悪代官の伏魔殿掲示板
PUP.Optional.Legacyについて
悪代官さんお久しぶりです。
以前お世話になりましたペソネと申します。

何気なしにAdwCleanerでスキャンをかけてみたら、
またHKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLLが検出されまして、
それについては以前の案件でAdw側の誤検出ではないかとの
ご判断を受けていたので別に気にはしませんでしたが、
その他にもHKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL、
PUP.Optional.Legacyが検出されてしまい
何の異常もなかったのにどうして...と不安になってしまいました。

すぐに隔離されたPUPを削除し、再びスキャンしたところ何も検出されることは無かったのですが、
今度はFirefoxの挙動が極端に遅くなり、ネットがまともに使えません。

またお手数をお掛けしますが、どうか私にアドバイスを頂けないでしょうか?

HJTログ
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:09:31, on 2018/05/01
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0371)


Boot mode: Normal

Running processes:
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 5003 bytes

CCログ
3D Builder Microsoft Corporation 2018/04/08 15.2.10821.1000
Apple Application Support(64 ビット) Apple Inc. 2018/04/03 153 MB 6.4
Apple Mobile Device Support Apple Inc. 2018/04/21 25.7 MB 11.3.1.6
Audacity 2.2.2 Audacity Team 2018/04/16 52.1 MB 2.2.2
BUFFALO エアステーション設定ツール BUFFALO INC. 2017/12/07 2.95 MB 2.0.15
CCleaner Piriform 2018/05/01 5.42
Groove ミュージック Microsoft Corporation 2018/04/08 10.18011.13411.1000
iTunes Apple Inc. 2018/04/21 400 MB 12.7.4.80
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2017/04/12 13.3 MB 1.75.0.1300
Microsoft Pay Microsoft Corporation 2018/03/28 2.2.18065.0
Microsoft Solitaire Collection Microsoft Studios 2017/12/15 3.18.12091.0
Microsoft Sticky Notes Microsoft Corporation 2018/04/02 2.1.18.0
Microsoft Store Microsoft Corporation 2018/04/26 11803.1001.9.0
Microsoft Store エクスペリエンス ホスト Microsoft Corporation 2018/04/17 11803.1001.8.0
Mixed Reality ビューアー Microsoft Corporation 2018/04/28 4.1804.19012.0
Mozilla Firefox 59.0.3 (x64 en-US) Mozilla 2018/05/01 145 MB 59.0.3
Mozilla Maintenance Service Mozilla 2017/10/18 508 KB 55.0
Mozilla Thunderbird 52.7.0 (x86 ja) Mozilla 2018/03/26 91.2 MB 52.7.0
NX PAD Driver Alps 2017/10/18 24.2 MB 8.100.909.312
OneNote Microsoft Corporation 2018/04/17 17.9226.20641.0
People Microsoft Corporation 2018/04/08 10.3.3472.1000
Print 3D Microsoft Corporation 2018/03/22 2.0.10611.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/10/18 17.0 MB 6.0.1.6186
Xbox Microsoft Corporation 2018/03/27 39.39.21002.0
Xbox Game bar Microsoft Corporation 2017/12/13 1.24.5001.0
Xbox Game Speech Window Microsoft Corporation 2017/12/15 1.21.13002.0
Xbox Identity Provider Microsoft Corporation 2018/04/08 12.39.13003.1000
Xbox Live Microsoft Corporation 2017/12/15 1.11.29001.0
アプリ インストーラー Microsoft Corporation 2017/11/14 1.0.12894.0
アラーム & クロック Microsoft Corporation 2018/04/08 10.1803.614.1000
カメラ Microsoft Corporation 2018/04/08 2018.227.30.1000
セキュリティ対策ツール 西日本電信電話株式会社 2018/03/31 450 MB 12.11
セキュリティ対策ツール 西日本電信電話株式会社 2018/03/31 12.11
ニュース Microsoft Corporation 2018/04/03 4.23.10923.0
ヒント Microsoft Corporation 2018/04/08 6.7.3462.1000
フィードバック Hub Microsoft Corporation 2018/05/01 1.1712.1141.0
フォト Microsoft Corporation 2018/04/25 2018.18031.15040.0
ペイント 3D Microsoft Corporation 2018/04/24 4.1804.13047.0
ボイス レコーダー Microsoft Corporation 2018/04/08 10.1803.613.1000
マップ Microsoft Corporation 2018/04/08 5.1711.10477.1000
メッセージング Microsoft Corporation 2018/02/02 3.37.23004.0
メール/カレンダー Microsoft Corporation 2018/04/27 17.9126.21785.0
モバイル プラン Microsoft Corporation 2017/11/16 3.1710.3044.0
  • ペソネ
  • 2018/05/01 (Tue) 13:29:16
返信フォームへ 
JavaとAdobeの修正から
こんばんは。
昨年4月に相談に来られた方ですね。
http://akudaikan-0.bbs.fc2.com/?act=reply&tid=7545581

今回はACでの検出結果での相談ですか。
ちょうど他にも同様の件で相談に来られた方もいるので、もしかしたらACの過剰反応の可能性もありますね。

HJTとインストール情報ログを見せてもらった範囲ではおかしなところは見えませんが、Javaのバージョンが古いなどの問題点はあるので、それらも含めて全体を調べてみましょう。

まず確認ですが、今回件の検出が出たACのバージョンはいくつですか?
現在ACは7.1.1が最新なので、もしこれ以前のバージョンで検出されたなら最新版をDLしてからそれでスキャン後、その結果を教えてください。
既に最新版でスキャンした結果なら、そのログをレスで見せてください。

AC起動して「ログファイル」画面で、スキャンと処置した日時のログを選択してダブルクリックするとその結果ログが表示されます。
そのログを返信に貼って見せてください。

また、下記は更新するか、不要なら削除推奨です。
>Java 8 Update 121 Oracle Corporation 2017/04/11 94.4 MB 8.0.1210.13

>Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2017/04/11 222 MB 15.023.20070

pdfアプリが必要なら、下記の最新版を入れておくといいでしょう。
http://www.forest.impress.co.jp/library/software/pdfxchedit/

上記の確認と処置ができたらそのレスとログを見せてもらってから対処を考えましょう
  • 悪代官
  • 2018/05/01 (Tue) 19:29:36
返信フォームへ 
Re: PUP.Optional.Legacyについて
悪代官さん迅速な対応ありがとうございます。

>まず確認ですが、今回件の検出が出たACのバージョンはいくつですか?
7.1.1でした。以下ログになります。
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-04-30.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-01-2018
# Duration: 00:00:27
# OS: Windows 10 Home
# Scanned: 40814
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

>また、下記は更新するか、不要なら削除推奨です。
Java 8 Update 121 Oracle Corporation 2017/04/11 94.4 MB 8.0.1210.13
Adobe Acrobat Reader DC - Japanese Adobe Systems Incorporated 2017/04/11 222 MB 15.023.20070

2つとも使わないアプリケーションなので早急に削除したいのですが
管理画面にどちらも見当たりません。
いったいこれらはどこに存在しているのでしょうか?

  • ペソネ
  • 2018/05/01 (Tue) 19:55:51
返信フォームへ 
先スレと混同してました(汗
早速のレスありがとうございます。
ACは最新版ですね。ログも見せてもらいました。

>2つとも使わないアプリケーションなので早急に削除したいのですが
>管理画面にどちらも見当たりません。

ごめんなさい。
そこは自分が前スレのログと混同してました。
今はその2つはインストールされてないので気にしないでください。
しまった、こいつはうっかりだぁ!(←それ悪代官じゃないから

それでは全体のログから慎重に進めていきましょう。
前スレでの手順も覚えていればそれも参考に進めてください。

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」(通称:GU)
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
https://www.piriform.com/ccleaner/builds
最新バージョンの「ポータブル版」(Portable)をダウンロード後、解凍して起動してください。
片付けるときはそのフォルダを削除すればいいです。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

最初にWindowsUpdateの確認して、必要な更新があればそれを全部更新してください。
ですがそこで更新ができないようならこの後に説明する作業はせずに更新失敗の旨をレスで教えてください。
WUが正常にできなくすることで、感染の解析処置を阻害してくる危険なマルウェアが激増しているためです。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

なお、Windows10への更新はユーザー自身がよほど必要でなければ非推奨です。
http://www.japan-secure.com/entry/Windows_Update_7.html
http://www.japan-secure.com/entry/how_to_suppress_the_free_upgrade_of_Windows_10.html

まずWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

スタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとCCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。

とりあえずはCCの各タブのログを見てから、変なモノが隠れてないか確認します
  • 悪代官
  • 2018/05/01 (Tue) 20:28:27
返信フォームへ 
Re: PUP.Optional.Legacyについて
ご返信ありがとうございます。
先ほど指示して頂いた作業はすべて行いました。

以下CCログになります。
スタートアップ
無効 HKCU:Run OneDriveSetup Microsoft Corporation C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
無効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"

スケジュールされたタスク
無効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory ファイルの所有権
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

IE
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

Firefox
有効 Extension Activity Stream 2018.02.17.0026-173e2795 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi
有効 Extension Application Update Service Helper 2.0 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Firefox Screenshots 25.0.0 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi
有効 Extension Follow-on Search Telemetry 0.9.6 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi
有効 Extension Form Autofill 1.0 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi
有効 Extension Photon onboarding 1.0 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\onboarding@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Shield Recipe Client 80 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi
無効 Extension Trend Micro Toolbar 12.0.0.1252 default Firefox 59.0.3 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.16.2 All uBlock Origin contributors default Firefox 59.0.3 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension Web Compat 1.1 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.1008 Google Inc. default Firefox 59.0.3 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.7.1 Mozilla Corporation default Firefox 59.0.3 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\bufbqynu.default\gmp-gmpopenh264\1.7.1\gmpopenh264.dll
  • ペソネ
  • 2018/05/01 (Tue) 20:57:57
返信フォームへ 
FFの入れなおししてみましょう
作業と報告、ご苦労様です。
CCの各ログを見せてもらいましたが、こちらも怪しいところは見えないようです。
どうやらCCの過剰反応の疑いがますます高いですね。

先にACで検出されたものを隔離後にFirefoxの動作が怪しくなったのもFFの拡張絡みでしょう。

それなら一度FFを完全削除後に再インストールしてみますか。
下記ページの説明を読んでから
https://blogs.yahoo.co.jp/fukumadenbekkan/57755938.html

そこで記述している手順に沿って一度FFを削除してください。
普通にアンインストールしただけではブラウザのプロファイルが残ることがあるので、再インストール後もその設定を引きずって同じ異常が続くこともあります。

完全削除後にFFの再インストールできたら、そこでFFの動作確認後に状態報告をレスください
  • 悪代官
  • 2018/05/01 (Tue) 21:15:43
返信フォームへ 
Re: PUP.Optional.Legacyについて
ご返信ありがとうございます。

Firefoxの件ですが、悪代官さんが仰った手順通りにアンインストールし、
再インストールしてからというもの
前の重さが信じられないほど快適になりました。


  • ペソネ
  • 2018/05/01 (Tue) 21:59:10
返信フォームへ 
ではそこでAC再スキャンしてみてください
FF入れなおしで動作復活したようですね。
やはりFFをACが誤検出してましたか。

