/27 22:00:06 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2017/12/27 22:00:06 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2017/12/27 22:00:05 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2017/12/27 22:00:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2017/12/27 22:00:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2017/12/27 22:00:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2017/12/27 22:00:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2017/12/27 22:00:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2017/12/27 21:59:35 | 002,543,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2017/12/27 21:59:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2017/12/27 21:59:33 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2017/12/27 21:59:33 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2017/12/27 21:59:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2017/12/27 21:59:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2017/12/27 21:59:22 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2017/12/27 21:59:22 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2017/12/27 21:59:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2017/12/27 21:59:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2017/12/27 21:59:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2017/12/27 21:59:17 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2017/12/27 21:59:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2017/12/27 21:59:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2017/12/27 21:58:59 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2017/12/27 21:58:59 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2017/12/27 21:58:59 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2017/12/27 21:58:59 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2017/12/27 21:58:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2017/12/27 21:58:58 | 014,635,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2017/12/27 21:58:57 | 011,410,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2017/12/27 21:58:56 | 003,165,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2017/12/27 21:58:56 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2017/12/27 21:58:56 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2017/12/27 21:58:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2017/12/27 21:58:56 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2017/12/27 21:58:55 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2017/12/27 21:58:54 | 005,547,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017/12/27 21:58:54 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2017/12/27 21:58:54 | 001,311
  • 山猫
  • 2018/01/04 (Thu) 21:51:33
OTLログ続きとExtrasログです
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2018/01/04 21:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Redfish23\Desktop\OTL.exe
[2018/01/04 20:03:39 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018/01/04 20:03:39 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018/01/04 18:22:14 | 183,506,510 | ---- | M] () -- C:\Users\Redfish23\Desktop\- video - Dailymotion.mp4
[2018/01/04 18:00:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018/01/04 18:00:49 | 1726,619,647 | -HS- | M] () -- C:\hiberfil.sys
[2018/01/04 17:36:53 | 000,028,272 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2018/01/04 13:45:46 | 001,840,352 | ---- | M] (Malwarebytes ) -- C:\Users\Redfish23\Desktop\mbae-setup-1.11.1.48.exe
[2018/01/02 22:01:34 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2018/01/02 09:02:11 | 001,310,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018/01/02 09:02:11 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018/01/02 09:02:11 | 000,410,672 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2018/01/02 09:02:11 | 000,121,686 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2018/01/02 09:02:11 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/12/30 22:13:40 | 000,001,137 | ---- | M] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2017/12/30 22:13:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/12/29 11:14:01 | 000,010,774 | ---- | M] () -- C:\Users\Redfish23\Documents\cc_20171229_111352.reg
[2017/12/29 09:46:59 | 000,001,228 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2017/12/29 08:36:26 | 000,004,478 | ---- | M] () -- C:\Users\Redfish23\Documents\cc_20171229_083608.reg
[2017/12/29 07:58:55 | 000,001,538 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2017/12/29 07:44:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/12/28 23:34:56 | 000,000,036 | ---- | M] () -- C:\Users\Redfish23\AppData\Local\housecall.guid.cache
[2017/12/28 21:05:40 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2017/12/28 20:00:51 | 000,000,947 | ---- | M] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\TCPEye.lnk
[2017/12/28 20:00:51 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\TCPEye.lnk
[2017/12/28 18:17:31 | 000,001,355 | ---- | M] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/12/28 16:20:52 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2017/12/28 16:18:07 | 000,267,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/12/28 15:12:22 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/12/28 15:12:22 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/12/28 13:49:06 | 001,290,842 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/12/28 12:27:43 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx
[2017/12/28 11:32:27 | 000,485,512 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2017/12/28 11:32:16 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2017/12/28 11:32:15 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2017/12/28 11:32:14 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll
[2017/12/28 11:32:12 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll
[2017/12/28 11:32:11 | 000,156,392 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2017/12/28 00:30:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2017/12/28 00:30:12 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2017/12/28 00:30:12 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2017/12/28 00:30:12 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2017/12/28 00:30:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2017/12/28 00:30:12 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2017/12/28 00:30:12 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2017/12/28 00:30:12 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2017/12/28 00:30:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2017/12/28 00:30:12 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2017/12/28 00:30:11 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2017/12/28 00:30:11 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2017/12/28 00:30:11 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2017/12/28 00:30:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2017/12/28 00:30:11 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2017/12/28 00:30:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2017/12/28 00:30:11 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2017/12/28 00:30:10 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2017/12/28 00:30:10 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2017/12/28 00:30:10 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2017/12/28 00:30:10 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2017/12/28 00:30:10 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2017/12/28 00:30:10 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2017/12/28 00:30:10 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2017/12/28 00:30:10 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2017/12/28 00:30:10 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2017/12/28 00:30:10 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2017/12/28 00:30:10 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2017/12/28 00:30:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2017/12/28 00:30:10 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2017/12/28 00:30:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2017/12/28 00:30:10 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2017/12/28 00:30:10 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2017/12/28 00:30:10 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2017/12/28 00:30:10 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2017/12/28 00:12:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2017/12/28 00:12:09 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2017/12/28 00:12:09 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2017/12/28 00:12:09 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2017/12/28 00:12:09 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/12/28 00:12:09 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/12/28 00:12:09 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/12/28 00:12:09 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/12/28 00:12:08 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2017/12/28 00:12:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2017/12/28 00:12:08 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2017/12/28 00:12:08 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2017/12/28 00:12:08 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2017/12/28 00:12:08 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2017/12/27 22:11:44 | 133,326,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MRT-KB890830.exe
[2017/12/27 20:48:17 | 000,045,704 | ---- | M] () -- C:\Windows\SysNative\drivers\staport.sys
[2017/12/27 20:47:49 | 000,358,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2017/12/27 20:47:49 | 000,204,456 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2017/12/27 20:47:48 | 000,457,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2017/12/27 20:47:48 | 000,365,680 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017/12/27 20:47:48 | 000,185,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswArPot.sys
[2017/12/27 20:47:48 | 000,146,664 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2017/12/27 20:47:48 | 000,110,336 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2017/12/27 20:47:48 | 000,084,384 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2017/12/27 20:47:48 | 000,046,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2017/12/27 20:47:20 | 001,025,176 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2017/12/27 20:47:15 | 000,149,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
[2017/12/27 20:47:13 | 000,343,768 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2017/12/27 20:47:13 | 000,321,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2017/12/27 20:47:13 | 000,199,448 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2017/12/27 20:47:13 | 000,057,696 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2017/12/27 20:29:10 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2017/12/27 19:37:40 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2017/12/27 19:19:20 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Sonic Focus.lnk
[2017/12/27 19:09:26 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2017/12/27 17:22:10 | 000,492,416 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2017/12/27 17:22:10 | 000,492,416 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2017/12/27 17:20:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2018/01/04 18:20:19 | 183,506,510 | ---- | C] () -- C:\Users\Redfish23\Desktop\- video - Dailymotion.mp4
[2017/12/30 22:13:40 | 000,001,137 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2017/12/30 22:13:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/12/29 11:13:57 | 000,010,774 | ---- | C] () -- C:\Users\Redfish23\Documents\cc_20171229_111352.reg
[2017/12/29 08:36:13 | 000,004,478 | ---- | C] () -- C:\Users\Redfish23\Documents\cc_20171229_083608.reg
[2017/12/29 07:44:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/12/28 23:34:56 | 000,000,036 | ---- | C] () -- C:\Users\Redfish23\AppData\Local\housecall.guid.cache
[2017/12/28 21:05:40 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2017/12/28 21:05:40 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2017/12/28 20:00:51 | 000,000,947 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\TCPEye.lnk
[2017/12/28 20:00:51 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\TCPEye.lnk
[2017/12/28 18:17:31 | 000,001,355 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/12/28 11:34:58 | 000,000,056 | ---- | C] () -- C:\Windows\Lic.xxx
[2017/12/28 09:30:21 | 000,028,272 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2017/12/28 07:52:38 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2017/12/28 07:52:37 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2017/12/27 22:58:08 | 001,290,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/12/27 22:33:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2017/12/27 22:01:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2017/12/27 21:58:54 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2017/12/27 20:48:23 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2017/12/27 20:48:17 | 000,045,704 | ---- | C] () -- C:\Windows\SysNative\drivers\staport.sys
[2017/12/27 20:29:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2017/12/27 19:37:40 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2017/12/27 19:36:48 | 000,001,538 | ---- | C] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2017/12/27 19:36:48 | 000,001,228 | ---- | C] () -- C:\Windows\SysNative\ServiceFilter.ini
[2017/12/27 19:36:48 | 000,000,105 | ---- | C] () -- C:\Windows\SysNative\FastBoot.ini
[2017/12/27 19:36:48 | 000,000,080 | ---- | C] () -- C:\Windows\SysNative\Defrag.ini
[2017/12/27 19:36:48 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\RemoveFont.ini
[2017/12/27 19:36:48 | 000,000,015 | ---- | C] () -- C:\Windows\SysNative\BootTime.ini
[2017/12/27 19:24:07 | 000,463,634 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2017/12/27 19:24:07 | 000,070,753 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2017/12/27 19:19:20 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Sonic Focus.lnk
[2017/12/27 19:18:54 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2017/12/27 19:17:43 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2017/12/27 19:09:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2017/12/27 19:02:45 | 000,015,416 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\kbfiltr.sys
[2017/12/27 19:02:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2017/12/27 19:02:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2017/12/27 19:02:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2017/12/27 19:02:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2017/12/27 19:02:31 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2017/12/27 19:02:30 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2017/12/27 19:02:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2017/12/27 19:02:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2017/12/27 19:02:28 | 000,038,177 | ---- | C] () -- C:\Windows\atiogl.xml
[2017/12/27 19:02:25 | 000,618,823 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2017/12/27 19:02:20 | 000,250,344 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2017/12/27 19:02:20 | 000,250,344 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2017/12/27 18:17:10 | 000,001,361 | ---- | C] () -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2017/12/27 18:16:45 | 000,000,290 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2017/12/27 18:16:45 | 000,000,272 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2017/12/27 17:21:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2017/12/27 17:21:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2017/12/27 17:20:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2017/12/27 17:17:53 | 1726,619,647 | -HS- | C] () -- C:\hiberfil.sys

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2017/08/16 00:29:44 | 014,182,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/08/16 00:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2018/01/04 18:01:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2017/12/31 09:00:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_Power2Go_Downloader.exe
[2017/12/31 08:53:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\setup.exe
[2017/12/31 09:00:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2017/12/27 18:09:18 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2017/12/27 18:54:11 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData
[2017/12/28 17:18:23 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2017/12/27 18:54:20 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2017/12/27 19:08:17 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2017/12/27 18:54:24 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/12/27 18:54:24 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/12/28 05:30:34 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\DNTException\Low
[2017/12/27 18:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2017/12/28 05:30:34 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
[2017/12/27 18:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2017/12/27 18:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2017/12/31 09:00:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_Power2Go_Downloader.exe
[2017/12/31 08:53:07 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\setup.exe
[2017/12/31 09:00:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2009/07/14 12:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2018/01/02 21:35:03 | 000,000,000 | -H-D | M] -- C:\Users\Public\Desktop
[2009/07/14 11:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2017/12/31 20:57:01 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2017/12/27 18:16:45 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData
[2017/12/27 18:17:11 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2017/12/28 23:45:36 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2017/12/29 17:05:06 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2018/01/02 20:56:46 | 000,000,000 | RH-D | M] -- C:\Users\Redfish23\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/12/27 18:17:17 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/12/27 18:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2017/12/27 18:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2009/07/14 13:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/07/14 13:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

[color=#A23BEC]< %windir%\tasks\*.job >[/color]

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: HGST HTS541515A9E630 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,197.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 200.00GB
Starting Offset: 1285343412224
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/10/30 02:50:29 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2016/11/10 01:33:26 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2017/09/13 23:52:23 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2017/04/13 00:32:10 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2017/04/13 00:25:04 | 000,145,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2017/08/11 15:35:02 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2016/05/13 02:14:48 | 000,502,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2017/08/11 15:35:01 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2017/09/13 23:52:23 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2017/08/11 15:35:02 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2016/02/09 18:55:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2017/09/13 23:52:23 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/06 02:56:14 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2016/06/15 02:16:23 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2016/06/15 02:16:23 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2016/11/10 01:02:19 | 000,128,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2016/11/10 00:55:06 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2017/05/11 00:14:53 | 002,651,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2017/09/14 00:28:12 | 000,886,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >


以下↓OTL Extrasログです。

OTL Extras logfile created on: 2018/01/04 21:26:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Redfish23\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.48 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 74.59% Memory free
14.95 Gb Paging File | 12.87 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.19 Gb Total Space | 141.02 Gb Free Space | 70.44% Space Free | Partition Type: NTFS
Drive D: | 1196.97 Gb Total Space | 1195.35 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive E: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: REDFISH23-PC | User Name: Redfish23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML-6F940AC27A98DD61] -- C:\Program Files\Waterfox\waterfox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FD8179D-C004-4288-B4BE-E4E623F43575}" = rport=139 | protocol=6 | dir=out | app=system |
"{2F760C51-4BA1-4C06-81EE-08C789AFB11F}" = rport=445 | protocol=6 | dir=out | app=system |
"{347953DE-C6E3-4F4F-A0AD-27B8D280BF4A}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DCAEF92-6395-4CF6-B604-67A6FFD8E8B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{583CD05F-35D9-443A-9472-0E4E90D12311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59B88541-FE5B-46DD-8898-97012E5E3D16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{93CDDE9E-1A58-4A56-BDE5-CE06D8724C5E}" = rport=138 | protocol=17 | dir=out | app=system |
"{94305FB3-5D7D-4749-9A76-2DDBB26A3BDA}" = lport=138 | protocol=17 | dir=in | app=system |
"{957DD0F9-548D-4181-9EDC-9CCE937B48D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4D3CF94-F9BD-46D1-B9AB-38A87E6BC870}" = lport=445 | protocol=6 | dir=in | app=system |
"{DB400791-2BB7-4999-AAC6-AA2AE3ECEB1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E238F2FA-A19E-4F26-9A21-F93883B542AF}" = rport=137 | protocol=17 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F7346B4-EA28-427B-8D07-E14F26714764}" = protocol=6 | dir=in | app=c:\program files\waterfox\waterfox.exe |
"{239F902B-2273-41A5-AEAA-D4BD6ED21B35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25DB58FC-0F88-4E13-8022-27C6B76BF314}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2900DDBE-1421-4320-990D-6DD25599B8F2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{430BC7D9-DF21-4CF2-9AE9-0E1EFE5A5BCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{449754DE-8F09-462E-9EC4-D49FB67486A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47F7C801-2F27-424D-B6DF-2EAFC769BDE3}" = protocol=17 | dir=in | app=c:\program files\waterfox\waterfox.exe |
"{48BA3213-2E4E-468B-816D-F1D5A780F97A}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{5E249B8F-D6AF-4001-9A89-E902764B7028}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{92E7FA20-A29B-4C36-AE24-B29AA2B61B32}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9F56551-4DBD-420C-B2BB-71DCC785053D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA43C0E0-4AA9-4F96-B9BF-692C70F5B58A}" = protocol=17 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{D03C21DC-99A3-43C1-95FE-0D9F0C02F9D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E14B5188-149B-45E6-9FF3-AB9D9A506DED}" = protocol=6 | dir=in | app=c:\program files\buffalo\rakupdate\rakupdate.exe |
"{EFB12F18-51EB-4A19-8E97-A172806B022E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD3D6BE7-3958-43A3-9DEC-A29BAA71D966}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D34E574-7574-F6DF-31B7-687621451EFF}" = ccc-utility64
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{28BD13AB-430F-8660-580C-36FD617A89B4}" = AMD Catalyst Install Manager
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
"{411ECA71-5D1D-C939-4CFD-D55B2DBD5A46}" = AMD Accelerated Video Transcoding
"{47AE3074-7A28-BA4A-4DAB-B924436DEC20}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{76E3D356-FABB-99C9-9350-B30FA39534BE}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB}" = Microsoft .NET Framework 4.7
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Waterfox 56.0.1 (x64 en-US)" = Waterfox 56.0.1 (x64 en-US)
"バッファロー らくらくアップデートツール" = バッファロー らくらくアップデートツール

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0210B369-4DF0-29B8-85E7-2D776A230858}" = CCC Help Chinese Traditional
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2D5FD9B6-1CE0-96F9-A7A1-D528E1ACE034}" = CCC Help French
"{346FFE81-FC6E-7397-9076-3477E9C6AD5D}" = Catalyst Control Center InstallProxy
"{3CBCCA80-FEB6-35F9-B393-C93DFCCD3A88}" = CCC Help Japanese
"{533F24D6-F31F-7B1C-E60C-AC44EF2B21E5}" = CCC Help Italian
"{559391C7-2EE9-27F3-672D-FF6469A5A0CC}" = CCC Help Norwegian
"{55A16EEA-11A0-2E35-8AE7-D090D696B95D}" = CCC Help Russian
"{5DA04A46-69AD-1694-761F-ED3882493C45}" = CCC Help Swedish
"{6391DC61-5C9C-8337-3E38-2E8C6E898699}" = CCC Help Chinese Standard
"{6C1EDE32-CDD6-9FFD-8157-73DCF992E6C7}" = AMD VISION Engine Control Center
"{718B4425-80EA-4F64-A05C-48285CE63F73}" = AMD System Monitor
"{77CC889E-3F33-9BBF-C2E7-BDAEE8DA3079}" = CCC Help Turkish
"{77D2056B-F974-A4C3-BDA5-7DBCB8B8B962}" = CCC Help Czech
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89EFC2BB-2974-4ECD-DA61-BEE379BB539B}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5F3A1A-41F5-0186-80E5-34EA12358FC3}" = CCC Help Spanish
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{91D94CFC-A22B-0FEF-5F3A-DEC685270959}" = CCC Help Korean
"{92109DE5-5DB6-9421-76C8-7BCAE0C6BB6B}" = Catalyst Control Center Profiles Mobile
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1" = TCPEye 1.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD20F04-E4C8-2979-E0F0-B32A6AF989C8}" = Catalyst Control Center Localization All
"{9E9DDE51-2196-4EF0-A2CB-91801D8C8B69}" = CCC Help Greek
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{B0002707-4F7E-4745-88A7-852DA8A88635}" = ASUS Sonic Focus
"{B3475047-DE39-7245-84C4-28CEB047D73A}" = CCC Help Thai
"{B8F00535-1938-DC25-9F71-F9E571CA57F3}" = CCC Help German
"{C19D5D28-779B-E6C7-48C4-D8A3C01D1B04}" = CCC Help Dutch
"{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3
"{C885EC37-CD73-CC35-E0CE-D8EF11D420AC}" = CCC Help Danish
"{CD84B48E-74F6-360B-2258-485BB6AB96CA}" = CCC Help English
"{D359DFF9-C8DD-3094-2F3C-A26CE9BE3E17}" = CCC Help Polish
"{D6BAA7D7-951B-76E2-C2D1-4C96143D71CE}" = CCC Help Hungarian
"{DA606CF5-AC72-04A6-A042-F93CDE70B8EE}" = CCC Help Finnish
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FDE65343-1606-3CFD-A321-E26401C50ABA}" = CCC Help Portuguese
"Adobe Flash Player NPAPI" = Adobe Flash Player 28 NPAPI
"Avast Antivirus" = Avast Free Antivirus
"BUFFALO_AirSet2_is1" = BUFFALO エアステーション設定ツール
"BUFFALO_BPCEnv_is1" = BUFFALO パソコン環境表示ツール
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"UN900113" = BUFFALO エアステーション設定ガイド

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2017/12/30 20:09:40 | Computer Name = Redfish23-PC | Source = Application Hang | ID = 1002
Description = プログラム Explorer.EXE バージョン 6.1.7601.23537 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション
センター コントロール パネルで、問題の履歴をクリックしてください。 プロセス ID: 768 開始時刻: 01d3817c794980ad 終了時刻: 60000

アプリケーション
パス: C:\Windows\Explorer.EXE レポート ID: b1264ddd-edbe-11e7-adb3-c86000a7de93

Error - 2017/12/30 20:55:59 | Computer Name = Redfish23-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: Fuel.Service.exe、バージョン: 1.0.0.0、タイム スタンプ: 0x4fce45ed
障害が発生しているモジュール名:
Device.dll、バージョン: 4.1.0.0、タイム スタンプ: 0x4f55e10b 例外コード: 0xc0000005 障害オフセット: 0x00000000000033c1
障害が発生しているプロセス
ID: 0x470 障害が発生しているアプリケーションの開始時刻: 0x01d3817c7a378a48 障害が発生しているアプリケーション パス: C:\Program
Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 障害が発生しているモジュール パス: C:\Program
Files\ATI Technologies\ATI.ACE\Fuel\Device.dll レポート ID: 5d33cdac-edc5-11e7-adb3-c86000a7de93

Error - 2017/12/30 21:00:59 | Computer Name = Redfish23-PC | Source = WinMgmt | ID = 10
Description =

Error - 2018/01/02 8:32:55 | Computer Name = Redfish23-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: Fuel.Service.exe、バージョン: 1.0.0.0、タイム スタンプ: 0x4fce45ed
障害が発生しているモジュール名:
Device.dll、バージョン: 4.1.0.0、タイム スタンプ: 0x4f55e10b 例外コード: 0xc0000005 障害オフセット: 0x00000000000033c1
障害が発生しているプロセス
ID: 0x6cc 障害が発生しているアプリケーションの開始時刻: 0x01d381d2c0efbca6 障害が発生しているアプリケーション パス: C:\Program
Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 障害が発生しているモジュール パス: C:\Program
Files\ATI Technologies\ATI.ACE\Fuel\Device.dll レポート ID: 0e4c6169-efb9-11e7-a39f-c86000a7de93

Error - 2018/01/02 8:36:59 | Computer Name = Redfish23-PC | Source = WinMgmt | ID = 10
Description =

Error - 2018/01/02 9:00:11 | Computer Name = Redfish23-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: Fuel.Service.exe、バージョン: 1.0.0.0、タイム スタンプ: 0x4fce45ed
障害が発生しているモジュール名:
Device.dll、バージョン: 4.1.0.0、タイム スタンプ: 0x4f55e10b 例外コード: 0xc0000005 障害オフセット: 0x00000000000033c1
障害が発生しているプロセス
ID: 0x4e8 障害が発生しているアプリケーションの開始時刻: 0x01d383c657393c4f 障害が発生しているアプリケーション パス: C:\Program
Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 障害が発生しているモジュール パス: C:\Program
Files\ATI Technologies\ATI.ACE\Fuel\Device.dll レポート ID: dd75a6b8-efbc-11e7-bcff-c86000a7de93

Error - 2018/01/02 9:01:47 | Computer Name = Redfish23-PC | Source = WinMgmt | ID = 10
Description =

Error - 2018/01/04 3:59:22 | Computer Name = Redfish23-PC | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: Fuel.Service.exe、バージョン: 1.0.0.0、タイム スタンプ: 0x4fce45ed
障害が発生しているモジュール名:
Device.dll、バージョン: 4.1.0.0、タイム スタンプ: 0x4f55e10b 例外コード: 0xc0000005 障害オフセット: 0x00000000000033c1
障害が発生しているプロセス
ID: 0x780 障害が発生しているアプリケーションの開始時刻: 0x01d383c9c3b0d897 障害が発生しているアプリケーション パス: C:\Program
Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 障害が発生しているモジュール パス: C:\Program
Files\ATI Technologies\ATI.ACE\Fuel\Device.dll レポート ID: 2c47b7d9-f125-11e7-9f2a-c86000a7de93

Error - 2018/01/04 4:02:10 | Computer Name = Redfish23-PC | Source = WinMgmt | ID = 10
Description =

Error - 2018/01/04 5:01:42 | Computer Name = Redfish23-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2018/01/04 4:00:47 | Computer Name = Redfish23-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2018/01/04 4:00:50 | Computer Name = Redfish23-PC | Source = DCOM | ID = 10005
Description =

Error - 2018/01/04 4:00:50 | Computer Name = Redfish23-PC | Source = DCOM | ID = 10005
Description =

Error - 2018/01/04 4:00:49 | Computer Name = Redfish23-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2018/01/04 4:00:58 | Computer Name = Redfish23-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2018/01/04 4:00:58 | Computer Name = Redfish23-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2018/01/04 4:00:58 | Computer Name = Redfish23-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2018/01/04 4:00:58 | Computer Name = Redfish23-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2018/01/04 4:00:58 | Computer Name = Redfish23-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068

Error - 2018/01/04 4:00:58 | Computer Name = Redfish23-PC | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068


< End of report >

では、よろしくお願いいたします。
  • 山猫
  • 2018/01/04 (Thu) 21:59:09
※注:まだ上のログをご確認ではないようならこちらを先にお読み下さい
すみません、上のログはルータ設定を間違えてリセットしてしまった時にLAN側IPアドレスを適当なものに変えてしまった為、
このように表示されています。