それでは今の状態で、またACでスキャンしてみてください。
ただし何か検出されても隔離は一切せず、ログだけを保存したらそのログをレスで見せてください。

再スキャンでまた件のエントリが検出されればそこが鍵になるでしょう。

なお、自分が次にレスできるのは明日夕方か夜になりそうなので、異常が出てなければ作業も急がなくていいです。
作業しながら様子見もして、他に何か異常が見えたらそれも教えてください
  • 悪代官
  • 2018/05/01 (Tue) 22:18:18
返信フォームへ 
Re: PUP.Optional.Legacyについて
何度もお手数をお掛けして申し訳ありません。
ACでスキャンした結果、何の異常も検出されませんでした。
動作につきましてもおかしな点は見当たりません。
以下ACログになります。
# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-04-30.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-01-2018
# Duration: 00:00:23
# OS: Windows 10 Home
# Scanned: 40814
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########

今気づいたのですが、CCがポータブル版ではありませんでした。
特に問題はありませんでしょうか?
  • ペソネ
  • 2018/05/01 (Tue) 22:35:07
返信フォームへ 
次はOTLでも調べましょう
レスが遅くなってすみません。
さっきまで風呂入ってました(うちの風呂には由○かおるはいません

ACのログを見せてもらいましたが、特に怪しいものは見えないですね。
ではブラウザ状態も正常ならそこはいいでしょう。
ACは不要なら起動後に「設定」画面で「AdwCleanerを削除する」クリックすればアンインストールできます。
念の為しばらく様子見するならそれまで残しておいてもいいでしょう。

それではもう少し解析してみますか。
先のスレでも使ったOTLを再度使いましょう。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。
ただし、Windows10をお使いの場合は本体ファイルをそのまま削除すればいいです。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで1万文字以内に分割して、複数回に分けてレス送信してください。
1万文字を越えた投稿はfc2の文字数制限で途切れてしまうためです。
http://www1.odn.ne.jp/megukuma/count.htm

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
  • 悪代官
  • 2018/05/02 (Wed) 20:39:49
返信フォームへ 
OTLログ1
悪代官さんこんばんは。
昨日は遅くまでお付き合いいただきありがとうございました。
この間のWindowsUpdateにて、バージョン1803の更新プログラムをねじ込まれたので
その影響があるかもしれません。
ちなみにextra.txtはありませんでした。
以下ログになります。よろしくお願いします。
OTL logfile created on: 2018/05/02 21:05:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\imagawa\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.16299.0)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.80 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 56.72% Memory free
4.49 Gb Paging File | 2.69 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 386.41 Gb Total Space | 329.25 Gb Free Space | 85.21% Space Free | Partition Type: NTFS
Drive D: | 65.19 Gb Total Space | 61.75 Gb Free Space | 94.72% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-1PRU7ED | User Name: imagawa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2018/05/02 21:01:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\imagawa\Downloads\OTL.exe
PRC - [2018/04/16 05:47:33 | 000,649,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontdrvhost.exe
PRC - [2018/03/23 12:49:50 | 003,751,712 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2018/02/05 13:41:24 | 001,227,840 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\uiWinMgr.exe
PRC - [2018/02/05 13:34:10 | 000,245,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2017/07/20 05:17:18 | 000,374,968 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2018/02/05 13:34:24 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\boost_thread-vc140-mt-1_62.dll
MOD - [2018/02/05 13:34:24 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\boost_date_time-vc140-mt-1_62.dll
MOD - [2018/02/05 13:34:24 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\boost_chrono-vc140-mt-1_62.dll
MOD - [2018/02/05 13:34:24 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\boost_system-vc140-mt-1_62.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2018/04/16 05:07:05 | 000,702,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:[b]64bit:[/b] - [2018/04/16 05:06:33 | 000,820,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2018/04/16 05:04:27 | 001,236,480 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TokenBroker.dll -- (TokenBroker)
SRV:[b]64bit:[/b] - [2018/04/16 05:03:54 | 002,628,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2018/04/16 05:03:44 | 003,177,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2018/04/16 05:00:57 | 002,223,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2018/03/30 21:34:45 | 000,956,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Spectrum.exe -- (spectrum)
SRV:[b]64bit:[/b] - [2018/03/30 14:05:17 | 000,059,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:[b]64bit:[/b] - [2018/03/30 13:58:44 | 000,898,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:[b]64bit:[/b] - [2018/03/30 12:37:08 | 001,298,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:32:57 | 000,048,640 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:[b]64bit:[/b] - [2018/03/30 12:32:56 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2018/03/30 12:32:04 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:39 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dusmsvc.dll -- (DusmSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:30 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:30 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:27 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:23 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:23 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:23 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:23 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:23 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:23 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:05 | 000,795,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NaturalAuth.dll -- (NaturalAuthentication)
SRV:[b]64bit:[/b] - [2018/03/30 12:30:48 | 000,208,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:30:40 | 000,588,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:[b]64bit:[/b] - [2018/03/30 12:30:35 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:30:32 | 000,309,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2018/03/30 12:30:32 | 000,309,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2018/03/30 12:30:08 | 000,284,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2018/03/30 12:29:55 | 000,555,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:[b]64bit:[/b] - [2018/03/30 12:29:41 | 000,791,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:28:03 | 001,245,184 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:28:01 | 000,951,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:[b]64bit:[/b] - [2018/03/30 12:27:55 | 000,813,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2018/03/30 12:27:51 | 000,889,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:26:27 | 001,573,376 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:25:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2018/03/27 14:32:50 | 006,479,136 | ---- | M] (Malwarebytes) [On_Demand | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:[b]64bit:[/b] - [2018/03/13 15:51:24 | 002,896,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2018/03/01 16:17:39 | 000,519,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SecurityHealthService.exe -- (SecurityHealthService)
SRV:[b]64bit:[/b] - [2018/03/01 14:47:13 | 000,484,352 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:[b]64bit:[/b] - [2018/02/10 15:06:57 | 000,824,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:[b]64bit:[/b] - [2018/02/10 15:06:48 | 004,486,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:[b]64bit:[/b] - [2018/02/10 13:50:14 | 001,313,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\InstallService.dll -- (InstallService)
SRV:[b]64bit:[/b] - [2018/02/10 13:44:07 | 000,302,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:[b]64bit:[/b] - [2018/02/10 13:40:58 | 001,234,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SEMgrSvc.dll -- (SEMgrSvc)
SRV:[b]64bit:[/b] - [2018/02/10 13:38:09 | 000,699,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2018/02/10 13:37:32 | 000,308,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:[b]64bit:[/b] - [2018/02/10 13:36:01 | 000,685,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2018/02/10 13:35:01 | 000,667,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:[b]64bit:[/b] - [2018/01/01 20:19:13 | 000,188,416 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:[b]64bit:[/b] - [2017/12/08 07:07:14 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PushToInstall.dll -- (PushToInstall)
SRV:[b]64bit:[/b] - [2017/11/26 21:29:30 | 000,238,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2017/10/25 12:16:12 | 000,227,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\CapabilityAccessManager.dll -- (camsvc)
SRV:[b]64bit:[/b] - [2017/10/25 12:08:50 | 000,654,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:[b]64bit:[/b] - [2017/09/29 22:43:11 | 000,636,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2017/09/29 22:43:11 | 000,431,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:08 | 001,346,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lpasvc.dll -- (wlpasvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:07 | 000,622,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WFDSConMgrSvc.dll -- (WFDSConMgrSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:07 | 000,421,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SharedRealitySvc.dll -- (SharedRealitySvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:07 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:06 | 000,088,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:05 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:03 | 000,213,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DiagSvc.dll -- (diagsvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:01 | 000,302,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:58 | 001,288,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:57 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PrintWorkflowService.dll -- (PrintWorkflowUserSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:57 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:56 | 000,542,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:45 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:45 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:44 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:44 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,779,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (PrintWorkflowUserSvc_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (DevicesFlowUserSvc_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,048,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_13358e)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:38 | 000,696,320 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\DevicesFlowBroker.dll -- (DevicesFlowUserSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:38 | 000,194,560 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:35 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 001,345,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,456,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,057,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\xboxgipsvc.dll -- (XboxGipSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 001,082,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,363,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,284,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,086,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,072,704 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,046,080 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:30 | 000,561,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:28 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.WARP.JITService.dll -- (WarpJITSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:27 | 001,272,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:27 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GraphicsPerfSvc.dll -- (GraphicsPerfSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:27 | 000,059,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\xbgmsvc.exe -- (xbgm)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:26 | 001,107,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:26 | 000,696,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:26 | 000,096,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:26 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:25 | 001,143,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:25 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:23 | 000,063,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipxlatcfg.dll -- (IpxlatCfgSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:23 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 001,827,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,456,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2007/02/13 08:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2018/05/01 12:11:25 | 000,194,512 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2018/04/16 05:05:42 | 000,516,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2018/04/16 05:03:31 | 000,920,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\TokenBroker.dll -- (TokenBroker)
SRV - [2018/03/30 13:23:56 | 000,566,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2018/03/30 12:38:47 | 000,966,656 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2018/03/30 10:37:34 | 000,356,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe -- (WdNisSvc)
SRV - [2018/03/30 10:37:33 | 000,106,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe -- (WinDefend)
SRV - [2018/03/13 15:51:24 | 002,896,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2018/02/10 14:08:02 | 003,980,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2018/02/10 13:46:37 | 001,008,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\InstallService.dll -- (InstallService)
SRV - [2017/09/29 22:42:22 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\PrintWorkflowService.dll -- (PrintWorkflowUserSvc)
SRV - [2017/09/29 22:42:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
  • ペソネ
  • 2018/05/02 (Wed) 22:00:33
返信フォームへ 
OTLログ2
ログ2
[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2018/05/02 21:02:20 | 000,253,664 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:[/b] - [2018/04/24 09:43:44 | 000,073,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:[b]64bit:[/b] - [2018/04/16 06:49:43 | 000,373,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2018/03/30 14:12:57 | 000,075,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2018/03/30 14:03:57 | 000,059,808 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bam.sys -- (bam)
DRV:[b]64bit:[/b] - [2018/03/30 14:01:29 | 000,571,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2018/03/30 14:01:02 | 000,034,208 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2018/03/30 13:53:04 | 000,163,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2018/03/30 13:51:43 | 000,071,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:[b]64bit:[/b] - [2018/03/30 13:51:27 | 000,147,872 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:[b]64bit:[/b] - [2018/03/30 12:33:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2018/03/30 12:33:54 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:[b]64bit:[/b] - [2018/03/30 12:33:52 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2018/03/30 12:33:51 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2018/03/30 12:33:32 | 000,119,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:[b]64bit:[/b] - [2018/03/30 12:33:09 | 000,079,872 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:[b]64bit:[/b] - [2018/03/30 12:33:04 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2018/03/30 12:32:56 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2018/03/30 12:32:55 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:[b]64bit:[/b] - [2018/03/30 12:32:53 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:[b]64bit:[/b] - [2018/03/30 12:32:48 | 000,192,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2018/03/30 12:32:40 | 000,225,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winnat.sys -- (WinNat)
DRV:[b]64bit:[/b] - [2018/03/30 12:20:39 | 000,240,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2018/03/30 10:37:34 | 000,288,296 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2018/03/30 10:37:34 | 000,129,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2018/03/30 10:37:34 | 000,046,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2018/03/13 15:54:16 | 000,555,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2018/03/13 14:38:31 | 000,071,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2018/03/01 14:51:55 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2018/03/01 14:46:03 | 000,770,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:[b]64bit:[/b] - [2018/02/22 11:10:34 | 000,285,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2018/02/22 11:02:49 | 000,149,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2018/02/22 10:54:20 | 000,437,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2018/02/22 10:52:26 | 000,103,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2018/02/22 10:51:38 | 000,045,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:[b]64bit:[/b] - [2018/02/22 10:51:00 | 000,097,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2018/02/22 10:50:42 | 000,229,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2018/02/22 09:31:14 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:[b]64bit:[/b] - [2018/02/10 13:49:33 | 000,385,536 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\cldflt.sys -- (CldFlt)
DRV:[b]64bit:[/b] - [2018/01/31 07:13:24 | 000,132,512 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TMUMH.sys -- (tmumh)
DRV:[b]64bit:[/b] - [2018/01/22 18:03:04 | 000,134,264 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmusa.sys -- (tmusa)
DRV:[b]64bit:[/b] - [2018/01/17 01:18:34 | 000,562,296 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)
DRV:[b]64bit:[/b] - [2017/10/25 12:16:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:[b]64bit:[/b] - [2017/10/18 16:26:13 | 000,060,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:[b]64bit:[/b] - [2017/10/05 02:55:50 | 000,140,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:[b]64bit:[/b] - [2017/10/05 02:55:44 | 000,449,688 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:[b]64bit:[/b] - [2017/10/05 02:55:44 | 000,145,048 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:[b]64bit:[/b] - [2017/09/30 23:38:19 | 000,037,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2017/09/30 23:38:17 | 000,056,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys -- (SpatialGraphFilter)
DRV:[b]64bit:[/b] - [2017/09/30 23:38:15 | 000,030,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2017/09/29 22:42:05 | 000,081,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:56 | 000,128,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:47 | 000,087,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,225,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,132,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,055,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:41 | 001,849,752 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:41 | 000,209,304 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:41 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdnsfltr.sys -- (wdnsfltr)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:40 | 000,936,856 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,266,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,154,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,146,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,081,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,074,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,039,320 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,169,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:31 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshwnclx.sys -- (HwNClx0101)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:25 | 000,124,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:23 | 000,056,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:23 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:17 | 000,030,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,227,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,127,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,123,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,039,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ramdisk.sys -- (Ramdisk)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:14 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipt.sys -- (IPT)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,281,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,140,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,107,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,097,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,050,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,049,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,028,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,027,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:08 | 000,018,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:04 | 000,033,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SDFRd.sys -- (SDFRd)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,674,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,604,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,505,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbhost.sys -- (mausbhost)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,118,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmem.sys -- (pmem)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvdimmn.sys -- (nvdimmn)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,079,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,055,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbip.sys -- (mausbip)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vnvdimm.sys -- (vnvdimm)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\invdimm.sys -- (invdimm)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,037,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bttflt.sys -- (bttflt)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,028,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,015,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:03 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 001,723,288 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 001,135,512 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,842,648 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,526,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,357,272 | ---- | M] (Chelsio Communications) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,305,560 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,258,592 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,123,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,108,952 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,107,416 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,103,320 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,083,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,082,840 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,064,920 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,063,896 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,063,520 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,063,520 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,061,848 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,058,776 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,032,152 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,031,128 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,027,032 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:02 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:01 | 003,419,032 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:01 | 000,533,912 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:01 | 000,130,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:01 | 000,103,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rhproxy.sys -- (rhproxy)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:01 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2017/09/29 22:41:01 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnpmem.sys -- (PNPMEM)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 004,233,728 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwnx.sys -- (athr)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys -- (iaLPSS2i_I2C_BXT_P)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,171,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,118,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,091,648 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,088,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys -- (iaLPSS2i_GPIO2_BXT_P)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,079,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,060,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAD.sys -- (CAD)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys -- (CompositeBus)
DRV:[b]64bit:[/b] - [2017/09/29 22:40:59 | 000,036,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:[b]64bit:[/b] - [2017/09/07 13:04:56 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2017/05/10 15:46:18 | 000,147,672 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:[b]64bit:[/b] - [2015/06/23 10:49:48 | 000,039,056 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\tmel.sys -- (tmel)
DRV:[b]64bit:[/b] - [2013/07/13 02:07:18 | 000,385,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2012/11/27 00:26:12 | 012,311,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010/11/05 05:33:12 | 000,055,272 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:[b]64bit:[/b] - [2010/08/30 04:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010/04/02 06:03:58 | 000,073,960 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:[b]64bit:[/b] - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009/07/22 00:41:22 | 000,011,776 | ---- | M] (NEC Corporation, NEC Personal Products, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\necbatt.sys -- (necbatt)
DRV:[b]64bit:[/b] - [2009/07/15 16:36:06 | 000,013,312 | ---- | M] (NEC Corporation, NEC Personal Products, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nececfil.sys -- (Nececfilter)
DRV:[b]64bit:[/b] - [2008/12/11 19:17:07 | 000,009,728 | ---- | M] (NEC Corporation, NEC Personal Products, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Ps2LedIF.sys -- (Ps2LedIF)
DRV:[b]64bit:[/b] - [2008/12/09 21:01:37 | 000,020,480 | ---- | M] ((C)NEC Corporation, NEC Personal Products, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfkgtkey.sys -- (MFKGTKEY)
DRV:[b]64bit:[/b] - [2008/12/09 15:17:00 | 000,011,776 | ---- | M] (NEC Corporation, NEC Personal Products, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ps2Led.sys -- (Ps2Led)
DRV - [2017/09/29 22:40:59 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys -- (CompositeBus)
  • ペソネ
  • 2018/05/02 (Wed) 22:01:52
返信フォームへ 
OTLログ3
ログ3
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ja-jp/?ocid=iehp
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - user.js - File not found


64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fftmtoolbar@trendmicro.com: C:\PROGRAM FILES (X86)\NTTW\SECURITY\SEC\UIFRAMEWORK\TOOLBAR\FIREFOXEXTENSION [2018/04/25 09:04:36 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 59.0.3\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 59.0.3\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fftmtoolbar@trendmicro.com: C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension [2018/04/25 09:04:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 52.7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 52.7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2018/05/01 21:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Extensions
[2018/05/01 21:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\SystemExtensionsDev
[2018/05/01 21:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Firefox\Profiles\5l0gf04d.default\browser-extension-data
[2018/05/02 21:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Firefox\Profiles\5l0gf04d.default\browser-extension-data\uBlock0@raymondhill.net
[2018/05/01 21:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Firefox\Profiles\5l0gf04d.default\extensions
[2018/05/01 21:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Firefox\Profiles\5l0gf04d.default\storage\default\moz-extension+++4a6cdbc6-76c4-4c06-8f0c-9cad7004f701
[2018/05/02 21:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\Firefox\Profiles\5l0gf04d.default\storage\default\moz-extension+++4a6cdbc6-76c4-4c06-8f0c-9cad7004f701\idb
[2018/05/01 21:49:43 | 002,168,755 | ---- | M] () (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\firefox\profiles\5l0gf04d.default\extensions\uBlock0@raymondhill.net.xpi
[2018/05/01 21:56:56 | 000,006,212 | ---- | M] () (No name found) -- C:\Users\imagawa\AppData\Roaming\mozilla\firefox\profiles\5l0gf04d.default\features\{b98183bd-2f2a-4135-8c81-acb978c716e0}\tls13-rollout-bug1442042@mozilla.org.xpi