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.138.38.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE065A98-6AA8-485D-A85D-F440CF3986AC}: DhcpNameServer = 205.138.38.1

今回もう一度OTLのログを取り直させていただいたので、先に貼ったログをまだご確認されいてないようでしたら、こちらだけを確認して下さい。もしご確認済みでしたら2度手間を取らせて申し訳ございませんが、こちらのログもよろしくお願いいたします。
また、今回も手動でIPアドレスを変えたので、同様に同じ箇所が表示されますがご容赦ください。

以下↓新しく取得したOTLのログです。

OTL logfile created on: 2018/01/05 4:39:03 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Redfish23\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.48 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 78.07% Memory free
14.95 Gb Paging File | 13.15 Gb Available in Paging File | 87.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.19 Gb Total Space | 157.36 Gb Free Space | 78.60% Space Free | Partition Type: NTFS
Drive D: | 1196.97 Gb Total Space | 1195.35 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: REDFISH23-PC | User Name: Redfish23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2018/01/04 21:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Redfish23\Desktop\OTL.exe
PRC - [2017/12/27 20:47:40 | 011,080,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2017/12/27 20:47:32 | 000,301,168 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/11/22 15:09:34 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/11/22 15:09:30 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011/10/14 18:04:40 | 000,504,488 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2011/10/03 15:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/09/13 13:33:14 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011/07/21 15:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/10/07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/07/09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2017/12/27 20:47:45 | 067,109,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2017/12/27 20:47:35 | 000,289,272 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\tasks_core.dll
MOD - [2017/12/27 20:47:33 | 000,206,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2017/12/27 20:47:33 | 000,058,016 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\module_lifetime.dll
MOD - [2017/12/27 20:47:32 | 000,057,504 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\dll_loader.dll
MOD - [2017/12/27 20:47:15 | 000,282,560 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
MOD - [2011/11/22 15:09:30 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/09/13 13:33:14 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2017/12/27 20:47:32 | 000,301,168 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2017/12/27 20:47:17 | 007,538,536 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe -- (aswbIDSAgent)
SRV:[b]64bit:[/b] - [2017/11/14 12:20:46 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2016/08/23 01:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/06/05 13:55:50 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2012/06/05 13:46:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:[b]64bit:[/b] - [2011/03/03 16:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2017/12/28 15:12:23 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/04/21 14:53:36 | 000,107,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2018/01/05 01:13:54 | 000,028,272 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:[b]64bit:[/b] - [2017/12/28 11:32:27 | 000,485,512 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:49 | 000,358,672 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:49 | 000,204,456 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,457,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,185,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswArPot.sys -- (aswArPot)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,146,664 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,110,336 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,084,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:48 | 000,046,976 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:20 | 001,025,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:15 | 000,149,344 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswHdsKe.sys -- (aswHdsKe)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:13 | 000,343,768 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbloga.sys -- (aswblog)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:13 | 000,321,512 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys -- (aswbidsdriver)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:13 | 000,199,448 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbidsha.sys -- (aswbidsh)
DRV:[b]64bit:[/b] - [2017/12/27 20:47:13 | 000,057,696 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbuniva.sys -- (aswbuniv)
DRV:[b]64bit:[/b] - [2016/04/01 02:31:20 | 000,104,976 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:[b]64bit:[/b] - [2012/06/05 14:33:38 | 010,242,560 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012/06/05 13:01:42 | 000,360,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/01/13 16:05:56 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2012/01/12 10:28:42 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012/01/12 10:28:42 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/12/03 07:06:04 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:[b]64bit:[/b] - [2011/12/03 07:06:00 | 000,565,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2011/10/25 23:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:[b]64bit:[/b] - [2011/10/25 23:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:[b]64bit:[/b] - [2011/10/14 18:04:40 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:[b]64bit:[/b] - [2011/10/03 23:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2011/09/23 18:59:08 | 000,290,600 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:[b]64bit:[/b] - [2011/03/21 21:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/01/18 17:16:46 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010/12/31 18:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:[b]64bit:[/b] - [2009/07/20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/14 18:04:40 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=MOCJ&bmod=MOCJ
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=MOCJ&bmod=MOCJ
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=MOCJ&bmod=MOCJ
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tnc.ne.jp/
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = F6 C1 90 9C 6B 81 D3 01 [binary data]
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 56.0.1\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 56.0.1\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS

[2017/12/29 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redfish23\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\らくらくアップデートツール.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:[b]64bit:[/b] - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.48.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE065A98-6AA8-485D-A85D-F440CF3986AC}: DhcpNameServer = 192.168.48.1
O18:[b]64bit:[/b] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:[b]64bit:[/b] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB} - .NET Framework
ActiveX:[b]64bit:[/b] {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB} - .NET Framework
ActiveX: {BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2018/01/05 04:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SWCUTemp
[2018/01/04 21:22:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Redfish23\Desktop\OTL.exe
[2018/01/03 02:56:22 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\Desktop\未アップ選択スノボ動
[2017/12/31 22:55:54 | 000,000,000 | ---D | C] -- C:\Patcher
[2017/12/31 21:35:36 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\dwhelper
[2017/12/31 08:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2017/12/31 08:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\install_backup
[2017/12/31 08:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2017/12/30 22:14:07 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Malwarebytes
[2017/12/30 22:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2017/12/30 22:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/12/30 22:13:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/12/30 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2017/12/29 19:18:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2017/12/29 09:51:51 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Diagnostics
[2017/12/29 09:30:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/12/29 08:14:30 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Geek Uninstaller
[2017/12/29 07:45:55 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Programs
[2017/12/29 07:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/12/29 07:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2017/12/29 07:23:01 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Mozilla
[2017/12/28 21:05:47 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Waterfox
[2017/12/28 21:05:47 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Waterfox
[2017/12/28 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2017/12/28 20:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TCPEye
[2017/12/28 20:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TCPEye
[2017/12/28 19:58:05 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Macromedia
[2017/12/28 18:48:57 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Mozilla
[2017/12/28 18:24:18 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\CEF
[2017/12/28 18:24:18 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\AVAST Software
[2017/12/28 18:23:41 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2017/12/28 18:23:40 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\AMD
[2017/12/28 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\ATI
[2017/12/28 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\ATI
[2017/12/28 18:17:31 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Adobe
[2017/12/28 15:12:22 | 000,803,328 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/12/28 15:12:22 | 000,144,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/12/28 15:12:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2017/12/28 15:11:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2017/12/28 13:53:04 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2017/12/28 13:53:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2017/12/28 13:34:12 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2017/12/28 13:33:49 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2017/12/28 13:33:49 | 000,407,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\centel.dll
[2017/12/28 13:33:49 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2017/12/28 13:33:48 | 001,570,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2017/12/28 13:33:48 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2017/12/28 13:33:48 | 000,605,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2017/12/28 13:33:48 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2017/12/28 13:33:48 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2017/12/28 13:33:48 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2017/12/28 13:33:48 | 000,134,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2017/12/28 13:33:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2017/12/28 13:33:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2017/12/28 13:33:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2017/12/28 13:33:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2017/12/28 13:33:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2017/12/28 11:32:28 | 000,485,512 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2017/12/28 11:32:17 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2017/12/28 11:32:16 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2017/12/28 11:32:15 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll
[2017/12/28 11:32:13 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll
[2017/12/28 11:32:12 | 000,156,392 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2017/12/28 11:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2017/12/28 11:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2017/12/28 10:02:11 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\Desktop\デスクトップ
[2017/12/28 09:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2017/12/28 07:53:56 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2017/12/28 07:53:53 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2017/12/28 07:53:52 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2017/12/28 07:53:51 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2017/12/28 07:53:51 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2017/12/28 07:53:12 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2017/12/28 07:53:12 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2017/12/28 07:52:52 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2017/12/28 07:52:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2017/12/28 07:52:38 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2017/12/28 07:52:38 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2017/12/28 07:52:38 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2017/12/28 07:52:38 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2017/12/28 07:52:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2017/12/28 07:52:38 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2017/12/28 07:52:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2017/12/28 07:52:37 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2017/12/28 07:52:37 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2017/12/28 07:52:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2017/12/28 07:52:37 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2017/12/28 07:52:37 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2017/12/28 07:52:35 | 002,058,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2017/12/28 07:52:35 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2017/12/28 07:52:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2017/12/28 07:52:35 | 000,662,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2017/12/28 07:52:35 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2017/12/28 07:52:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2017/12/28 07:52:35 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2017/12/28 07:52:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2017/12/28 07:52:35 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2017/12/28 07:52:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2017/12/28 07:52:34 | 000,807,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2017/12/28 07:52:34 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2017/12/28 07:52:34 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2017/12/28 07:52:34 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2017/12/28 07:52:33 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2017/12/28 07:52:33 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2017/12/28 07:52:32 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2017/12/28 07:52:32 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2017/12/28 07:52:31 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2017/12/28 07:52:31 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2017/12/28 07:52:31 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2017/12/28 07:52:31 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2017/12/28 07:52:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2017/12/28 07:52:31 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2017/12/28 07:52:30 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2017/12/28 07:52:30 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2017/12/28 07:52:29 | 005,925,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2017/12/28 07:52:29 | 000,817,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2017/12/28 07:52:29 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2017/12/28 07:52:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2017/12/28 07:52:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2017/12/28 07:52:27 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2017/12/28 07:52:25 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2017/12/28 07:52:24 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2017/12/28 07:52:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2017/12/28 07:52:24 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2017/12/28 07:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
[2017/12/28 00:45:25 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2017/12/28 00:45:25 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2017/12/28 00:41:30 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2017/12/28 00:30:16 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2017/12/28 00:30:12 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2017/12/28 00:30:12 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2017/12/28 00:30:12 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2017/12/28 00:30:12 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2017/12/28 00:30:12 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2017/12/28 00:30:12 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2017/12/28 00:30:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2017/12/28 00:30:12 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2017/12/28 00:30:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2017/12/28 00:30:11 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2017/12/28 00:30:11 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2017/12/28 00:30:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2017/12/28 00:30:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2017/12/28 00:30:11 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2017/12/28 00:30:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2017/12/28 00:30:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2017/12/28 00:30:10 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2017/12/28 00:30:10 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2017/12/28 00:30:10 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2017/12/28 00:30:10 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2017/12/28 00:30:10 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2017/12/28 00:30:10 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2017/12/28 00:30:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2017/12/28 00:30:10 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2017/12/28 00:30:10 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2017/12/28 00:30:10 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2017/12/28 00:30:10 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2017/12/28 00:30:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2017/12/28 00:30:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2017/12/28 00:30:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2017/12/28 00:30:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2017/12/28 00:30:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2017/12/28 00:30:10 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2017/12/28 00:30:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2017/12/28 00:12:09 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2017/12/28 00:12:09 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2017/12/28 00:12:09 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2017/12/28 00:12:09 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2017/12/28 00:12:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/12/28 00:12:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/12/28 00:12:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/12/28 00:12:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/12/28 00:12:08 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2017/12/28 00:12:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2017/12/28 00:12:08 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2017/12/28 00:12:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2017/12/28 00:12:08 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2017/12/28 00:12:08 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2017/12/27 22:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2017/12/27 22:57:17 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2017/12/27 22:33:01 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2017/12/27 22:33:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2017/12/27 22:33:00 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2017/12/27 22:33:00 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2017/12/27 22:18:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2017/12/27 22:15:10 | 004,296,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_47.dll
[2017/12/27 22:15:10 | 003,550,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_47.dll
[2017/12/27 22:11:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2017/12/27 22:11:41 | 133,326,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MRT-KB890830.exe
[2017/12/27 22:06:21 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2017/12/27 22:06:21 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2017/12/27 22:06:21 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2017/12/27 22:06:21 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2017/12/27 22:06:20 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2017/12/27 22:06:20 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2017/12/27 22:06:03 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2017/12/27 22:06:03 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2017/12/27 22:02:13 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2017/12/27 22:02:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll
[2017/12/27 22:02:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll
[2017/12/27 22:02:01 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2017/12/27 22:02:01 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2017/12/27 22:02:00 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2017/12/27 22:02:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2017/12/27 22:01:59 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2017/12/27 22:01:59 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2017/12/27 22:01:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2017/12/27 22:01:57 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2017/12/27 22:01:54 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2017/12/27 22:01:53 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2017/12/27 22:01:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2017/12/27 22:01:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2017/12/27 22:01:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2017/12/27 22:01:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2017/12/27 22:01:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2017/12/27 22:01:33 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2017/12/27 22:01:33 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2017/12/27 22:01:32 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2017/12/27 22:01:32 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2017/12/27 22:01:09 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe
[2017/12/27 22:01:09 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2017/12/27 22:01:09 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2017/12/27 22:01:09 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2017/12/27 22:01:09 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2017/12/27 22:01:09 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe
[2017/12/27 22:01:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2017/12/27 22:01:09 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe
[2017/12/27 22:01:09 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2017/12/27 22:01:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe
[2017/12/27 22:01:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe
[2017/12/27 22:00:49 | 003,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2017/12/27 22:00:49 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2017/12/27 22:00:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2017/12/27 22:00:49 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2017/12/27 22:00:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2017/12/27 22:00:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2017/12/27 22:00:45 | 000,451,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2017/12/27 22:00:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2017/12/27 22:00:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tbs.dll
[2017/12/27 22:00:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tbs.dll
[2017/12/27 22:00:31 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basesrv.dll
[2017/12/27 22:00:06 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2017/12/27 22:00:06 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2017/12/27 22:00:06 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2017/12/27 22:00:06 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2017/12/27 22:00:06 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2017/12/27 22:00:06 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2017/12/27 22:00:06 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2017/12/27 22:00:06 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2017/12/27 22:00:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2017/12/27 22:00:06 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2017/12/27 22:00:06 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2017/12/27 22:00:05 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2017/12/27 22:00:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2017/12/27 22:00:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2017/12/27 22:00:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2017/12/27 22:00:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2017/12/27 22:00:05 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2017/12/27 21:59:35 | 002,543,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2017/12/27 21:59:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2017/12/27 21:59:33 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2017/12/27 21:59:33 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2017/12/27 21:59:28 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2017/12/27 21:59:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2017/12/27 21:59:22 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2017/12/27 21:59:22 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2017/12/27 21:59:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2017/12/27 21:59:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2017/12/27 21:59:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2017/12/27 21:59:17 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2017/12/27 21:59:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2017/12/27 21:59:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2017/12/27 21:58:59 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2017/12/27 21:58:59 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2017/12/27 21:58:59 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2017/12/27 21:58:59 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2017/12/27 21:58:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2017/12/27 21:58:58 | 014,635,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2017/12/27 21:58:57 | 011,410,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2017/12/27 21:58:56 | 003,165,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2017/12/27 21:58:56 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2017/12/27 21:58:56 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2017/12/27 21:58:56 | 000,140,288 | ----
  • 山猫
  • 2018/01/05 (Fri) 05:38:51
OTLログ続きです
[2017/12/27 21:58:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2017/12/27 21:58:56 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2017/12/27 21:58:55 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2017/12/27 21:58:54 | 005,547,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017/12/27 21:58:54 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2017/12/27 21:58:54 | 001,311,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjet40.dll
[2017/12/27 21:58:54 | 000,616,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrepl40.dll
[2017/12/27 21:58:54 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd3x40.dll
[2017/12/27 21:58:54 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd2x40.dll
[2017/12/27 21:58:54 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjtes40.dll
[2017/12/27 21:58:54 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll
[2017/12/27 21:58:53 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2017/12/27 21:58:53 | 000,995,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2017/12/27 21:58:53 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2017/12/27 21:58:53 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2017/12/27 21:58:53 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2017/12/27 21:58:53 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2017/12/27 21:58:53 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2017/12/27 21:58:53 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2017/12/27 21:58:53 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2017/12/27 21:58:53 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2017/12/27 21:58:53 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2017/12/27 21:58:53 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2017/12/27 21:58:53 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2017/12/27 21:58:53 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2017/12/27 21:58:52 | 003,209,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2017/12/27 21:58:52 | 003,203,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2017/12/27 21:58:52 | 002,319,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2017/12/27 21:58:52 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2017/12/27 21:58:52 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2017/12/27 21:58:52 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2017/12/27 21:58:52 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2017/12/27 21:58:52 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2017/12/27 21:58:52 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2017/12/27 21:58:52 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2017/12/27 21:58:52 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2017/12/27 21:58:52 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2017/12/27 21:58:52 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2017/12/27 21:58:52 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2017/12/27 21:58:52 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2017/12/27 21:58:52 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2017/12/27 21:58:52 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2017/12/27 21:58:52 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2017/12/27 21:58:52 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2017/12/27 21:58:52 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2017/12/27 21:58:52 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2017/12/27 21:58:52 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2017/12/27 21:58:52 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2017/12/27 21:58:52 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2017/12/27 21:58:52 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2017/12/27 21:58:52 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2017/12/27 21:58:52 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2017/12/27 21:58:51 | 004,001,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017/12/27 21:58:51 | 002,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2017/12/27 21:58:51 | 002,065,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2017/12/27 21:58:51 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2017/12/27 21:58:51 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2017/12/27 21:58:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2017/12/27 21:58:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2017/12/27 21:58:50 | 003,945,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017/12/27 21:58:50 | 002,144,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2017/12/27 21:58:50 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2017/12/27 21:58:50 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2017/12/27 21:58:49 | 003,244,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2017/12/27 21:58:49 | 002,150,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2017/12/27 21:58:49 | 002,058,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2017/12/27 21:58:49 | 001,867,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2017/12/27 21:58:49 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2017/12/27 21:58:49 | 001,549,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2017/12/27 21:58:49 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2017/12/27 21:58:49 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXPTaskRingtone.dll
[2017/12/27 21:58:49 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2017/12/27 21:58:48 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2017/12/27 21:58:48 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2017/12/27 21:58:48 | 000,973,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXPTaskRingtone.dll
[2017/12/27 21:58:48 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexcl40.dll
[2017/12/27 21:58:47 | 001,483,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2017/12/27 21:58:47 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2017/12/27 21:58:47 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxbde40.dll
[2017/12/27 21:58:47 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mspbde40.dll
[2017/12/27 21:58:47 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msltus40.dll
[2017/12/27 21:58:46 | 001,574,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2017/12/27 21:58:46 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2017/12/27 21:58:46 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2017/12/27 21:58:46 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2017/12/27 21:58:45 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2017/12/27 21:58:45 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2017/12/27 21:58:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2017/12/27 21:58:45 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2017/12/27 21:58:45 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2017/12/27 21:58:45 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2017/12/27 21:58:45 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2017/12/27 21:58:45 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2017/12/27 21:58:45 | 000,706,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2017/12/27 21:58:45 | 000,633,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2017/12/27 21:58:45 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2017/12/27 21:58:45 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2017/12/27 21:58:44 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2017/12/27 21:58:44 | 000,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2017/12/27 21:58:44 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2017/12/27 21:58:43 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2017/12/27 21:58:43 | 000,806,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2017/12/27 21:58:43 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2017/12/27 21:58:43 | 000,733,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2017/12/27 21:58:43 | 000,632,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2017/12/27 21:58:43 | 000,546,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2017/12/27 21:58:43 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2017/12/27 21:58:43 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2017/12/27 21:58:43 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2017/12/27 21:58:43 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2017/12/27 21:58:43 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2017/12/27 21:58:42 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2017/12/27 21:58:42 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2017/12/27 21:58:42 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2017/12/27 21:58:42 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2017/12/27 21:58:42 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2017/12/27 21:58:42 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2017/12/27 21:58:42 | 000,382,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2017/12/27 21:58:42 | 000,382,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2017/12/27 21:58:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2017/12/27 21:58:42 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2017/12/27 21:58:41 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2017/12/27 21:58:41 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2017/12/27 21:58:41 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2017/12/27 21:58:41 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2017/12/27 21:58:41 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswstr10.dll
[2017/12/27 21:58:41 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2017/12/27 21:58:41 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2017/12/27 21:58:41 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2017/12/27 21:58:41 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2017/12/27 21:58:41 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2017/12/27 21:58:41 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2017/12/27 21:58:41 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2017/12/27 21:58:41 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2017/12/27 21:58:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2017/12/27 21:58:41 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2017/12/27 21:58:41 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjint40.dll
[2017/12/27 21:58:40 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2017/12/27 21:58:40 | 001,001,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpedit.dll
[2017/12/27 21:58:40 | 000,953,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpedit.dll
[2017/12/27 21:58:40 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswdat10.dll
[2017/12/27 21:58:40 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2017/12/27 21:58:40 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2017/12/27 21:58:40 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2017/12/27 21:58:40 | 000,392,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2017/12/27 21:58:40 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2017/12/27 21:58:40 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2017/12/27 21:58:40 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2017/12/27 21:58:40 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2017/12/27 21:58:40 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjter40.dll
[2017/12/27 21:58:39 | 002,851,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2017/12/27 21:58:39 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2017/12/27 21:58:39 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2017/12/27 21:58:39 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2017/12/27 21:58:39 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2017/12/27 21:58:39 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2017/12/27 21:58:39 | 000,379,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2017/12/27 21:58:39 | 000,377,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2017/12/27 21:58:39 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2017/12/27 21:58:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2017/12/27 21:58:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2017/12/27 21:58:39 | 000,265,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2017/12/27 21:58:39 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2017/12/27 21:58:39 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2017/12/27 21:58:39 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2017/12/27 21:58:38 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2017/12/27 21:58:38 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2017/12/27 21:58:38 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2017/12/27 21:58:38 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2017/12/27 21:58:37 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2017/12/27 21:58:37 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2017/12/27 21:58:37 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2017/12/27 21:58:37 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2017/12/27 21:58:37 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2017/12/27 21:58:37 | 000,287,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2017/12/27 21:58:37 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2017/12/27 21:58:37 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2017/12/27 21:58:37 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2017/12/27 21:58:37 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2017/12/27 21:58:37 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2017/12/27 21:58:37 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2017/12/27 21:58:36 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2017/12/27 21:58:36 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2017/12/27 21:58:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2017/12/27 21:58:36 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cic.dll
[2017/12/27 21:58:36 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2017/12/27 21:58:36 | 000,114,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2017/12/27 21:58:36 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2017/12/27 21:58:35 | 012,574,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2017/12/27 21:58:35 | 012,574,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2017/12/27 21:58:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2017/12/27 21:58:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2017/12/27 21:58:35 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2017/12/27 21:58:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2017/12/27 21:58:35 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2017/12/27 21:58:34 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2017/12/27 21:58:34 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcbase.dll
[2017/12/27 21:58:34 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2017/12/27 21:58:34 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2017/12/27 21:58:34 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2017/12/27 21:58:34 | 000,249,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2017/12/27 21:58:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2017/12/27 21:58:34 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tintlgnt.ime
[2017/12/27 21:58:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quick.ime
[2017/12/27 21:58:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qintlgnt.ime
[2017/12/27 21:58:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\phon.ime
[2017/12/27 21:58:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cintlgnt.ime
[2017/12/27 21:58:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chajei.ime
[2017/12/27 21:58:34 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pintlgnt.ime
[2017/12/27 21:58:34 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2017/12/27 21:58:34 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2017/12/27 21:58:34 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2017/12/27 21:58:34 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2017/12/27 21:58:34 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2017/12/27 21:58:34 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2017/12/27 21:58:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2017/12/27 21:58:33 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2017/12/27 21:58:33 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2017/12/27 21:58:33 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcbase.dll
[2017/12/27 21:58:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2017/12/27 21:58:33 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icm32.dll
[2017/12/27 21:58:33 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2017/12/27 21:58:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2017/12/27 21:58:33 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2017/12/27 21:58:33 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cic.dll
[2017/12/27 21:58:33 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcshext.dll
[2017/12/27 21:58:33 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2017/12/27 21:58:33 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2017/12/27 21:58:33 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2017/12/27 21:58:33 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2017/12/27 21:58:33 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2017/12/27 21:58:33 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2017/12/27 21:58:33 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017/12/27 21:58:33 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsmsext.dll
[2017/12/27 21:58:33 | 000,091,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MigAutoPlay.exe
[2017/12/27 21:58:33 | 000,091,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MigAutoPlay.exe
[2017/12/27 21:58:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsmsext.dll
[2017/12/27 21:58:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2017/12/27 21:58:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2017/12/27 21:58:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2017/12/27 21:58:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdhui.dll
[2017/12/27 21:58:33 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2017/12/27 21:58:32 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2017/12/27 21:58:32 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iprtrmgr.dll
[2017/12/27 21:58:32 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2017/12/27 21:58:32 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcshext.dll
[2017/12/27 21:58:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2017/12/27 21:58:32 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2017/12/27 21:58:32 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2017/12/27 21:58:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wermgr.exe
[2017/12/27 21:58:32 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdhui.dll
[2017/12/27 21:58:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017/12/27 21:58:31 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2017/12/27 21:58:31 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2017/12/27 21:58:31 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2017/12/27 21:58:31 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2017/12/27 21:58:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iprtrmgr.dll
[2017/12/27 21:58:31 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hlink.dll
[2017/12/27 21:58:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2017/12/27 21:58:31 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmjpegdec.dll
[2017/12/27 21:58:31 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2017/12/27 21:58:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmjpegdec.dll
[2017/12/27 21:58:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2017/12/27 21:58:31 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rundll32.exe
[2017/12/27 21:58:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2017/12/27 21:58:31 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\werdiagcontroller.dll
[2017/12/27 21:58:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\werdiagcontroller.dll
[2017/12/27 21:58:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2017/12/27 21:58:31 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2017/12/27 21:58:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleres.dll
[2017/12/27 21:58:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleres.dll
[2017/12/27 21:58:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2017/12/27 21:58:31 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2017/12/27 21:58:30 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2017/12/27 21:58:30 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2017/12/27 21:58:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\itircl.dll
[2017/12/27 21:58:30 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtm.dll
[2017/12/27 21:58:30 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2017/12/27 21:58:30 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtm.dll
[2017/12/27 21:58:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2017/12/27 21:58:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2017/12/27 21:58:30 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2017/12/27 21:58:30 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wermgr.exe
[2017/12/27 21:58:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2017/12/27 21:58:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2017/12/27 21:58:29 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2017/12/27 21:58:29 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2017/12/27 21:58:29 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfmon.exe
[2017/12/27 21:58:29 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\itircl.dll
[2017/12/27 21:58:29 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfmon.exe
[2017/12/27 21:58:29 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2017/12/27 21:58:29 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2017/12/27 21:58:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2017/12/27 21:58:29 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2017/12/27 21:58:29 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2017/12/27 21:58:29 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resmon.exe
[2017/12/27 21:58:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2017/12/27 21:58:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.exe
[2017/12/27 21:58:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2017/12/27 21:58:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2017/12/27 21:58:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2017/12/27 21:58:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2017/12/27 21:58:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnpinst.exe
[2017/12/27 21:58:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2017/12/27 21:58:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2017/12/27 21:58:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2017/12/27 21:58:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netbtugc.exe
[2017/12/27 21:58:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2017/12/27 21:58:29 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2017/12/27 21:58:29 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetppui.dll
[2017/12/27 21:58:29 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icaapi.dll
[2017/12/27 21:58:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/12/27 21:58:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/12/27 21:58:28 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\resmon.exe
[2017/12/27 21:58:28 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2017/12/27 21:58:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.exe
[2017/12/27 21:58:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2017/12/27 21:58:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2017/12/27 21:58:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2017/12/27 21:58:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winnsi.dll
[2017/12/27 21:58:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2017/12/27 21:58:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2017/12/27 21:58:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2017/12/27 21:58:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nsi.dll
[2017/12/27 21:58:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2017/12/27 21:58:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2017/12/27 21:58:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe
[2017/12/27 21:58:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2017/12/27 21:58:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2017/12/27 21:58:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2017/12/27 21:58:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iprtprio.dll
[2017/12/27 21:58:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\plasrv.exe
[2017/12/27 21:58:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iprtprio.dll
[2017/12/27 21:58:27 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexch40.dll
[2017/12/27 21:58:27 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2017/12/27 21:58:27 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\INETRES.dll
[2017/12/27 21:58:27 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2017/12/27 21:58:27 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2017/12/27 21:58:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2017/12/27 21:58:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2017/12/27 21:58:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2017/12/27 21:58:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2017/12/27 21:58:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2017/12/27 21:58:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2017/12/27 21:58:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2017/12/27 21:58:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2017/12/27 21:58:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comcat.dll
[2017/12/27 21:58:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2017/12/27 21:58:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2017/12/27 21:58:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comcat.dll