O1 HOSTS File: ([2017/04/14 23:54:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (トレンドマイクロセキュリティツールバーヘルパー) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (トレンドマイクロセキュリティツールバーヘルパー) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (セキュリティツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (セキュリティツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NECMFK] C:\Program Files\NECMFK\necmfk.exe (NEC Corporation, NEC Personal Products, Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Platinum] C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFullTrustStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUwpStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportFullTrustStartupTasks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportUwpStartupTasks = 1
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{200d8f80-1235-48dd-8e77-d7ad9b7583cb}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll (Î÷ÈÕ±¾ëŠÐÅëŠÔ’Öêʽ»áÉç)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {4FC4FAB8-DD2C-3F8B-B378-F6EF65C0EC05} - .NET Framework
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\inf\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {54BDBDCB-ED26-30CA-BFFC-5B5E414C3793} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
  • ペソネ
  • 2018/05/02 (Wed) 22:03:36
返信フォームへ 
OTLログ4
ログ4
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2018/05/01 21:48:20 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Roaming\Mozilla
[2018/05/01 21:48:19 | 000,000,000 | ---D | C] -- C:\Users\imagawa\AppData\Local\Mozilla
[2018/05/01 19:33:12 | 000,253,664 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamswissarmy.sys
[2018/05/01 19:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2018/05/01 19:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2018/05/01 19:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2018/05/01 13:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2018/05/01 13:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2018/05/01 12:00:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2018/04/25 15:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2018/04/25 09:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TmSentry
[2018/04/24 09:41:50 | 001,430,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe
[2018/04/24 09:41:49 | 002,628,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2018/04/24 09:41:49 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll
[2018/04/24 09:41:49 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\daxexec.dll
[2018/04/24 09:41:48 | 001,669,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wpc.dll
[2018/04/24 09:41:46 | 017,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2018/04/24 09:41:46 | 005,195,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdp.dll
[2018/04/24 09:41:45 | 013,704,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2018/04/24 09:41:45 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cdp.dll
[2018/04/24 09:41:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\IndexedDbLegacy.dll
[2018/04/24 09:41:44 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2018/04/24 09:41:44 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EdgeManager.dll
[2018/04/24 09:41:43 | 018,924,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2018/04/24 09:41:43 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\webplatstorageserver.dll
[2018/04/24 09:41:43 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2018/04/24 09:41:43 | 000,311,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2018/04/24 09:41:43 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFilterHost.exe
[2018/04/24 09:41:43 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2018/04/24 09:41:41 | 002,677,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2018/04/24 09:41:41 | 000,649,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2018/04/24 09:41:41 | 000,559,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2018/04/24 09:41:41 | 000,408,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2018/04/24 09:41:41 | 000,382,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2018/04/24 09:41:41 | 000,377,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2018/04/24 09:41:41 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserexport.exe
[2018/04/24 09:41:41 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2018/04/24 09:41:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll
[2018/04/24 09:41:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2018/04/24 09:41:40 | 002,413,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll
[2018/04/24 09:41:39 | 007,384,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2018/04/24 09:41:39 | 001,123,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3D12.dll
[2018/04/24 09:41:39 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\t2embed.dll
[2018/04/24 09:41:39 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhosdeployment.dll
[2018/04/24 09:41:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\t2embed.dll
[2018/04/24 09:41:38 | 003,405,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2018/04/24 09:41:38 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbonRes.dll
[2018/04/24 09:41:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2018/04/24 09:41:37 | 002,902,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2018/04/24 09:41:37 | 001,954,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2018/04/24 09:41:37 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2018/04/24 09:41:37 | 000,779,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2018/04/24 09:41:37 | 000,749,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys
[2018/04/24 09:41:37 | 000,373,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys
[2018/04/24 09:41:37 | 000,128,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tm.sys
[2018/04/24 09:41:35 | 002,523,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gameux.dll
[2018/04/24 09:41:35 | 001,433,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2018/04/24 09:41:34 | 006,482,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2018/04/24 09:41:34 | 006,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2018/04/24 09:41:34 | 004,747,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2018/04/24 09:41:34 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2018/04/24 09:41:33 | 006,576,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2018/04/24 09:41:33 | 001,416,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3D12.dll
[2018/04/24 09:41:33 | 001,057,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll
[2018/04/24 09:41:33 | 000,820,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netlogon.dll
[2018/04/24 09:41:33 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2018/04/24 09:41:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll
[2018/04/24 09:41:32 | 003,490,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbon.dll
[2018/04/24 09:41:32 | 002,464,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2018/04/24 09:41:32 | 001,490,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2018/04/24 09:41:32 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbonRes.dll
[2018/04/24 09:41:32 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2018/04/24 09:41:31 | 002,741,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2018/04/24 09:41:31 | 001,498,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebRuntimeManager.dll
[2018/04/24 09:41:30 | 008,600,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2018/04/24 09:41:30 | 003,663,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2018/04/24 09:41:30 | 002,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2018/04/24 09:41:29 | 008,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2018/04/24 09:41:29 | 001,638,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2018/04/24 09:41:28 | 012,689,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2018/04/24 09:41:28 | 001,056,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvax64.exe
[2018/04/24 09:41:28 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2018/04/24 09:41:28 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IndexedDbLegacy.dll
[2018/04/24 09:41:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceUpdateAgent.dll
[2018/04/24 09:41:28 | 000,077,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvloader.dll
[2018/04/24 09:41:27 | 004,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2018/04/24 09:41:27 | 001,524,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2018/04/24 09:41:27 | 001,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvproc.dll
[2018/04/24 09:41:26 | 008,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2018/04/24 09:41:25 | 003,995,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbon.dll
[2018/04/24 09:41:25 | 001,925,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2018/04/24 09:41:25 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2018/04/24 09:41:25 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2018/04/24 09:41:24 | 002,857,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2018/04/24 09:41:24 | 002,513,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2018/04/24 09:41:22 | 000,675,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\webplatstorageserver.dll
[2018/04/24 09:41:21 | 013,660,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2018/04/24 09:41:21 | 001,206,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvix64.exe
[2018/04/24 09:41:20 | 025,253,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2018/04/24 09:41:20 | 004,814,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2018/04/24 09:41:20 | 001,779,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2018/04/24 09:41:19 | 000,747,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2018/04/24 09:41:19 | 000,598,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2018/04/24 09:41:19 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingMonitor.dll
[2018/04/24 09:41:19 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingMonitor.dll
[2018/04/24 09:41:19 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BrowserSettingSync.dll
[2018/04/24 09:41:18 | 001,236,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll
[2018/04/24 09:41:18 | 000,979,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2018/04/24 09:41:18 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2018/04/24 09:41:18 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll
[2018/04/24 09:41:18 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsEnvironment.Desktop.dll
[2018/04/24 09:41:17 | 004,385,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2018/04/24 09:41:17 | 002,890,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Resources.dll
[2018/04/24 09:41:17 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll
[2018/04/24 09:41:17 | 000,695,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2018/04/24 09:41:17 | 000,576,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hgcpl.dll
[2018/04/24 09:41:17 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2018/04/24 09:41:17 | 000,329,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputSwitch.dll
[2018/04/24 09:41:17 | 000,247,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserbroker.dll
[2018/04/24 09:41:17 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twext.dll
[2018/04/24 09:41:16 | 004,113,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2018/04/24 09:41:16 | 003,287,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncCenter.dll
[2018/04/24 09:41:16 | 000,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2018/04/24 09:41:16 | 000,524,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.immersiveshell.serviceprovider.dll
[2018/04/24 09:41:15 | 005,859,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StartTileData.dll
[2018/04/24 09:41:15 | 002,976,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.pcshell.dll
[2018/04/24 09:41:15 | 000,421,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputSwitch.dll
[2018/04/24 09:41:14 | 006,466,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2018/04/24 09:41:14 | 003,485,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2018/04/24 09:41:14 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2018/04/24 09:41:14 | 000,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssvp.dll
[2018/04/24 09:41:14 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hgcpl.dll
[2018/04/24 09:41:14 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppBroker.dll
[2018/04/24 09:41:14 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2018/04/24 09:41:14 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twext.dll
[2018/04/24 09:41:13 | 007,675,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll
[2018/04/24 09:41:13 | 000,048,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2018/04/24 09:41:12 | 004,772,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll
[2018/04/24 09:41:12 | 001,057,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2018/04/24 09:41:12 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntshrui.dll
[2018/04/24 09:41:11 | 007,545,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2018/04/24 09:41:11 | 003,367,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncCenter.dll
[2018/04/24 09:41:11 | 001,463,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2018/04/24 09:41:11 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl
[2018/04/24 09:41:11 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\zipfldr.dll
[2018/04/24 09:41:10 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2018/04/24 09:41:10 | 000,965,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontext.dll
[2018/04/24 09:41:10 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll
[2018/04/24 09:41:09 | 003,904,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2018/04/24 09:41:08 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2018/04/24 09:41:07 | 006,092,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll
[2018/04/24 09:41:07 | 002,814,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themeui.dll
[2018/04/24 09:41:02 | 003,177,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2018/04/24 09:41:02 | 002,209,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2018/04/24 09:41:02 | 001,495,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2018/04/24 09:41:02 | 000,688,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2018/04/24 09:41:02 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxSysprep.dll
[2018/04/24 09:41:01 | 002,711,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2018/04/24 09:41:01 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll
[2018/04/24 09:41:01 | 001,209,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2018/04/24 09:41:01 | 001,092,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2018/04/24 09:41:01 | 000,924,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2018/04/24 09:41:00 | 002,462,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2018/04/24 09:41:00 | 002,268,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsrcsnk.dll
[2018/04/24 09:41:00 | 001,456,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsrcsnk.dll
[2018/04/24 09:41:00 | 001,425,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.Handlers.dll
[2018/04/24 09:41:00 | 001,415,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2018/04/24 09:41:00 | 001,017,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2018/04/24 09:40:59 | 002,490,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\themecpl.dll
[2018/04/24 09:40:59 | 002,462,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themecpl.dll
[2018/04/24 09:40:59 | 001,506,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2018/04/24 09:40:59 | 001,353,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2018/04/24 09:40:59 | 001,230,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2018/04/24 09:40:59 | 000,608,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2018/04/24 09:40:59 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2018/04/24 09:40:59 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_User.dll
[2018/04/24 09:40:59 | 000,423,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2018/04/24 09:40:59 | 000,137,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2018/04/24 09:40:59 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IdCtrls.dll
[2018/04/24 09:40:59 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\IdCtrls.dll
[2018/04/24 09:40:59 | 000,069,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32appinventorycsp.dll
[2018/04/24 09:40:58 | 001,568,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2018/04/24 09:40:58 | 000,748,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2018/04/24 09:40:58 | 000,664,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2018/04/24 09:40:57 | 003,180,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2018/04/24 09:40:57 | 000,837,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll
[2018/04/24 09:40:57 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserLanguagesCpl.dll
[2018/04/24 09:40:57 | 000,559,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll
[2018/04/24 09:40:57 | 000,543,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2018/04/24 09:40:57 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2018/04/24 09:40:56 | 008,432,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2018/04/24 09:40:56 | 002,386,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2018/04/24 09:40:56 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MicrosoftAccountWAMExtension.dll
[2018/04/24 09:40:55 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MicrosoftAccountWAMExtension.dll
[2018/04/24 09:40:55 | 000,300,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2018/04/24 09:40:54 | 007,813,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2018/04/24 09:40:54 | 001,224,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ShareHost.dll
[2018/04/24 09:40:54 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EdgeManager.dll
[2018/04/24 09:40:54 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BrowserSettingSync.dll
[2018/04/24 09:40:53 | 001,269,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2018/04/24 09:40:53 | 000,899,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SmartcardCredentialProvider.dll
[2018/04/24 09:40:53 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.CloudStore.Schema.Shell.dll
[2018/04/24 09:40:53 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Geolocation.dll
[2018/04/24 09:40:53 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmcertinst.exe
[2018/04/24 09:40:53 | 000,077,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudNotifications.exe
[2018/04/24 09:40:52 | 001,873,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2018/04/24 09:40:52 | 000,997,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll
[2018/04/24 09:40:52 | 000,832,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2018/04/24 09:40:52 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2018/04/24 09:40:52 | 000,682,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidprov.dll
[2018/04/24 09:40:52 | 000,563,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppResolver.dll
[2018/04/24 09:40:52 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wldap32.dll
[2018/04/24 09:40:51 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2018/04/24 09:40:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ngccredprov.dll
[2018/04/24 09:40:51 | 000,661,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comctl32.dll
[2018/04/24 09:40:51 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SmartcardCredentialProvider.dll
[2018/04/24 09:40:51 | 000,531,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidprov.dll
[2018/04/24 09:40:51 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmenrollengine.dll
[2018/04/24 09:40:51 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2018/04/24 09:40:51 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAFWSD.dll
[2018/04/24 09:40:50 | 003,630,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstsc.exe
[2018/04/24 09:40:50 | 000,976,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe
[2018/04/24 09:40:50 | 000,674,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockController.dll
[2018/04/24 09:40:50 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcore.dll
[2018/04/24 09:40:50 | 000,444,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppResolver.dll
[2018/04/24 09:40:49 | 003,430,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe
[2018/04/24 09:40:49 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Management.dll
[2018/04/24 09:40:49 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ngccredprov.dll
[2018/04/24 09:40:49 | 000,535,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpcore.dll
[2018/04/24 09:40:49 | 000,448,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockHostingFramework.dll
[2018/04/24 09:40:49 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovhost.dll
[2018/04/24 09:40:49 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovhost.dll
[2018/04/24 09:40:49 | 000,198,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudStorageWizard.exe
[2018/04/24 09:40:49 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredProv2faHelper.dll
[2018/04/24 09:40:49 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudNotifications.exe
[2018/04/24 09:40:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LaunchWinApp.exe
[2018/04/24 09:40:48 | 000,166,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudStorageWizard.exe
[2018/04/24 09:40:48 | 000,063,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appidapi.dll
[2018/04/24 09:40:48 | 000,052,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appidapi.dll
[2018/04/24 09:40:47 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovs.dll
[2018/04/24 09:40:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredProv2faHelper.dll
[2018/04/24 09:40:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmenrollengine.dll
[2018/04/24 09:40:46 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll
[2018/04/24 09:40:46 | 000,327,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shlwapi.dll
[2018/04/24 09:40:46 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BitLockerCsp.dll
[2018/04/24 09:40:45 | 001,472,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsecedit.dll
[2018/04/24 09:40:45 | 000,971,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MCRecvSrc.dll
[2018/04/24 09:40:45 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2018/04/24 09:40:45 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Management.dll
[2018/04/24 09:40:45 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.UserAccountsHandlers.dll
[2018/04/24 09:40:45 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AboveLockAppHost.dll
[2018/04/24 09:40:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovs.dll
[2018/04/24 09:40:45 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll
[2018/04/24 09:40:45 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srpapi.dll
[2018/04/24 09:40:45 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srpapi.dll
[2018/04/24 09:40:45 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BitLockerCsp.dll
[2018/04/24 09:40:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eShims.dll
[2018/04/24 09:40:44 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ByteCodeGenerator.exe
[2018/04/24 09:40:43 | 001,332,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsecedit.dll
[2018/04/24 09:40:43 | 000,669,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCRecvSrc.dll
[2018/04/24 09:40:43 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wincorlib.dll
[2018/04/24 09:40:43 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceEnroller.exe
[2018/04/24 09:40:43 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AboveLockAppHost.dll
[2018/04/24 09:40:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\coredpus.dll
[2018/04/24 09:40:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2018/04/24 09:40:43 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enrollmentapi.dll
[2018/04/24 09:40:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2018/04/24 09:40:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll
[2018/04/24 09:40:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmmigrator.dll
[2018/04/24 09:40:43 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssitlb.dll
[2018/04/24 09:40:43 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncPolicy.dll
[2018/04/24 09:40:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncPolicy.dll
[2018/04/24 09:40:43 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll
[2018/04/24 09:40:43 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ByteCodeGenerator.exe
[2018/04/24 09:40:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBrokerUI.dll
[2018/04/24 09:40:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBrokerUI.dll
[2018/04/21 13:49:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2018/04/21 10:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2018/04/21 10:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2018/04/21 10:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2018/04/13 02:36:37 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2018/04/11 09:41:23 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msIso.dll
[2018/04/11 09:41:23 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgeIso.dll
[2018/04/11 09:41:22 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpbase.dll
[2018/04/11 09:41:21 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2018/04/11 09:41:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2018/04/11 09:41:19 | 002,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2018/04/11 09:41:19 | 001,485,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpserverbase.dll
[2018/04/11 09:41:19 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2018/04/11 09:41:19 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\vmbkmclr.sys
[2018/04/11 09:41:19 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wcnfs.sys
[2018/04/11 09:41:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\virtdisk.dll
[2018/04/11 09:41:19 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wow64cpu.dll
[2018/04/11 09:41:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Bluetooth.dll
[2018/04/11 09:41:17 | 001,657,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpserverbase.dll
[2018/04/11 09:41:17 | 001,097,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpbase.dll
[2018/04/11 09:41:17 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2018/04/11 09:41:17 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnApi.dll
[2018/04/11 09:41:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\virtdisk.dll
[2018/04/11 09:41:17 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VmApplicationHealthMonitorProxy.dll
[2018/04/11 09:41:16 | 000,471,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hal.dll
[2018/04/11 09:41:16 | 000,163,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys
[2018/04/11 09:41:15 | 000,649,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\advapi32.dll
[2018/04/11 09:41:15 | 000,081,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\vmbkmcl.sys
[2018/04/11 09:41:14 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2018/04/11 09:41:14 | 000,599,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\securekernel.exe
[2018/04/11 09:41:14 | 000,340,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2018/04/11 09:41:14 | 000,319,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wow64.dll
[2018/04/11 09:41:14 | 000,147,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wcifs.sys
[2018/04/11 09:41:13 | 002,083,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2018/04/11 09:41:13 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2018/04/11 09:41:12 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2018/04/11 09:41:12 | 000,566,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CoreMessaging.dll
[2018/04/11 09:41:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2018/04/11 09:41:11 | 000,966,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Unistore.dll
[2018/04/11 09:41:11 | 000,748,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhoneProviders.dll
[2018/04/11 09:41:11 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskcomp.dll
[2018/04/11 09:41:11 | 000,059,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\bam.sys
[2018/04/11 09:41:10 | 000,536,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgeIso.dll
[2018/04/11 09:41:10 | 000,461,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wifitask.exe
[2018/04/11 09:41:10 | 000,401,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rascustom.dll
[2018/04/11 09:41:10 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringservice.dll
[2018/04/11 09:41:08 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2018/04/11 09:41:07 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2018/04/11 09:41:06 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2018/04/11 09:41:05 | 000,808,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2018/04/11 09:41:05 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2018/04/11 09:41:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2018/04/11 09:41:05 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2018/04/11 09:41:04 | 001,474,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2018/04/11 09:41:04 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll
[2018/04/11 09:41:04 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\winnat.sys
[2018/04/11 09:41:04 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\netvsc.sys
[2018/04/11 09:41:04 | 000,129,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hvsocket.sys
[2018/04/11 09:41:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\RfxVmt.sys
[2018/04/11 09:41:02 | 000,898,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CoreMessaging.dll
[2018/04/11 09:41:02 | 000,571,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2018/04/11 09:41:02 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpAXHolder.dll
[2018/04/11 09:41:01 | 000,367,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll
[2018/04/11 09:41:00 | 001,573,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDataService.dll
[2018/04/11 09:41:00 | 001,245,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Unistore.dll
[2018/04/11 09:41:00 | 000,813,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2018/04/11 09:41:00 | 000,436,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PsmServiceExtHost.dll
[2018/04/11 09:40:59 | 001,336,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2018/04/11 09:40:59 | 000,791,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhoneService.dll
[2018/04/11 09:40:58 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgr.dll
[2018/04/11 09:40:57 | 001,343,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wifinetworkmanager.dll
[2018/04/11 09:40:57 | 000,795,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NaturalAuth.dll
[2018/04/11 09:40:57 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msIso.dll
[2018/04/11 09:40:55 | 001,597,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2018/04/11 09:40:54 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2018/04/11 09:40:52 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncController.dll
[2018/04/11 09:40:52 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\APHostService.dll
[2018/04/11 09:40:50 | 000,450,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWanAPI.dll
[2018/04/11 09:40:49 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2018/04/11 09:40:49 | 000,549,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWanAPI.dll
[2018/04/11 09:40:49 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ACPBackgroundManagerPolicy.dll
[2018/04/11 09:40:49 | 000,015,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iumdll.dll
[2018/04/11 09:40:48 | 001,055,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2018/04/11 09:40:48 | 001,002,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\modernexecserver.dll
[2018/04/11 09:40:47 | 002,002,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2018/04/11 09:40:47 | 001,173,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpcrt4.dll
[2018/04/11 09:40:47 | 000,716,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2018/04/11 09:40:46 | 000,289,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
[2018/04/11 09:40:46 | 000,066,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iumcrypt.dll
[2018/04/11 09:40:38 | 003,121,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Microsoft.Bluetooth.Profiles.Gatt.dll
[2018/04/11 09:40:38 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Bluetooth.dll
[2018/04/11 09:40:38 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorService.dll
[2018/04/11 09:40:38 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dusmsvc.dll
[2018/04/11 09:40:37 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Spectrum.exe
[2018/04/11 09:40:37 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\container.dll
[2018/04/11 09:40:36 | 002,511,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ResetEngine.dll
[2018/04/11 09:40:36 | 002,457,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UpdateAgent.dll
[2018/04/11 09:40:36 | 000,508,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\systemreset.exe
[2018/04/11 09:40:36 | 000,292,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wscapi.dll
[2018/04/11 09:40:36 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\convertvhd.exe
[2018/04/11 09:40:35 | 000,479,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ucrtbase_enclave.dll
[2018/04/11 09:40:34 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2018/04/11 09:40:34 | 000,460,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcntel.dll
[2018/04/11 09:40:34 | 000,272,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2018/04/11 09:40:34 | 000,212,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aepic.dll
[2018/04/11 09:40:34 | 000,035,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
[2018/04/11 09:40:33 | 001,298,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usocore.dll
[2018/04/11 09:40:33 | 000,858,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusUpdateHandlers.dll
[2018/04/11 09:40:33 | 000,711,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2018/04/11 09:40:33 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatehandlers.dll
[2018/04/11 09:40:33 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe
[2018/04/11 09:40:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotificationUx.exe
[2018/04/11 09:40:33 | 000,191,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\skci.dll
[2018/04/11 09:40:32 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SmsRouterSvc.dll
[2018/04/11 09:40:32 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vmrdvcore.dll
[2018/04/11 09:40:32 | 000,340,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msexcl40.dll
[2018/04/11 09:40:32 | 000,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sspicli.dll
[2018/04/11 09:40:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\container.dll
[2018/04/11 09:40:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcimage.dll
[2018/04/11 09:40:27 | 000,586,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcp110_win.dll
[2018/04/11 09:40:27 | 000,417,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcp110_win.dll
[2018/04/11 09:40:27 | 000,270,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LsaIso.exe
[2018/04/11 09:40:27 | 000,247,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\logoncli.dll
[2018/04/11 09:40:27 | 000,204,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\basecsp.dll
[2018/04/11 09:40:27 | 000,186,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\logoncli.dll
[2018/04/11 09:40:27 | 000,180,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\basecsp.dll
[2018/04/11 09:40:27 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vertdll.dll
[2018/04/11 09:40:27 | 000,125,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rmclient.dll
[2018/04/11 09:40:27 | 000,099,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rmclient.dll
[2018/04/11 09:40:27 | 000,094,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wwapi.dll
[2018/04/11 09:40:27 | 000,075,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\vpci.sys
[2018/04/11 09:40:27 | 000,073,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wwapi.dll
[2018/04/11 09:40:27 | 000,071,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WindowsTrustedRT.sys
[2018/04/11 09:40:27 | 000,035,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SDFHost.dll
[2018/04/11 09:40:27 | 000,031,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\winhv.sys
[2018/04/11 09:40:27 | 000,022,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iumbase.dll
[2018/04/11 09:40:27 | 000,022,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IumSdk.dll
[2018/04/11 09:40:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scksp.dll
[2018/04/11 09:40:26 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ahcache.sys
[2018/04/11 09:40:26 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scksp.dll
[2018/04/11 09:40:26 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rmcast.sys
[2018/04/11 09:40:26 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\irda.sys
[2018/04/11 09:40:26 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhsvc.dll
[2018/04/11 09:40:26 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2018/04/11 09:40:26 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storqosflt.sys
[2018/04/11 09:40:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2018/04/11 09:40:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2018/04/11 09:40:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Synth3dVsc.sys
[2018/04/11 09:40:26 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsnmp32.dll
[2018/04/11 09:40:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\winhvr.sys
[2018/04/11 09:40:26 | 000,059,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvhostsvc.dll
[2018/04/11 09:40:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imgutil.dll
[2018/04/11 09:40:26 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsnmp32.dll
[2018/04/11 09:40:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dmvsc.sys
[2018/04/11 09:40:26 | 000,034,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys
[2018/04/11 09:40:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll
[2018/04/11 09:40:26 | 000,028,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vmbuspipe.dll
[2018/04/11 09:40:26 | 000,018,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wshhyperv.dll
[2018/04/11 09:40:26 | 000,016,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshhyperv.dll
[2018/04/11 09:40:25 | 000,889,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcmsvc.dll
[2018/04/11 09:40:25 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdtcprx.dll
[2018/04/11 09:40:25 | 000,524,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncController.dll
[2018/04/11 09:40:25 | 000,374,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncbservice.dll
[2018/04/11 09:40:25 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\url.dll
[2018/04/11 09:40:25 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\url.dll
[2018/04/11 09:40:25 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ScDeviceEnum.dll
[2018/04/11 09:40:25 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2018/04/11 09:40:25 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\occache.dll
[2018/04/11 09:40:25 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IEAdvpack.dll
[2018/04/11 09:40:25 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\occache.dll
[2018/04/11 09:40:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe
[2018/04/11 09:40:25 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\IEAdvpack.dll
[2018/04/11 09:40:25 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll
[2018/04/11 09:40:25 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll
[2018/04/11 09:40:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inseng.dll
[2018/04/11 09:40:25 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JavaScriptCollectionAgent.dll
[2018/04/11 09:40:25 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IcsEntitlementHost.exe
[2018/04/11 09:40:25 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2018/04/11 09:40:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pngfilt.dll
[2018/04/11 09:40:25 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnEapPeerProxy.dll
[2018/04/11 09:40:25 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnEapAuthProxy.dll
[2018/04/11 09:40:25 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\HyperVideo.sys
[2018/04/11 09:40:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appidtel.exe
[2018/04/11 09:40:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hyperkbd.sys
[2018/04/11 09:40:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\vmgencounter.sys
[2018/04/11 09:40:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\vmgid.sys
[2018/04/11 09:40:24 | 000,371,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\taskcomp.dll
[2018/04/11 09:40:24 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptprov.dll
[2018/04/11 09:40:24 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\icsvcext.dll
[2018/04/11 09:40:24 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wc_storage.dll
[2018/04/11 09:40:24 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dhcpcore6.dll
[2018/04/11 09:40:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\unimdm.tsp
[2018/04/11 09:40:24 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\icsvc.dll
[2018/04/11 09:40:24 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2018/04/11 09:40:24 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptprov.dll
[2018/04/11 09:40:24 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BrokerLib.dll
[2018/04/11 09:40:24 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpcore6.dll
[2018/04/11 09:40:24 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\unimdm.tsp
[2018/04/11 09:40:24 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2018/04/11 09:40:24 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TimeBrokerServer.dll
[2018/04/11 09:40:24 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WPTaskScheduler.dll
[2018/04/11 09:40:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iexpress.exe
[2018/04/11 09:40:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iexpress.exe
[2018/04/11 09:40:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dssvc.dll
[2018/04/11 09:40:24 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wextract.exe
[2018/04/11 09:40:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wextract.exe
[2018/04/11 09:40:24 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inseng.dll
[2018/04/11 09:40:24 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hlink.dll
[2018/04/11 09:40:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\keyiso.dll
[2018/04/11 09:40:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdc.ocx
[2018/04/11 09:40:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efslsaext.dll
[2018/04/11 09:40:24 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\offreg.dll
[2018/04/11 09:40:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2018/04/11 09:40:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdc.ocx
[2018/04/11 09:40:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
[2018/04/11 09:40:24 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2018/04/11 09:40:24 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PimIndexMaintenanceClient.dll
[2018/04/11 09:40:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pngfilt.dll
[2018/04/11 09:40:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\offreg.dll
[2018/04/11 09:40:24 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PimIndexMaintenanceClient.dll
[2018/04/11 09:40:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManagerSvc.dll
[2018/04/11 09:40:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fdPnp.dll
[2018/04/11 09:40:24 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2018/04/11 09:40:24 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2018/04/11 09:40:24 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\licmgr10.dll
[2018/04/11 09:40:24 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\licmgr10.dll
[2018/04/11 09:40:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshta.exe
[2018/04/11 09:40:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeedssync.exe
[2018/04/11 09:40:24 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msfeedssync.exe
[2018/04/11 09:40:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\gpuenergydrv.sys
[2018/04/11 09:40:23 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcprx.dll
[2018/04/11 09:40:23 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxm.dll
[2018/04/11 09:40:23 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fdPnp.dll
[2018/04/11 09:40:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efssvc.dll
[2018/04/11 09:40:23 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vmictimeprovider.dll
[2018/04/11 09:40:23 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmiprop.dll
[2018/04/11 09:40:23 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fdWNet.dll
[2018/04/11 09:40:23 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmiprop.dll
[2018/04/11 09:40:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sysntfy.dll
[2018/04/11 09:40:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nrpsrv.dll
[2018/04/11 09:40:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2018/04/11 09:40:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  • ペソネ
  • 2018/05/02 (Wed) 22:04:27
返信フォームへ 
OTLログ5
ログ5
[2018/05/02 21:02:20 | 000,253,664 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamswissarmy.sys
[2018/05/02 20:57:00 | 1632,657,408 | -HS- | M] () -- C:\hiberfil.sys
[2018/05/02 20:56:59 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2018/05/02 20:04:41 | 004,012,038 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2018/05/02 20:04:41 | 001,489,246 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2018/05/02 20:04:41 | 001,223,620 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2018/05/02 20:04:41 | 000,617,352 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2018/05/02 20:04:41 | 000,603,294 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2018/05/02 19:59:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2018/05/01 23:51:33 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2018/05/01 21:48:16 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Firefox.lnk
[2018/05/01 19:33:05 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018/05/01 13:10:59 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2018/05/01 11:12:34 | 000,032,388 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2018/05/01 11:12:34 | 000,032,388 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2018/04/24 09:53:31 | 000,259,688 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2018/04/24 09:43:44 | 000,073,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\hvservice.sys
[2018/04/24 09:43:44 | 000,020,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdhvcom.dll
[2018/04/21 10:37:31 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2018/04/16 10:36:14 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2018/04/16 07:46:42 | 001,092,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2018/04/16 07:46:13 | 000,924,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2018/04/16 07:25:28 | 000,137,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2018/04/16 07:24:59 | 001,568,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2018/04/16 07:24:25 | 000,300,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2018/04/16 07:23:46 | 000,069,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32appinventorycsp.dll
[2018/04/16 07:23:10 | 000,423,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2018/04/16 07:22:42 | 000,748,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2018/04/16 07:22:04 | 000,608,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2018/04/16 07:21:02 | 000,664,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2018/04/16 07:08:22 | 008,600,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2018/04/16 07:07:45 | 001,463,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2018/04/16 07:06:08 | 001,056,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvax64.exe
[2018/04/16 07:04:15 | 001,415,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2018/04/16 07:04:08 | 000,779,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2018/04/16 07:03:43 | 001,209,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2018/04/16 07:03:05 | 000,128,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tm.sys
[2018/04/16 06:52:09 | 001,206,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvix64.exe
[2018/04/16 06:51:08 | 002,513,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2018/04/16 06:50:26 | 001,925,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2018/04/16 06:50:17 | 000,077,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvloader.dll
[2018/04/16 06:49:43 | 000,373,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys
[2018/04/16 06:49:39 | 000,563,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppResolver.dll