[2017/12/27 21:58:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017/12/27 21:58:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2017/12/27 21:58:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017/12/27 21:58:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017/12/27 21:58:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017/12/27 21:58:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017/12/27 21:58:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2017/12/27 21:58:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2017/12/27 21:58:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2017/12/27 21:58:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017/12/27 21:58:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2017/12/27 21:58:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017/12/27 21:58:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017/12/27 21:58:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2017/12/27 21:58:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2017/12/27 21:58:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2017/12/27 21:58:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2017/12/27 21:58:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2017/12/27 21:58:26 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstext40.dll
[2017/12/27 21:57:45 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2017/12/27 21:57:45 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2017/12/27 21:57:27 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2017/12/27 21:57:27 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2017/12/27 21:57:26 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2017/12/27 21:57:26 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2017/12/27 21:57:26 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2017/12/27 21:57:26 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2017/12/27 21:57:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2017/12/27 21:57:26 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2017/12/27 21:57:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2017/12/27 21:57:26 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2017/12/27 21:57:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2017/12/27 21:57:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2017/12/27 21:57:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2017/12/27 21:57:26 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2017/12/27 21:56:49 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2017/12/27 21:56:48 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2017/12/27 21:56:48 | 001,307,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2017/12/27 21:56:48 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2017/12/27 21:56:48 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2017/12/27 21:56:48 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2017/12/27 21:56:47 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2017/12/27 21:56:47 | 001,153,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2017/12/27 21:56:47 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2017/12/27 21:56:47 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2017/12/27 21:56:47 | 000,829,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2017/12/27 21:56:47 | 000,815,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2017/12/27 21:56:47 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2017/12/27 21:56:47 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2017/12/27 21:56:47 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2017/12/27 21:56:46 | 001,955,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2017/12/27 21:56:46 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2017/12/27 21:56:45 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2017/12/27 21:56:45 | 001,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2017/12/27 21:56:45 | 000,740,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2017/12/27 21:56:45 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2017/12/27 21:56:45 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2017/12/27 21:56:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2017/12/27 21:56:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2017/12/27 21:56:44 | 001,393,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMALFXGFXDSP.dll
[2017/12/27 21:56:44 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2017/12/27 21:56:44 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2017/12/27 21:56:44 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2017/12/27 21:56:44 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2017/12/27 21:56:44 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2017/12/27 21:56:44 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2017/12/27 21:56:44 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2017/12/27 21:56:44 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2017/12/27 21:56:44 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2017/12/27 21:56:44 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2017/12/27 21:56:44 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2017/12/27 21:56:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2017/12/27 21:56:44 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2017/12/27 21:56:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2017/12/27 21:56:43 | 001,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2017/12/27 21:56:43 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2017/12/27 21:56:43 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2017/12/27 21:56:43 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2017/12/27 21:56:43 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2017/12/27 21:56:43 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2017/12/27 21:56:43 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2017/12/27 21:56:43 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2017/12/27 21:56:43 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2017/12/27 21:56:43 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2017/12/27 21:56:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2017/12/27 21:56:43 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2017/12/27 21:56:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2017/12/27 21:56:42 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2017/12/27 21:56:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksuser.dll
[2017/12/27 21:56:27 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2017/12/27 21:56:26 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2017/12/27 21:56:26 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2017/12/27 21:56:26 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2017/12/27 21:56:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2017/12/27 21:56:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2017/12/27 21:56:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2017/12/27 21:55:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2017/12/27 21:55:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2017/12/27 21:55:21 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2017/12/27 21:55:21 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2017/12/27 21:55:21 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2017/12/27 21:55:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2017/12/27 21:55:17 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2017/12/27 21:55:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2017/12/27 21:55:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2017/12/27 21:55:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2017/12/27 21:55:02 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2017/12/27 21:55:01 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2017/12/27 21:55:00 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2017/12/27 21:55:00 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2017/12/27 21:55:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2017/12/27 21:55:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2017/12/27 21:55:00 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2017/12/27 21:55:00 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2017/12/27 21:55:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2017/12/27 21:55:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2017/12/27 21:55:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2017/12/27 21:55:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2017/12/27 21:55:00 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2017/12/27 21:55:00 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2017/12/27 21:55:00 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2017/12/27 21:55:00 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2017/12/27 21:55:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2017/12/27 21:55:00 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2017/12/27 21:55:00 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2017/12/27 21:54:59 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2017/12/27 21:54:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2017/12/27 21:54:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2017/12/27 21:54:59 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2017/12/27 21:54:59 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2017/12/27 21:54:59 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2017/12/27 21:54:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2017/12/27 21:54:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2017/12/27 21:54:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2017/12/27 21:54:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2017/12/27 21:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2017/12/27 21:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2017/12/27 21:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2017/12/27 21:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2017/12/27 21:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2017/12/27 21:54:23 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2017/12/27 21:52:39 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2017/12/27 21:52:38 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2017/12/27 21:51:13 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2017/12/27 21:50:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2017/12/27 21:50:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2017/12/27 21:50:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2017/12/27 21:50:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2017/12/27 21:50:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2017/12/27 21:49:39 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2017/12/27 21:49:39 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2017/12/27 21:49:39 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2017/12/27 21:49:39 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2017/12/27 21:49:39 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2017/12/27 21:49:39 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2017/12/27 21:48:22 | 003,229,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2017/12/27 21:48:22 | 002,972,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2017/12/27 21:45:56 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2017/12/27 21:45:56 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2017/12/27 21:45:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2017/12/27 21:45:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2017/12/27 21:45:52 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2017/12/27 21:45:50 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2017/12/27 21:45:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2017/12/27 21:44:40 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\polstore.dll
[2017/12/27 21:44:40 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2017/12/27 21:44:40 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2017/12/27 21:44:39 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winipsec.dll
[2017/12/27 21:44:39 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2017/12/27 21:44:39 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2017/12/27 21:44:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2017/12/27 21:44:33 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2017/12/27 21:44:33 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2017/12/27 21:44:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2017/12/27 21:44:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2017/12/27 21:44:19 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2017/12/27 21:44:18 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2017/12/27 21:44:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmapi.dll
[2017/12/27 21:44:13 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2017/12/27 21:44:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2017/12/27 21:44:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2017/12/27 21:44:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2017/12/27 21:44:13 | 000,122,880 | ---- | C] (Microsoft
  • 山猫
  • 2018/01/05 (Fri) 05:46:22
OTLログ続きです
[2017/12/27 21:44:13 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2017/12/27 21:44:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2017/12/27 21:44:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2017/12/27 21:44:13 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2017/12/27 21:44:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2017/12/27 21:44:12 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cewmdm.dll
[2017/12/27 21:44:12 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cewmdm.dll
[2017/12/27 21:44:10 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2017/12/27 21:44:09 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2017/12/27 21:44:09 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2017/12/27 21:44:09 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2017/12/27 21:44:09 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2017/12/27 21:44:09 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2017/12/27 21:44:08 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2017/12/27 21:44:08 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2017/12/27 21:44:07 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2017/12/27 21:44:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2017/12/27 21:44:06 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2017/12/27 21:44:06 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2017/12/27 21:43:37 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2017/12/27 21:43:37 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2017/12/27 21:43:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2017/12/27 21:43:27 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2017/12/27 21:43:27 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2017/12/27 21:43:27 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2017/12/27 21:43:27 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2017/12/27 21:43:16 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2017/12/27 21:43:15 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2017/12/27 21:43:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2017/12/27 21:43:12 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2017/12/27 21:43:12 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2017/12/27 21:43:11 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2017/12/27 21:43:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2017/12/27 21:43:06 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2017/12/27 21:43:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2017/12/27 21:43:05 | 000,069,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2017/12/27 21:43:03 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2017/12/27 21:43:03 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2017/12/27 21:43:02 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2017/12/27 21:43:02 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2017/12/27 21:42:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2017/12/27 21:42:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2017/12/27 21:42:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2017/12/27 21:42:47 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2017/12/27 21:42:41 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2017/12/27 21:42:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2017/12/27 21:42:33 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2017/12/27 21:42:33 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2017/12/27 21:41:58 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2017/12/27 21:41:54 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2017/12/27 21:41:54 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2017/12/27 21:41:52 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2017/12/27 21:41:52 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2017/12/27 21:41:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2017/12/27 21:41:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2017/12/27 21:41:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2017/12/27 21:41:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2017/12/27 21:41:47 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2017/12/27 21:41:44 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2017/12/27 21:41:41 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2017/12/27 21:41:41 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2017/12/27 21:25:59 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2017/12/27 21:25:58 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2017/12/27 21:25:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2017/12/27 21:25:58 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2017/12/27 21:25:58 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2017/12/27 21:25:58 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2017/12/27 21:25:58 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2017/12/27 21:25:57 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2017/12/27 21:25:57 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2017/12/27 21:25:56 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2017/12/27 21:25:55 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2017/12/27 21:25:55 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2017/12/27 21:08:09 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfsw32.dll
[2017/12/27 21:08:09 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll
[2017/12/27 21:07:39 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2017/12/27 21:07:39 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2017/12/27 21:07:38 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2017/12/27 21:07:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2017/12/27 21:07:34 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2017/12/27 21:07:34 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2017/12/27 21:07:34 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2017/12/27 21:07:34 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2017/12/27 20:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2017/12/27 20:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avast Software
[2017/12/27 20:48:03 | 000,358,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2017/12/27 20:48:03 | 000,204,456 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2017/12/27 20:48:02 | 000,457,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2017/12/27 20:48:02 | 000,146,664 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2017/12/27 20:48:02 | 000,084,384 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2017/12/27 20:48:01 | 000,046,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2017/12/27 20:48:00 | 001,025,176 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2017/12/27 20:48:00 | 000,185,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswArPot.sys
[2017/12/27 20:48:00 | 000,110,336 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2017/12/27 20:47:59 | 000,343,768 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2017/12/27 20:47:59 | 000,057,696 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2017/12/27 20:47:58 | 000,321,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2017/12/27 20:47:58 | 000,199,448 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2017/12/27 20:47:58 | 000,149,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
[2017/12/27 20:47:55 | 000,365,680 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017/12/27 20:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2017/12/27 20:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2017/12/27 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Buffalo
[2017/12/27 20:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO
[2017/12/27 20:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BUFFALO
[2017/12/27 19:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\USBChargerPlus
[2017/12/27 19:39:04 | 000,017,152 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
[2017/12/27 19:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2017/12/27 19:37:40 | 000,162,456 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe
[2017/12/27 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2017/12/27 19:36:48 | 000,379,520 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\FBAgent.exe
[2017/12/27 19:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2017/12/27 19:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2017/12/27 19:24:07 | 002,770,944 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2017/12/27 19:24:07 | 002,770,944 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2017/12/27 19:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
[2017/12/27 19:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2017/12/27 19:21:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
[2017/12/27 19:20:42 | 000,250,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2017/12/27 19:20:41 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll
[2017/12/27 19:20:41 | 000,422,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll
[2017/12/27 19:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
[2017/12/27 19:19:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2017/12/27 19:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2017/12/27 19:19:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2017/12/27 19:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2017/12/27 19:18:55 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2017/12/27 19:18:55 | 002,528,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2017/12/27 19:18:55 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2017/12/27 19:18:55 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2017/12/27 19:18:55 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2017/12/27 19:18:55 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2017/12/27 19:18:55 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2017/12/27 19:18:55 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2017/12/27 19:18:55 | 000,180,048 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll
[2017/12/27 19:18:55 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2017/12/27 19:18:55 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2017/12/27 19:18:55 | 000,086,352 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll
[2017/12/27 19:18:55 | 000,083,792 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll
[2017/12/27 19:18:55 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll
[2017/12/27 19:18:55 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll
[2017/12/27 19:18:55 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2017/12/27 19:18:55 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2017/12/27 19:18:55 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2017/12/27 19:18:54 | 003,213,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2017/12/27 19:18:54 | 001,914,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2017/12/27 19:18:54 | 001,873,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2017/12/27 19:18:54 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2017/12/27 19:18:54 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2017/12/27 19:18:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2017/12/27 19:18:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2017/12/27 19:18:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2017/12/27 19:18:54 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2017/12/27 19:18:54 | 000,099,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2017/12/27 19:18:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2017/12/27 19:18:53 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2017/12/27 19:18:53 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2017/12/27 19:18:53 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2017/12/27 19:18:52 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2017/12/27 19:18:52 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2017/12/27 19:18:52 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2017/12/27 19:18:52 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2017/12/27 19:18:52 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2017/12/27 19:18:52 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2017/12/27 19:18:52 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2017/12/27 19:18:52 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2017/12/27 19:18:52 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2017/12/27 19:18:52 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2017/12/27 19:18:51 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2017/12/27 19:18:51 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2017/12/27 19:18:49 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2017/12/27 19:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Temp
[2017/12/27 19:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2017/12/27 19:17:43 | 000,452,200 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2017/12/27 19:17:43 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2017/12/27 19:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2017/12/27 19:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2017/12/27 19:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2017/12/27 19:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2017/12/27 19:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2017/12/27 19:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2017/12/27 19:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2017/12/27 19:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2017/12/27 19:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2017/12/27 19:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2017/12/27 19:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2017/12/27 19:06:13 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2017/12/27 19:06:08 | 000,056,448 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys
[2017/12/27 19:06:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2017/12/27 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2017/12/27 19:05:23 | 000,219,776 | ---- | C] (Advanced Micro Devices, INC.) -- C:\Windows\SysNative\drivers\amdxhc.sys
[2017/12/27 19:05:23 | 000,102,528 | ---- | C] (Advanced Micro Devices, INC.) -- C:\Windows\SysNative\drivers\amdhub30.sys
[2017/12/27 19:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2017/12/27 19:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2017/12/27 19:03:06 | 005,047,080 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl
[2017/12/27 19:03:03 | 000,138,024 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
[2017/12/27 19:02:32 | 003,048,448 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2017/12/27 19:02:32 | 000,069,632 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.973.dll
[2017/12/27 19:02:32 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2017/12/27 19:02:32 | 000,042,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2017/12/27 19:02:31 | 005,481,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2017/12/27 19:02:31 | 003,478,016 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2017/12/27 19:02:29 | 006,606,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2017/12/27 19:02:29 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2017/12/27 19:02:29 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2017/12/27 19:02:29 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2017/12/27 19:02:28 | 019,606,528 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2017/12/27 19:02:26 | 026,029,568 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2017/12/27 19:02:26 | 000,360,960 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2017/12/27 19:02:26 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2017/12/27 19:02:26 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2017/12/27 19:02:26 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2017/12/27 19:02:26 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2017/12/27 19:02:26 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2017/12/27 19:02:25 | 010,242,560 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2017/12/27 19:02:25 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2017/12/27 19:02:25 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2017/12/27 19:02:25 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2017/12/27 19:02:25 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2017/12/27 19:02:25 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2017/12/27 19:02:24 | 006,936,064 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2017/12/27 19:02:24 | 000,513,536 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2017/12/27 19:02:24 | 000,238,080 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2017/12/27 19:02:24 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2017/12/27 19:02:23 | 006,322,688 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2017/12/27 19:02:23 | 001,083,392 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2017/12/27 19:02:23 | 000,919,040 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2017/12/27 19:02:23 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2017/12/27 19:02:23 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2017/12/27 19:02:23 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2017/12/27 19:02:22 | 015,713,280 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2017/12/27 19:02:20 | 013,288,960 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2017/12/27 19:02:20 | 000,535,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2017/12/27 19:02:20 | 000,364,544 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2017/12/27 19:02:20 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2017/12/27 19:02:20 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2017/12/27 19:02:20 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2017/12/27 19:02:20 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2017/12/27 19:02:20 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2017/12/27 19:02:20 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2017/12/27 18:17:08 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017/12/27 18:17:08 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Searches
[2017/12/27 18:17:08 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017/12/27 18:17:08 | 000,000,000 | -H-D | C] -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/12/27 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Identities
[2017/12/27 18:16:55 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Contacts
[2017/12/27 18:16:53 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\VirtualStore
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\スタート メニュー
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\AppData\Local\Temporary Internet Files
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\Templates
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\SendTo
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\Recent
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\PrintHood
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\NetHood
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\Documents\My Videos
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\Documents\My Pictures
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\Documents\My Music
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\My Documents
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\Local Settings
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\AppData\Local\History
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\Cookies
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\Application Data
[2017/12/27 18:16:45 | 000,000,000 | -HSD | C] -- C:\Users\Redfish23\AppData\Local\Application Data
[2017/12/27 18:16:44 | 000,000,000 | --SD | C] -- C:\Users\Redfish23\AppData\Roaming\Microsoft
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Videos
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Saved Games
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Pictures
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Music
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Links
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Favorites
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Downloads
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Documents
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\Desktop
[2017/12/27 18:16:44 | 000,000,000 | R--D | C] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017/12/27 18:16:44 | 000,000,000 | -H-D | C] -- C:\Users\Redfish23\AppData
[2017/12/27 18:16:44 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Temp
[2017/12/27 18:16:44 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Local\Microsoft
[2017/12/27 18:16:44 | 000,000,000 | ---D | C] -- C:\Users\Redfish23\AppData\Roaming\Media Center Programs
[2017/12/27 18:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2017/12/27 18:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2017/12/27 18:12:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Live Remote
[2017/12/27 18:11:51 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2017/12/27 18:11:51 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2017/12/27 18:11:50 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2017/12/27 18:11:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2017/12/27 18:11:30 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2017/12/27 18:11:30 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2017/12/27 18:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2017/12/27 18:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2017/12/27 18:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2017/12/27 18:09:34 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2017/12/27 18:09:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2017/12/27 18:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\デスクトップ
[2017/12/27 18:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\スタート メニュー
[2017/12/27 17:20:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2017/12/27 17:18:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2017/12/27 17:17:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2017/12/27 17:17:17 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2018/01/05 04:12:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018/01/05 04:12:18 | 1726,619,647 | -HS- | M] () -- C:\hiberfil.sys
[2018/01/05 01:13:54 | 000,028,272 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2018/01/05 01:09:33 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018/01/05 01:09:33 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018/01/04 21:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Redfish23\Desktop\OTL.exe
[2018/01/02 22:01:34 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2018/01/02 09:02:11 | 001,310,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018/01/02 09:02:11 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018/01/02 09:02:11 | 000,410,672 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2018/01/02 09:02:11 | 000,121,686 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2018/01/02 09:02:11 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/12/30 22:13:40 | 000,001,137 | ---- | M] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2017/12/30 22:13:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/12/29 11:14:01 | 000,010,774 | ---- | M] () -- C:\Users\Redfish23\Documents\cc_20171229_111352.reg
[2017/12/29 09:46:59 | 000,001,228 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2017/12/29 08:36:26 | 000,004,478 | ---- | M] () -- C:\Users\Redfish23\Documents\cc_20171229_083608.reg
[2017/12/29 07:58:55 | 000,001,538 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2017/12/29 07:44:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/12/28 23:34:56 | 000,000,036 | ---- | M] () -- C:\Users\Redfish23\AppData\Local\housecall.guid.cache
[2017/12/28 21:05:40 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2017/12/28 20:00:51 | 000,000,947 | ---- | M] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\TCPEye.lnk
[2017/12/28 20:00:51 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\TCPEye.lnk
[2017/12/28 18:17:31 | 000,001,355 | ---- | M] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/12/28 16:20:52 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2017/12/28 16:18:07 | 000,267,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/12/28 15:12:22 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/12/28 15:12:22 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/12/28 13:49:06 | 001,290,842 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/12/28 12:27:43 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx
[2017/12/28 11:32:27 | 000,485,512 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2017/12/28 11:32:16 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2017/12/28 11:32:15 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2017/12/28 11:32:14 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll
[2017/12/28 11:32:12 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll
[2017/12/28 11:32:11 | 000,156,392 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2017/12/28 00:30:16 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2017/12/28 00:30:12 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2017/12/28 00:30:12 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2017/12/28 00:30:12 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2017/12/28 00:30:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2017/12/28 00:30:12 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2017/12/28 00:30:12 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2017/12/28 00:30:12 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2017/12/28 00:30:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2017/12/28 00:30:12 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2017/12/28 00:30:11 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2017/12/28 00:30:11 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2017/12/28 00:30:11 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2017/12/28 00:30:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2017/12/28 00:30:11 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2017/12/28 00:30:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2017/12/28 00:30:11 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2017/12/28 00:30:10 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2017/12/28 00:30:10 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2017/12/28 00:30:10 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2017/12/28 00:30:10 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2017/12/28 00:30:10 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2017/12/28 00:30:10 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2017/12/28 00:30:10 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2017/12/28 00:30:10 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2017/12/28 00:30:10 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2017/12/28 00:30:10 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2017/12/28 00:30:10 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2017/12/28 00:30:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2017/12/28 00:30:10 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2017/12/28 00:30:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2017/12/28 00:30:10 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2017/12/28 00:30:10 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2017/12/28 00:30:10 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2017/12/28 00:30:10 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2017/12/28 00:12:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2017/12/28 00:12:09 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2017/12/28 00:12:09 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2017/12/28 00:12:09 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2017/12/28 00:12:09 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/12/28 00:12:09 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/12/28 00:12:09 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/12/28 00:12:09 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/12/28 00:12:09 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/12/28 00:12:08 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2017/12/28 00:12:08 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2017/12/28 00:12:08 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2017/12/28 00:12:08 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2017/12/28 00:12:08 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2017/12/28 00:12:08 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2017/12/27 22:11:44 | 133,326,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MRT-KB890830.exe
[2017/12/27 20:48:17 | 000,045,704 | ---- | M] () -- C:\Windows\SysNative\drivers\staport.sys
[2017/12/27 20:47:49 | 000,358,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2017/12/27 20:47:49 | 000,204,456 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2017/12/27 20:47:48 | 000,457,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2017/12/27 20:47:48 | 000,365,680 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017/12/27 20:47:48 | 000,185,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswArPot.sys
[2017/12/27 20:47:48 | 000,146,664 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2017/12/27 20:47:48 | 000,110,336 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2017/12/27 20:47:48 | 000,084,384 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2017/12/27 20:47:48 | 000,046,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2017/12/27 20:47:20 | 001,025,176 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2017/12/27 20:47:15 | 000,149,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
[2017/12/27 20:47:13 | 000,343,768 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2017/12/27 20:47:13 | 000,321,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2017/12/27 20:47:13 | 000,199,448 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2017/12/27 20:47:13 | 000,057,696 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2017/12/27 20:29:10 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2017/12/27 19:37:40 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2017/12/27 19:19:20 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Sonic Focus.lnk
[2017/12/27 19:09:26 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2017/12/27 17:22:10 | 000,492,416 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2017/12/27 17:22:10 | 000,492,416 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2017/12/27 17:20:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017/12/30 22:13:40 | 000,001,137 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2017/12/30 22:13:40 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/12/29 11:13:57 | 000,010,774 | ---- | C] () -- C:\Users\Redfish23\Documents\cc_20171229_111352.reg
[2017/12/29 08:36:13 | 000,004,478 | ---- | C] () -- C:\Users\Redfish23\Documents\cc_20171229_083608.reg
[2017/12/29 07:44:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/12/28 23:34:56 | 000,000,036 | ---- | C] () -- C:\Users\Redfish23\AppData\Local\housecall.guid.cache
[2017/12/28 21:05:40 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2017/12/28 21:05:40 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2017/12/28 20:00:51 | 000,000,947 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\TCPEye.lnk
[2017/12/28 20:00:51 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\TCPEye.lnk
[2017/12/28 18:17:31 | 000,001,355 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/12/28 11:34:58 | 000,000,056 | ---- | C] () -- C:\Windows\Lic.xxx
[2017/12/28 09:30:21 | 000,028,272 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2017/12/28 07:52:38 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2017/12/28 07:52:37 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2017/12/27 22:58:08 | 001,290,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/12/27 22:33:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2017/12/27 22:01:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2017/12/27 21:58:54 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2017/12/27 20:48:23 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2017/12/27 20:48:17 | 000,045,704 | ---- | C] () -- C:\Windows\SysNative\drivers\staport.sys
[2017/12/27 20:29:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2017/12/27 19:37:40 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2017/12/27 19:36:48 | 000,001,538 | ---- | C] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2017/12/27 19:36:48 | 000,001,228 | ---- | C] () -- C:\Windows\SysNative\ServiceFilter.ini
[2017/12/27 19:36:48 | 000,000,105 | ---- | C] () -- C:\Windows\SysNative\FastBoot.ini
[2017/12/27 19:36:48 | 000,000,080 | ---- | C] () -- C:\Windows\SysNative\Defrag.ini
[2017/12/27 19:36:48 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\RemoveFont.ini
[2017/12/27 19:36:48 | 000,000,015 | ---- | C] () -- C:\Windows\SysNative\BootTime.ini
[2017/12/27 19:24:07 | 000,463,634 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2017/12/27 19:24:07 | 000,070,753 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2017/12/27 19:19:20 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Sonic Focus.lnk
[2017/12/27 19:18:54 | 000,150,996 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2017/12/27 19:17:43 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2017/12/27 19:09:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2017/12/27 19:02:45 | 000,015,416 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\kbfiltr.sys
[2017/12/27 19:02:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2017/12/27 19:02:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2017/12/27 19:02:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2017/12/27 19:02:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2017/12/27 19:02:31 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2017/12/27 19:02:30 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2017/12/27 19:02:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2017/12/27 19:02:29 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2017/12/27 19:02:28 | 000,038,177 | ---- | C] () -- C:\Windows\atiogl.xml
[2017/12/27 19:02:25 | 000,618,823 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2017/12/27 19:02:20 | 000,250,344 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2017/12/27 19:02:20 | 000,250,344 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2017/12/27 18:17:10 | 000,001,361 | ---- | C] () -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2017/12/27 18:16:45 | 000,000,290 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2017/12/27 18:16:45 | 000,000,272 | ---- | C] () -- C:\Users\Redfish23\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2017/12/27 17:21:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2017/12/27 17:21:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2017/12/27 17:20:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2017/12/27 17:17:53 | 1726,619,647 | -HS- | C] () -- C:\hiberfil.sys