[2018/04/16 06:49:38 | 000,382,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll
[2018/04/16 06:49:20 | 001,954,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2018/04/16 06:48:18 | 005,859,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StartTileData.dll
[2018/04/16 06:48:13 | 001,638,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2018/04/16 06:38:56 | 000,979,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2018/04/16 06:38:27 | 003,180,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2018/04/16 06:38:21 | 000,749,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys
[2018/04/16 06:33:08 | 001,269,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2018/04/16 06:32:55 | 003,904,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2018/04/16 06:32:34 | 001,416,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3D12.dll
[2018/04/16 06:32:27 | 000,408,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2018/04/16 06:31:58 | 007,675,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll
[2018/04/16 06:31:24 | 000,247,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserbroker.dll
[2018/04/16 06:30:44 | 002,268,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsrcsnk.dll
[2018/04/16 06:30:38 | 001,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvproc.dll
[2018/04/16 06:29:47 | 001,779,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2018/04/16 06:29:30 | 000,198,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudStorageWizard.exe
[2018/04/16 06:29:17 | 001,873,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2018/04/16 06:28:03 | 000,688,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2018/04/16 06:26:25 | 007,384,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2018/04/16 06:26:23 | 002,711,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2018/04/16 06:26:17 | 001,506,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2018/04/16 06:25:55 | 000,661,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comctl32.dll
[2018/04/16 06:25:34 | 001,430,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe
[2018/04/16 06:25:32 | 000,092,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudNotifications.exe
[2018/04/16 06:25:31 | 000,327,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shlwapi.dll
[2018/04/16 06:24:57 | 000,063,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appidapi.dll
[2018/04/16 05:47:43 | 001,433,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2018/04/16 05:47:33 | 001,490,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2018/04/16 05:47:33 | 000,649,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2018/04/16 05:47:32 | 000,311,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll
[2018/04/16 05:38:48 | 003,485,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2018/04/16 05:38:36 | 000,444,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppResolver.dll
[2018/04/16 05:38:21 | 001,123,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3D12.dll
[2018/04/16 05:38:00 | 006,092,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll
[2018/04/16 05:37:45 | 000,747,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2018/04/16 05:36:27 | 000,832,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2018/04/16 05:36:17 | 002,386,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2018/04/16 05:36:17 | 000,543,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2018/04/16 05:35:01 | 002,462,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2018/04/16 05:34:58 | 006,482,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2018/04/16 05:34:57 | 001,057,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll
[2018/04/16 05:34:56 | 001,524,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2018/04/16 05:34:52 | 001,456,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsrcsnk.dll
[2018/04/16 05:34:49 | 001,017,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2018/04/16 05:34:18 | 000,166,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudStorageWizard.exe
[2018/04/16 05:34:17 | 000,077,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudNotifications.exe
[2018/04/16 05:34:01 | 000,052,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appidapi.dll
[2018/04/16 05:28:55 | 025,253,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2018/04/16 05:16:11 | 003,995,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbon.dll
[2018/04/16 05:15:39 | 003,663,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2018/04/16 05:15:31 | 003,490,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbon.dll
[2018/04/16 05:15:06 | 000,674,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockController.dll
[2018/04/16 05:15:05 | 002,902,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2018/04/16 05:14:54 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbonRes.dll
[2018/04/16 05:14:52 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CredProv2faHelper.dll
[2018/04/16 05:14:51 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbonRes.dll
[2018/04/16 05:14:50 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceUpdateAgent.dll
[2018/04/16 05:14:48 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2018/04/16 05:14:48 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\t2embed.dll
[2018/04/16 05:14:46 | 000,436,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wincorlib.dll
[2018/04/16 05:14:46 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IndexedDbLegacy.dll
[2018/04/16 05:14:43 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll
[2018/04/16 05:14:36 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\t2embed.dll
[2018/04/16 05:14:35 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CredProv2faHelper.dll
[2018/04/16 05:14:32 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\IndexedDbLegacy.dll
[2018/04/16 05:14:29 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2018/04/16 05:14:27 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll
[2018/04/16 05:13:44 | 000,084,992 | ---- | M] () -- C:\WINDOWS\SysNative\DataStoreCacheDumpTool.exe
[2018/04/16 05:13:36 | 002,890,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Resources.dll
[2018/04/16 05:13:03 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LaunchWinApp.exe
[2018/04/16 05:12:56 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssitlb.dll
[2018/04/16 05:12:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2018/04/16 05:12:49 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2018/04/16 05:12:35 | 000,331,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserexport.exe
[2018/04/16 05:12:34 | 017,160,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2018/04/16 05:12:34 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EdgeManager.dll
[2018/04/16 05:12:30 | 013,704,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2018/04/16 05:12:20 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EdgeManager.dll
[2018/04/16 05:12:17 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakradiag.dll
[2018/04/16 05:12:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmcertinst.exe
[2018/04/16 05:12:09 | 006,466,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2018/04/16 05:12:04 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhosdeployment.dll
[2018/04/16 05:12:02 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2018/04/16 05:11:45 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BitLockerCsp.dll
[2018/04/16 05:11:45 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eShims.dll
[2018/04/16 05:11:42 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\srpapi.dll
[2018/04/16 05:11:26 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BitLockerCsp.dll
[2018/04/16 05:11:23 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\srpapi.dll
[2018/04/16 05:11:10 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\daxexec.dll
[2018/04/16 05:11:04 | 000,301,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MicrosoftAccountWAMExtension.dll
[2018/04/16 05:10:57 | 018,924,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2018/04/16 05:10:56 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovs.dll
[2018/04/16 05:10:42 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovs.dll
[2018/04/16 05:10:31 | 001,576,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2018/04/16 05:10:24 | 000,675,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\webplatstorageserver.dll
[2018/04/16 05:10:22 | 000,459,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\webplatstorageserver.dll
[2018/04/16 05:10:22 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsEnvironment.Desktop.dll
[2018/04/16 05:10:21 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncPolicy.dll
[2018/04/16 05:10:19 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MicrosoftAccountWAMExtension.dll
[2018/04/16 05:10:13 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovhost.dll
[2018/04/16 05:10:07 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2018/04/16 05:10:03 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAFWSD.dll
[2018/04/16 05:10:01 | 001,498,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebRuntimeManager.dll
[2018/04/16 05:10:00 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ngccredprov.dll
[2018/04/16 05:09:45 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll
[2018/04/16 05:09:39 | 000,153,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BrowserSettingSync.dll
[2018/04/16 05:09:28 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2018/04/16 05:09:24 | 000,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_User.dll
[2018/04/16 05:09:12 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncPolicy.dll
[2018/04/16 05:09:05 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBrokerUI.dll
[2018/04/16 05:08:45 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ngccredprov.dll
[2018/04/16 05:08:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twext.dll
[2018/04/16 05:08:41 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.UserAccountsHandlers.dll
[2018/04/16 05:08:40 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2018/04/16 05:08:38 | 000,448,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockHostingFramework.dll
[2018/04/16 05:08:31 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcore.dll
[2018/04/16 05:08:30 | 000,262,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovhost.dll
[2018/04/16 05:08:29 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingMonitor.dll
[2018/04/16 05:08:25 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll
[2018/04/16 05:08:17 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cdp.dll
[2018/04/16 05:08:15 | 000,583,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.CloudStore.Schema.Shell.dll
[2018/04/16 05:08:08 | 000,358,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wldap32.dll
[2018/04/16 05:08:04 | 006,576,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2018/04/16 05:08:00 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl
[2018/04/16 05:08:00 | 000,535,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpcore.dll
[2018/04/16 05:07:58 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2018/04/16 05:07:58 | 000,559,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2018/04/16 05:07:58 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2018/04/16 05:07:57 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BrowserSettingSync.dll
[2018/04/16 05:07:52 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssvp.dll
[2018/04/16 05:07:51 | 001,425,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.Handlers.dll
[2018/04/16 05:07:51 | 000,837,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll
[2018/04/16 05:07:49 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twext.dll
[2018/04/16 05:07:45 | 005,195,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdp.dll
[2018/04/16 05:07:45 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll
[2018/04/16 05:07:43 | 002,677,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2018/04/16 05:07:36 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AboveLockAppHost.dll
[2018/04/16 05:07:32 | 003,367,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncCenter.dll
[2018/04/16 05:07:32 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AboveLockAppHost.dll
[2018/04/16 05:07:30 | 008,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2018/04/16 05:07:24 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IdCtrls.dll
[2018/04/16 05:07:24 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\IdCtrls.dll
[2018/04/16 05:07:23 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBrokerUI.dll
[2018/04/16 05:07:22 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFilterHost.exe
[2018/04/16 05:07:19 | 000,816,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2018/04/16 05:07:12 | 012,689,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2018/04/16 05:07:12 | 001,495,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2018/04/16 05:07:08 | 000,598,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2018/04/16 05:07:07 | 000,386,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\zipfldr.dll
[2018/04/16 05:07:05 | 000,702,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Management.dll
[2018/04/16 05:06:55 | 007,545,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2018/04/16 05:06:45 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmmigrator.dll
[2018/04/16 05:06:38 | 000,721,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll
[2018/04/16 05:06:36 | 013,660,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2018/04/16 05:06:36 | 000,421,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputSwitch.dll
[2018/04/16 05:06:35 | 000,377,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2018/04/16 05:06:33 | 000,820,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netlogon.dll
[2018/04/16 05:06:09 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll
[2018/04/16 05:06:04 | 000,899,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SmartcardCredentialProvider.dll
[2018/04/16 05:05:55 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SmartcardCredentialProvider.dll
[2018/04/16 05:05:55 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2018/04/16 05:05:42 | 000,516,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Management.dll
[2018/04/16 05:05:40 | 006,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2018/04/16 05:05:25 | 004,113,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2018/04/16 05:05:20 | 007,813,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2018/04/16 05:05:14 | 000,863,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntshrui.dll
[2018/04/16 05:05:07 | 000,456,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll
[2018/04/16 05:04:52 | 002,464,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2018/04/16 05:04:44 | 002,209,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2018/04/16 05:04:38 | 002,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2018/04/16 05:04:38 | 000,965,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontext.dll
[2018/04/16 05:04:34 | 001,342,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll
[2018/04/16 05:04:33 | 000,648,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserLanguagesCpl.dll
[2018/04/16 05:04:33 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hgcpl.dll
[2018/04/16 05:04:31 | 003,405,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2018/04/16 05:04:28 | 001,230,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2018/04/16 05:04:28 | 001,057,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2018/04/16 05:04:27 | 001,236,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll
[2018/04/16 05:04:26 | 008,104,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2018/04/16 05:04:23 | 000,576,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hgcpl.dll
[2018/04/16 05:04:20 | 000,559,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll
[2018/04/16 05:04:18 | 002,523,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gameux.dll
[2018/04/16 05:04:13 | 000,884,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2018/04/16 05:04:10 | 002,490,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\themecpl.dll
[2018/04/16 05:04:07 | 000,556,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppBroker.dll
[2018/04/16 05:04:06 | 000,997,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll
[2018/04/16 05:04:04 | 000,976,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe
[2018/04/16 05:04:03 | 000,524,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.immersiveshell.serviceprovider.dll
[2018/04/16 05:03:58 | 002,857,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2018/04/16 05:03:54 | 002,628,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2018/04/16 05:03:49 | 000,825,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2018/04/16 05:03:48 | 002,976,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.pcshell.dll
[2018/04/16 05:03:45 | 002,462,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themecpl.dll
[2018/04/16 05:03:45 | 000,508,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2018/04/16 05:03:44 | 003,177,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2018/04/16 05:03:41 | 004,385,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2018/04/16 05:03:37 | 004,772,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll
[2018/04/16 05:03:34 | 004,248,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2018/04/16 05:03:31 | 001,353,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2018/04/16 05:03:31 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll
[2018/04/16 05:03:30 | 003,287,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncCenter.dll
[2018/04/16 05:03:30 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingMonitor.dll
[2018/04/16 05:03:25 | 000,695,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2018/04/16 05:03:24 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2018/04/16 05:03:14 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2018/04/16 05:03:12 | 002,741,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2018/04/16 05:03:07 | 000,402,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2018/04/16 05:03:03 | 002,814,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\themeui.dll
[2018/04/16 05:03:03 | 000,329,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputSwitch.dll
[2018/04/16 05:03:02 | 002,413,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll
[2018/04/16 05:03:00 | 001,224,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ShareHost.dll
[2018/04/16 05:02:57 | 004,747,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2018/04/16 05:02:54 | 001,669,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wpc.dll
[2018/04/16 05:02:38 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2018/04/16 05:02:28 | 008,432,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2018/04/16 05:02:21 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmenrollengine.dll
[2018/04/16 05:02:16 | 004,814,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2018/04/16 05:01:52 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2018/04/16 05:01:51 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2018/04/16 05:01:49 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidprov.dll
[2018/04/16 05:01:42 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2018/04/16 05:01:37 | 003,430,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe
[2018/04/16 05:01:22 | 000,518,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmenrollengine.dll
[2018/04/16 05:01:12 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ByteCodeGenerator.exe
[2018/04/16 05:00:59 | 000,669,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCRecvSrc.dll
[2018/04/16 05:00:57 | 002,223,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll
[2018/04/16 05:00:51 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceEnroller.exe
[2018/04/16 05:00:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2018/04/16 05:00:48 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\coredpus.dll
[2018/04/16 05:00:47 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enrollmentapi.dll
[2018/04/16 05:00:44 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ninput.dll
[2018/04/16 05:00:43 | 000,682,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidprov.dll
[2018/04/16 05:00:43 | 000,496,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Geolocation.dll
[2018/04/16 05:00:37 | 001,739,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2018/04/16 05:00:22 | 003,630,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstsc.exe
[2018/04/16 05:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ByteCodeGenerator.exe
[2018/04/16 04:59:50 | 001,332,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsecedit.dll
[2018/04/16 04:59:46 | 000,971,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MCRecvSrc.dll
[2018/04/16 04:59:25 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ninput.dll
[2018/04/16 04:58:38 | 001,472,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsecedit.dll
[2018/04/16 04:58:26 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxSysprep.dll
[2018/04/11 09:50:56 | 136,971,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MRT-KB890830.exe
[2018/04/11 09:43:54 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll
[2018/04/06 23:41:03 | 000,000,109 | ---- | M] () -- C:\Users\imagawa\Desktop\エアステーション設定ページ.url
[2018/04/04 09:25:30 | 005,055,493 | ---- | M] () -- C:\Users\imagawa\Desktop\sakura_02.mp3
[2018/04/04 09:25:30 | 004,565,335 | ---- | M] () -- C:\Users\imagawa\Desktop\sakura_03.mp3
[2018/04/04 09:25:30 | 004,528,790 | ---- | M] () -- C:\Users\imagawa\Desktop\sakura_01.mp3
[2018/04/04 09:25:29 | 004,465,197 | ---- | M] () -- C:\Users\imagawa\Desktop\rinko_gs01.mp3
[2018/04/04 04:37:46 | 000,835,064 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2018/04/04 04:37:46 | 000,179,704 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2018/05/01 21:48:16 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Firefox.lnk
[2018/05/01 19:33:05 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018/05/01 19:32:58 | 000,076,192 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\mbae64.sys
[2018/05/01 13:10:59 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2018/04/24 09:40:42 | 000,084,992 | ---- | C] () -- C:\WINDOWS\SysNative\DataStoreCacheDumpTool.exe
[2018/04/21 10:37:31 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2018/04/16 10:36:14 | 000,001,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2018/04/16 10:36:14 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2018/04/11 09:40:37 | 000,098,304 | ---- | C] () -- C:\WINDOWS\SysNative\runexehelper.exe
[2018/04/04 08:42:47 | 004,565,335 | ---- | C] () -- C:\Users\imagawa\Desktop\sakura_03.mp3
[2018/04/04 08:42:40 | 005,055,493 | ---- | C] () -- C:\Users\imagawa\Desktop\sakura_02.mp3
[2018/04/04 08:42:34 | 004,528,790 | ---- | C] () -- C:\Users\imagawa\Desktop\sakura_01.mp3
[2017/12/01 04:37:24 | 002,491,112 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Mirage.dll
[2017/10/18 17:01:06 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2017/09/29 22:46:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2017/09/29 22:46:49 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2017/09/29 22:42:27 | 000,017,143 | ---- | C] () -- C:\WINDOWS\SysWow64\srms-apr.dat
[2017/09/29 22:42:18 | 000,518,144 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2017/09/29 22:42:14 | 000,054,272 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2017/09/29 22:42:13 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2017/09/29 22:42:11 | 000,149,840 | ---- | C] () -- C:\WINDOWS\SysWow64\InputHost.dll
[2017/09/29 22:42:09 | 003,383,296 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.Analysis.dll
[2017/09/29 22:42:09 | 000,309,248 | ---- | C] () -- C:\WINDOWS\SysWow64\ssdm.dll
[2017/09/29 22:42:09 | 000,193,024 | ---- | C] () -- C:\WINDOWS\SysWow64\HeatCore.dll
[2017/09/29 22:42:09 | 000,092,160 | ---- | C] () -- C:\WINDOWS\SysWow64\WindowsDefaultHeatProcessor.dll
[2017/09/29 22:42:09 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\xboxgipsynthetic.dll
[2017/09/29 22:42:09 | 000,025,088 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.WARP.JITService.exe
[2017/09/29 22:42:08 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2017/09/29 22:42:00 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2017/09/29 22:41:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2017/07/10 10:46:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\progress.ini
[2017/04/11 09:59:50 | 000,000,036 | ---- | C] () -- C:\Users\imagawa\AppData\Local\housecall.guid.cache