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2017/08/16 00:29:44 | 014,182,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/08/16 00:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2018/01/05 04:13:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2017/12/31 09:00:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_Power2Go_Downloader.exe
[2017/12/31 08:53:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\setup.exe
[2017/12/31 09:00:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2017/12/27 18:09:18 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2017/12/27 18:54:11 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData
[2017/12/28 17:18:23 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
[2017/12/27 18:54:20 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2017/12/27 19:08:17 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2017/12/27 18:54:24 | 000,000,000 | RH-D | M] -- C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/12/27 18:54:24 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/12/28 05:30:34 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\DNTException\Low
[2017/12/27 18:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2017/12/28 05:30:34 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
[2017/12/27 18:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2017/12/27 18:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2017/12/31 09:00:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\CyberLink_Power2Go_Downloader.exe
[2017/12/31 08:53:07 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\setup.exe
[2017/12/31 09:00:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2009/07/14 14:32:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2009/07/14 12:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2018/01/02 21:35:03 | 000,000,000 | -H-D | M] -- C:\Users\Public\Desktop
[2009/07/14 11:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2017/12/31 20:57:01 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2017/12/27 18:16:45 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData
[2017/12/27 18:17:11 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2017/12/28 23:45:36 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2017/12/29 17:05:06 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2018/01/02 20:56:46 | 000,000,000 | RH-D | M] -- C:\Users\Redfish23\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/12/27 18:17:17 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/12/27 18:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2017/12/27 18:16:51 | 000,000,000 | -H-D | M] -- C:\Users\Redfish23\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2009/07/14 13:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/07/14 13:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