[color=#E56717]========== ZeroAccess Check ==========[/color]


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2018/04/16 06:31:58 | 007,675,784 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2018/04/16 05:38:00 | 006,092,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2017/09/29 22:42:05 | 000,964,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2017/09/29 22:42:18 | 000,769,536 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2018/02/10 13:35:43 | 000,506,368 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2018/05/01 19:32:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2018/03/31 13:36:27 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk
[2018/05/02 21:05:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsApps
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2018/04/30 10:40:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\Apple Computer\iTunes\SC Info
[2018/05/01 21:35:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWINDOWS
[2017/04/11 20:51:40 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4600 series
[2017/09/29 22:46:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2017/11/15 08:34:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\RetailDemo
[2017/10/18 17:22:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2017/09/29 22:46:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\DMProfiles
[2017/09/29 22:46:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2018/03/31 13:36:27 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config
[2018/03/31 13:36:27 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR
[2018/03/31 13:36:27 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR
[2018/03/31 13:36:27 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\2018-03-31-04-36-27
[2018/03/31 13:36:27 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR\2018-03-31-04-36-27
[2018/03/31 13:36:27 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\f067568
[2018/03/31 13:36:27 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\f067568\2018-03-31-04-36-27
[2017/10/18 17:20:19 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2018/04/30 10:40:13 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Apple Computer\iTunes\SC Info
[2018/05/01 21:35:53 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter
[2017/04/11 20:49:38 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWINDOWS
[2017/04/11 20:51:40 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4600 series
[2017/09/29 22:46:33 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2017/11/15 08:34:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\RetailDemo
[2017/10/18 17:22:00 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2017/09/29 22:46:33 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\DMProfiles
[2017/09/29 22:46:33 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2017/09/29 22:46:33 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2017/10/18 17:05:24 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\AppData
[2017/04/10 22:38:33 | 000,000,000 | -H-D | M] -- C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/10/18 17:05:07 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData
[2017/10/18 17:23:15 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\MicrosoftEdgeBackups
[2018/04/03 08:46:07 | 000,000,000 | RH-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/11/02 09:34:16 | 000,000,000 | RH-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\Burn\Burn1
[2017/04/11 09:37:57 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\IECompatCache\Low
[2017/04/11 09:37:57 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\IECompatUaCache\Low
[2017/10/18 17:21:50 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCache\Virtualized
[2017/04/10 22:40:59 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
[2017/04/10 22:40:59 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
[2017/04/10 22:40:59 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
[2018/01/05 16:14:31 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Local\VirtualStore\ProgramData
[2018/03/31 13:32:21 | 000,000,000 | -H-D | M] -- C:\Users\imagawa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2018/04/24 09:55:28 | 000,000,000 | RH-D | M] -- C:\Users\Public\AccountPictures
[2018/05/01 21:48:16 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2017/10/18 16:45:05 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2017/06/01 18:43:29 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\IECompatCache
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\IECompatUaCache
[2017/06/01 18:44:32 | 000,000,000 | RH-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\IECompatCache\Low
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\IECompatUaCache\Low
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\INetCache\Virtualized
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\INetCookies\DNTException
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
[2017/06/01 18:43:37 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
[2017/10/18 13:01:32 | 000,000,000 | -H-D | M] -- C:\Users\takazumi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/10/18 17:04:28 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData
[2017/10/27 18:18:27 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\IECompatCache
[2017/10/27 18:18:27 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\IECompatUaCache
[2017/10/27 18:19:54 | 000,000,000 | RH-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/10/27 18:18:27 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\IECompatCache\Low
[2017/10/27 18:18:27 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\IECompatUaCache\Low
[2017/10/27 18:18:27 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\INetCache\Virtualized
[2017/06/01 19:13:26 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\INetCookies\DNTException
[2017/06/01 19:13:26 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
[2017/06/01 19:13:26 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
[2017/06/01 19:13:26 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
[2018/01/05 16:24:22 | 000,000,000 | -H-D | M] -- C:\Users\TK23\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2018/03/31 13:31:41 | 000,000,000 | -H-D | M] -- C:\Windows\ELAMBKUP
[2017/10/18 16:40:32 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2017/10/18 16:54:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2018/05/01 23:51:33 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BEVT-26A0RT0
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 386.00GB
Starting Offset: 2000683008
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 65.00GB
Starting Offset: 416900186112
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 486899974144
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
No service found with a name of AeLookupSvc
SRV:[b]64bit:[/b] - [2018/03/30 12:30:56 | 000,144,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:33 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2018/03/13 14:25:36 | 001,346,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2018/04/16 05:03:03 | 000,840,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:30 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2018/03/30 12:40:49 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:41 | 000,450,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2017/09/29 22:42:16 | 000,332,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2017/09/30 23:38:18 | 000,132,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:44 | 001,117,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2018/03/30 12:29:11 | 000,379,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2018/03/30 12:40:46 | 000,314,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2018/03/13 14:32:07 | 000,286,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:06 | 000,109,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:50 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2017/09/29 22:42:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2018/02/10 13:40:22 | 000,601,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:47 | 000,431,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2017/09/29 22:42:05 | 000,460,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
No service found with a name of MMCSS
SRV:[b]64bit:[/b] - [2017/09/29 22:42:07 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:56 | 000,542,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2018/03/30 12:28:10 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:31:55 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:35 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2018/03/30 12:26:11 | 000,765,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2018/01/01 20:20:09 | 000,104,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2018/02/10 13:40:57 | 000,930,816 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:44 | 001,117,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:55 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:43 | 000,057,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2018/03/30 12:23:25 | 000,246,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:25:39 | 000,270,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:45 | 000,613,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2017/09/29 22:42:14 | 000,565,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2018/03/30 12:25:43 | 000,880,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:00 | 000,307,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2017/09/29 22:42:25 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:00 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2018/04/16 05:09:19 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2018/03/13 14:23:22 | 001,556,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2018/02/10 13:37:23 | 001,488,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2018/02/10 13:36:01 | 000,685,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:13 | 000,145,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV - [2018/03/30 10:37:33 | 000,106,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2018/03/30 12:26:03 | 001,816,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2018/03/30 12:24:21 | 000,925,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:45 | 000,610,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2017/09/29 22:41:52 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2017/09/29 22:42:18 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2017/09/29 22:42:04 | 000,220,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2018/04/16 05:02:53 | 002,784,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2018/03/30 12:29:48 | 000,253,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2018/03/30 12:25:32 | 002,528,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2018/03/30 12:25:42 | 000,276,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >
  • ペソネ
  • 2018/05/02 (Wed) 22:05:56
返信フォームへ 
質問させてください
悪代官さんこんにちは。
2つほど質問したいことがあるのですが、よろしいでしょうか。