[color=#A23BEC]< %windir%\tasks\*.job >[/color]

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: HGST HTS541515A9E630 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,197.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 200.00GB
Starting Offset: 1285343412224
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/10/30 02:50:29 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2016/11/10 01:33:26 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2017/09/13 23:52:23 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2017/04/13 00:32:10 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2017/04/13 00:25:04 | 000,145,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2017/08/11 15:35:02 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2016/05/13 02:14:48 | 000,502,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2017/08/11 15:35:01 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2017/09/13 23:52:23 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2017/08/11 15:35:02 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2016/02/09 18:55:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2017/09/13 23:52:23 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/06 02:56:14 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2016/06/15 02:16:23 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2016/06/15 02:16:23 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64b
  • 山猫
  • 2018/01/05 (Fri) 05:57:26
OTLログ続きです
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2016/11/10 01:02:19 | 000,128,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2016/11/10 00:55:06 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2017/05/11 00:14:53 | 002,651,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2017/09/14 00:28:12 | 000,886,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >

今回、Extras.txtはでてきませんでした。

お手数おかけしますが、よろしくお願いいたします。
  • 山猫
  • 2018/01/05 (Fri) 06:01:55
次の作業に入る前に少し確認です
作業と報告、ご苦労様です。
OTLスキャンログも見せてもらいました。

ここでまた確認しますが、BitDefender製のセキュリティもお使いでしたか?
BDのエントリもOTLログに見えてますので。

以前にBDを使っていてその後アンインストールしたならそのことを教えてください。
ですが現在BDのツールを使っているならそれも教えてください。

またRogueKillerもまたお使いになるか、またはもう使う予定ないかも教えてください。

使わないセキュリティツールならその残骸を掃除しておいたほうが、既存のセキュリティソフトと競合するおそれもなくなるので。

上記2ツールのお返事を聞いたらまた次の作業の案内しましょう
  • 悪代官
  • 2018/01/05 (Fri) 20:30:39
Re: 次の作業に入る前に少し確認です
悪代官様。

ご返信いただきありがとうございます。

BitDefender製のセキュリティを使用した記憶はありません。
以前も現在もBDのツールは使用しておりません。

RogueKillerは必要ないようなので削除予定です。

では、よろしくお願いいたします。
  • 山猫
  • 2018/01/05 (Fri) 21:20:29
今度はOTLで掃除作業です
>BitDefender製のセキュリティを使用した記憶はありません。
>以前も現在もBDのツールは使用しておりません。

はい、わかりました。
ではそれらの掃除しましょうか。

今度はOTLを使って掃除作業します。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
DRV:[b]64bit:[/b] - [2017/12/28 11:32:27 | 000,485,512 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = F6 C1 90 9C 6B 81 D3 01 [binary data]
IE - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
O3 - HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2017/12/28 09:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2017/12/28 11:32:27 | 000,485,512 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys

:Files
C:\ProgramData\RogueKiller
C:\Windows\SysNative\drivers\trufos.sys

:reg

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
  • 悪代官
  • 2018/01/05 (Fri) 23:30:31
Re: 今度はOTLで掃除作業です
悪代官様

指示された作業をすべて終えました。現在特に異常は見当たりません。

以下OTLログです。

All processes killed
========== OTL ==========
Service trufos stopped successfully!
Service trufos deleted successfully!
C:\Windows\SysNative\drivers\trufos.sys moved successfully.
HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-4235127639-2798092303-3462135944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4235127639-2798092303-3462135944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\ProgramData\RogueKiller\Quarantine folder moved successfully.
C:\ProgramData\RogueKiller\Logs folder moved successfully.
C:\ProgramData\RogueKiller\Debug folder moved successfully.
C:\ProgramData\RogueKiller folder moved successfully.
File C:\Windows\SysNative\drivers\trufos.sys not found.
========== FILES ==========
File\Folder C:\ProgramData\RogueKiller not found.
File\Folder C:\Windows\SysNative\drivers\trufos.sys not found.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 37990482 bytes
->Flash cache emptied: 291 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Redfish23
->Temp folder emptied: 3035209 bytes
->Temporary Internet Files folder emptied: 128 bytes
->FireFox cache emptied: 71606088 bytes
->Flash cache emptied: 2121 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 107.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 01062018_105133

Files\Folders moved on Reboot...
C:\Users\Redfish23\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Redfish23\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

では、よろしくお願いいたします。
  • 山猫」
  • 2018/01/06 (Sat) 11:49:02
ここで全体の洗い直しを
作業と報告、ご苦労様です。

>現在特に異常は見当たりません

はい、処置後のOTLログも見せてもらいましたが、大体掃除できたようです。
対象のエントリはみなsuccessfully(処置成功)になってます。
ではOTLは片付けていいです。

それでは異常も出てないようなので、ここで全体の見直ししましょう。
またHJTログと、CCでインストール情報と各タブのログを取り直して、それらをレスで見せてください。

処置後に別口のモノが入り込んだり、取りこぼしがないかを含めて全体を洗い直します
  • 悪代官
  • 2018/01/06 (Sat) 21:45:31
Re: ここで全体の洗い直しを
悪代官様。

ご返信いただきありがとうございます。

以下HJTとCCの各ログです。

HJTログ

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:17:28, on 2018/01/06
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Users\Redfish23\Desktop\デスクトップ\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6825 bytes

CCインストール情報ログ

Adobe Flash Player 28 NPAPI Adobe Systems Incorporated 2018/01/06 19.8 MB 28.0.0.126
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2017/12/28 26.2 MB 8.0.877.0
AMD System Monitor Advanced Micro Devices, Inc. 2017/12/28 1.48 MB 1.0.8
ASUS Live Update ASUS 2017/12/27 3.98 MB 3.0.8
ASUS Power4Gear Hybrid ASUS 2017/12/27 15.7 MB 1.1.50
ASUS Sonic Focus Synopsys 2017/12/27 4.47 MB 1.0.0.5
ASUS Splendid Video Enhancement Technology ASUS 2017/12/27 20.7 MB 1.02.0036
ASUS USB Charger Plus ASUS 2017/12/27 6.50 MB 2.0.5
ASUS Virtual Camera asus 2017/12/27 3.12 MB 1.0.24
ATK Package ASUS 2017/12/27 12.0 MB 1.0.0014
Avast Free Antivirus AVAST Software 2018/01/06 17.9.2322
BUFFALO エアステーション設定ガイド 2018/01/06
BUFFALO エアステーション設定ツール BUFFALO INC. 2017/12/27 2.84 MB 2.0.5
BUFFALO パソコン環境表示ツール BUFFALO INC. 2017/12/27 1.0.3
CCleaner Piriform 2017/12/29 5.38
ETDWare PS/2-X64 8.0.5.1_WHQL ELAN Microelectronic Corp. 2017/12/27 8.0.5.1
Fast Boot ASUS 2017/12/27 1.46 MB 1.0.10
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2017/12/30 19.2 MB 1.75.0.1300
Microsoft .NET Framework 4.7 Microsoft Corporation 2017/12/28 38.8 MB 4.7.02053
Microsoft Silverlight Microsoft Corporation 2017/12/27 20.4 MB 4.0.50401.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2017/12/27 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2017/12/27 596 KB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2017/12/27 13.6 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2017/12/27 11.0 MB 10.0.30319
Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 2017/12/27 9.2
Realtek Ethernet Controller Driver Realtek 2017/12/27 7.43.321.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/12/27 6.0.1.6482
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 2017/12/27 6.1.7600.30127
TCPEye 1.0 Free Software Relase 2017/12/28 3.86 MB
Waterfox 56.0.1 (x64 en-US) Waterfox Ltd 2017/12/28 191 MB 56.0.1
WinFlash ASUS 2017/12/27 856 KB 2.32.0
Wireless Console 3 ASUS 2017/12/27 9.11 MB 3.0.24
バッファロー らくらくアップデートツール Buffalo Inc. 2017/12/27 11.0 MB 1.12

スタートアップ「Windows」タブログ

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
無効 HKLM:Run AMD AVT Microsoft Corporation Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
有効 HKLM:Run ATKMEDIA ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
有効 HKLM:Run ATKOSD2 ASUS C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
有効 HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run HControlUser ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
有効 HKLM:Run RtHDVBg Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
無効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SonicMasterTray Virage Logic Corporation / Sonic Focus C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
有効 HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
有効 HKLM:Run Wireless Console 3 ASUS C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

スタートアップ「スケジュールされたタスク」タブログ

有効 Task ACMON ASUS C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
無効 Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
有効 Task ASUS P4G ASUS C:\Program Files\ASUS\P4G\BatteryLife.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task USBChargerPlus ASUSTek Computer Inc. C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

スタートアップ「コンテキストメニュー」タブログ
有効 File 00asw AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 Folder MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

ブラウザプラグイン「InternetExplorer」タブログ

有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
無効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
無効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

では、よろしくお願い致します。
  • 山猫
  • 2018/01/06 (Sat) 22:33:56
hostsファイル修正後のHJTログ
上のHJTログを見てhostsファイルに異常があったのが確認できたので、こちらで修正しました。
その後のHJTログを取り直させていただきました。よろしくお願い致します。

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:02:15, on 2018/01/06
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\TCPEye\TCPEye.exe
C:\Users\Redfish23\Desktop\デスクトップ\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6731 bytes
  • 山猫
  • 2018/01/06 (Sat) 23:07:26
洗い直しにきました
作業と報告、ご苦労様です。
状態の洗い直しに来た「あらいぐま悪代官」です(←森に帰れ

現在のログを見せていただきました。

>上のHJTログを見てhostsファイルに異常があったのが確認できたので、こちらで修正しました。

そこですが気にしなくていいですよ。
OTL等の作業後はhostsが初期化されたりでHJTログ上でもそこが下記のように現れますので。
>O1 - Hosts: 127.0.0.1 localhost
>O1 - Hosts: ::1 localhost

上記エントリをご自身でfixされたかと思いますが、そこはHJT上から戻しておくといいです。

HJtを起動して「Main menu」→「View the list of backups」を開くと、HJTでfix(隔離)したエントリのリストが表示されます。
そこで先に処置した日時とエントリの中から該当のエントリにチェック入れて「Restore」を押すと対象エントリが復元されます。
そのあと一度PC再起動すればfix前の状態に戻ります。
HJTは誤ってfixしてもこの手順で復元できるので危険は少ないですが、fixしたエントリを「Delete」(削除)か「Delete all」(全削除)すると完全に削除されて復元できなくなるので注意を。

それでは他に異常がなければあとは様子見しましょう。

そのまま普通にPCを使いながらでいいので1週間様子見してください。

1週間後にまたHJTとCCの各ログを取り直して、それらを様子見中の状態報告とともにレスください。

この時点でログと状態に異常残ってなければ片付くでしょうが、何か異常見えたら1週間待たなくていいのでそこでレスください。
  • あらいぐま悪代官
  • 2018/01/07 (Sun) 20:04:06
Re: 洗い直しにきました
お世話になります。
今日で1週間経過したので、HJTとCCのログを貼りにきました。
現在Windows Updateによる異常(再起動実行時に再起動しない)以外は見当たらないので、この件に関しては大丈夫だと思います。

HJT

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:20:52, on 2018/01/14
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18894)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\TCPEye\TCPEye.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\Redfish23\Desktop\デスクトップ\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7604 bytes

CCインストール情報

Adobe Flash Player 28 NPAPI Adobe Systems Incorporated 2018/01/10 5.57 MB 28.0.0.137
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 2017/12/28 26.2 MB 8.0.877.0
AMD System Monitor Advanced Micro Devices, Inc. 2017/12/28 1.48 MB 1.0.8
Apple Application Support(32 ビット) Apple Inc. 2018/01/11 133 MB 6.2.1
Apple Application Support(64 ビット) Apple Inc. 2018/01/11 149 MB 6.2.1
Apple Mobile Device Support Apple Inc. 2018/01/11 27.7 MB 11.0.2.4
Apple Software Update Apple Inc. 2018/01/11 4.03 MB 2.4.8.1
ASUS Live Update ASUS 2017/12/27 3.98 MB 3.0.8
ASUS Power4Gear Hybrid ASUS 2017/12/27 15.7 MB 1.1.50
ASUS Sonic Focus Synopsys 2017/12/27 4.47 MB 1.0.0.5
ASUS Splendid Video Enhancement Technology ASUS 2017/12/27 20.7 MB 1.02.0036
ASUS USB Charger Plus ASUS 2017/12/27 6.50 MB 2.0.5
ASUS Virtual Camera asus 2017/12/27 3.12 MB 1.0.24
ATK Package ASUS 2017/12/27 12.0 MB 1.0.0014
Avast Free Antivirus AVAST Software 2018/01/06 17.9.2322
Bonjour Apple Inc. 2018/01/11 2.01 MB 3.1.0.1
BUFFALO エアステーション設定ガイド 2018/01/06
BUFFALO エアステーション設定ツール BUFFALO INC. 2017/12/27 2.84 MB 2.0.5
BUFFALO パソコン環境表示ツール BUFFALO INC. 2017/12/27 1.0.3
CCleaner Piriform 2017/12/29 5.38
ETDWare PS/2-X64 8.0.5.1_WHQL ELAN Microelectronic Corp. 2017/12/27 8.0.5.1
Fast Boot ASUS 2017/12/27 1.46 MB 1.0.10
iTunes Apple Inc. 2018/01/11 391 MB 12.7.2.60
Malwarebytes Anti-Exploit version 1.11.1.48 Malwarebytes 2018/01/11 6.55 MB 1.11.1.48
Malwarebytes バージョン 3.3.1.2183 Malwarebytes 2018/01/10 186 MB 3.3.1.2183
Microsoft .NET Framework 4.7.1 Microsoft Corporation 2018/01/11 38.8 MB 4.7.02558
Microsoft .NET Framework 4.7.1 (日本語) Microsoft Corporation 2018/01/12 4.7.02558
Microsoft Silverlight Microsoft Corporation 2018/01/11 50.7 MB 5.1.50907.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2017/12/27 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2018/01/11 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2017/12/27 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2018/01/11 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 2018/01/11 13.7 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2018/01/11 11.0 MB 10.0.30319
Mozilla Maintenance Service Mozilla 2018/01/10 432 KB 52.5.2
Mozilla Thunderbird 52.5.2 (x86 ja) Mozilla 2018/01/10 90.7 MB 52.5.2
Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 2017/12/27 9.2
Realtek Ethernet Controller Driver Realtek 2017/12/27 7.43.321.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/12/27 6.0.1.6482
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 2017/12/27 6.1.7600.30127
TCPEye 1.0 Free Software Relase 2017/12/28 3.86 MB
VLC media player VideoLAN 2018/01/11 2.2.8
Waterfox 56.0.3 (x64 en-US) Waterfox Ltd 2018/01/13 191 MB 56.0.3
WinFlash ASUS 2017/12/27 856 KB 2.32.0
Wireless Console 3 ASUS 2017/12/27 9.11 MB 3.0.24
バッファロー らくらくアップデートツール Buffalo Inc. 2017/12/27 11.0 MB 1.12

スタートアップ「Windows」タブ

有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
無効 HKLM:Run AMD AVT Microsoft Corporation Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
有効 HKLM:Run ATKMEDIA ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
有効 HKLM:Run ATKOSD2 ASUS C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
有効 HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run HControlUser ASUS C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run Malwarebytes Anti-Exploit Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
有効 HKLM:Run RtHDVBg Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
無効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SonicMasterTray Virage Logic Corporation / Sonic Focus C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
有効 HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
有効 HKLM:Run Wireless Console 3 ASUS C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

スタートアップ「スケジュールされたタスク」タブ

有効 Task ACMON ASUS C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
無効 Task ASUS Live Update ASUSTeK Computer Inc. C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
有効 Task ASUS P4G ASUS C:\Program Files\ASUS\P4G\BatteryLife.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task USBChargerPlus ASUSTek Computer Inc. C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

スタートアップ「コンテキストメニュー」タブ

有効 Directory VLCメディアプレイヤーで再生 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 File 00asw AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

ブラウザプラグイン「InternetExplorer」タブ

有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
無効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
無効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

では、よろしくお願い致します。
  • 山猫
  • 2018/01/14 (Sun) 13:36:52
今後は疑心暗鬼に陥らないことも注意を
こんばんは。
様子見後の報告ですね。

>現在Windows Updateによる異常(再起動実行時に再起動しない)以外は見当たらないので、この件に関しては大丈夫だと思います

はい、ログも見せてもらいましたが、おかしな痕跡は見えないようです。

AMDの拡張等が変な動きするのは他のサイトでも見てましたが、コマンドプロンプトを起動させてリソース消費も少なくないでしょうからユーザーとしては有効にしておくメリットは薄いと思われます。

先に無効化した下記エントリは必要と判断するまで無効にしておくといいでしょう。

CCの「スタートアップ」タブ(Windowsの自動起動)
>無効 HKLM:Run AMD AVT Microsoft Corporation Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

ブラウザプラグインの「IE」タブ(インターネットオプションの「ツールバーと拡張機能」)
>無効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
>無効 Helper SteadyVideoBHO Class Advanced Micro Devices C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

PC正規のプログラムでも余計な動きで負荷かけるものは多いので、PCの安定動作と軽量化したいなら不要なプログラムの停止が効果的ですが、どのプログラムを停止するかは各ユーザーの環境と使い方によっても変わるので、そのあたりもユーザーがご自身の環境を把握しながら設定していくことになります。
上記エントリを停止させただけで削除する指示は自分が出さないのは必要なものを外部が安易に削除するのを控えるためです。

では本題の異常は片付いたということで、作業に使った各ツールは準備時の説明に沿って片付けていいです。

以上は片付いても以後の再被害を防ぐための自衛は怠りなく。

ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

それと、先にもレスしましたが、ルートキット向けのツールを含めて、セキュリティツールを使うなら慎重に。
高性能なツールほど過剰反応による誤検出率も高まります。

過去の相談者さんでもセキュリティに神経過敏になり過ぎて多数のツールを次々投入したらそれで検出された結果を理解できないまま慌てる方や、それにとどまらずネット上に転がる偽セキュリティツールにまで手を出して偽の感染警告を示されて別の怪しい有償製品を購入させられた被害も見ています。
セキュリティ意識を高めるのはいいことですが、セキュリティにこだわり過ぎて疑心暗鬼に陥るのは避けましょう。

慣れない作業を年越しで頑張ってくれてお疲れ様でした。
以後は安全で快適なPCライフを
  • 悪代官
  • 2018/01/14 (Sun) 20:15:53
ありがとうございました。
悪代官様
掃除屋様

この度は、年末年始にかかわらず丁寧に対応していただき非常に感謝致します。
お世話になりました。

ここで学ばせていただいた事を忘れずに次に活かして自衛に努めていきたいと思います。

助けていただき、本当にありがとうございました。
  • 山猫
  • 2018/01/14 (Sun) 21:13:23

返信フォーム






プレビュー (投稿前に内容を確認)