まず、ローチケというサイトでアカウントからログアウトした際に、
そこでいつもは見ないWebtracker.jpなる広告サイトの通信があり
µblock-originのブロック数が跳ね上がったのですが、PCは安全なのでしょうか?

2つ目は先日の作業でWindowsUpdateをした際、
バージョン1803の更新プログラムをダウンロードさせられてしまい
5/7には強制的にアップデートされてしまうようなのですが
今の作業が終わった後、アプデ適用後のPCでも問題はありませんか?

お忙しいところ恐縮ですが、お時間の空いた時に返信お願い致します。
  • ペソネ
  • 2018/05/03 (Thu) 12:00:05
返信フォームへ 
OTLで少しゴミ掃除を
今夜もレスが遅くなってすみません。
では順番にレスしていきましょう。

>μblock-originのブロック数が跳ね上がったのですが

はい、それなら広告をμblockが弾いただけなので気にしなくていいです。
μblockは高性能な広告非表示拡張ですがそのせいで設定次第ではプロバイダなどのメールボックスにブラウザ上からログインするときもエラー起こすこともあります。
使うならユーザー自身が各自の環境と使い方に応じて設定も調整しましょう。

次にWindows10でのWindowsUpdate関連ですね。
Win10は相変わらず安定性で信頼できるとは見られておらず、多くのユーザーが更新リリースされてもすぐには適用せずにネット上の人柱報告を吟味してから入れるかどうかを考えるというのが通例なほどです。
本来なら各種更新は常に最新にしておくのが定番ですが、Win10更新はご自身でも情報を集めてから判断をお願いします。

さて、OTLログを見せてもらいました。
Extraログは出なかったようですがこれは予想してたのでなくてもいいです。

おおむね危険なモノは見えないようですが少しゴミが見えるのでそれを掃除しておきますか。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ja-jp/?ocid=iehp
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP =
IE - HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy =

:Files

:reg

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
  • 悪代官
  • 2018/05/03 (Thu) 19:41:07
返信フォームへ 
Re: PUP.Optional.Legacyについて
悪代官さん、今日もお付き合いいただきありがとうございます。
OTLでの作業から30分ほど経ちましたので状態報告をします。

まず、セーフモードに移行する前にオフラインにしようと思い、
LANケーブルを抜いたら一瞬全てのアイコンが白紙になりましたが
すぐ元に戻ったのでShiftキーを押しながら再起動。
セーフモードでOTLを起動し、
悪代官さんのおっしゃった通りにコピペを貼り付けてRun Fixを押しました。

処置が終わった際、メッセージにReboot何たらと書いてありOKをクリックすると
自動的に再起動され、通常モードでログインしました。

ログインすると、OTLのログが出ていたので名前を付けて保存。
様子を見ていましたが、特に異常はありませんね。

以下OTLのログになります。よろしくお願いします。
All processes killed
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-3876459191-3901501142-1019116271-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully!
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: defaultuser0
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: imagawa
->Temp folder emptied: 47358180 bytes
->Temporary Internet Files folder emptied: 123016 bytes
->FireFox cache emptied: 18697550 bytes
->Flash cache emptied: 2059 bytes

User: Public

User: takazumi
->Temp folder emptied: 200577 bytes
->Temporary Internet Files folder emptied: 671347 bytes
->Flash cache emptied: 795 bytes

User: TK23
->Temp folder emptied: 162767978 bytes
->Temporary Internet Files folder emptied: 21223 bytes
->FireFox cache emptied: 30313716 bytes
->Flash cache emptied: 291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1275056 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 249.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 05032018_202941

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

  • ペソネ
  • 2018/05/03 (Thu) 20:50:41
返信フォームへ 
ゴミ掃除もできましたね
作業と報告、ご苦労様です。

処置後のOTLログを見せてもらいましたが、対象エントリはみなsuccessfully(処置成功)になってますね。
異常も特になさそうならOTLは準備時の説明に沿って片付けていいです。

ところで下記ですが
>Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2017/04/12 13.3 MB 1.75.0.1300

当掲示板でも作業に使っているMBAMの旧安定版ですが、現在でも旧版での更新は可能なもののどうやら実質的には最新版と検出力に差が出てきているようです。
http://respondent.bbs.fc2.com/?act=reply&tid=6987160#t17231259

最近では当掲示板での相談者さんには最新版MBAMでの作業を案内するようになりました。
今後は旧安定版での更新もいつできなくなってもおかしくないので、MBAMを使うなら最新版を入れてその設定と機能を頭に入れておくのが無難です。
自分の環境ではまだ旧安定版も検証を兼ねて使っていますがやはり最新版とのスキャン結果は差が出ています。

それではここで全体の状態を再確認しましょう。
お手数ですがまたHJTログと、CCでインストール情報と各タブのログを取り直して、それらをレスください。

処置後に別口の感染や見落としが見つかることもあるので、問題が残ってないかを含めて全体を洗い直しましょう
  • 悪代官
  • 2018/05/03 (Thu) 21:08:01
返信フォームへ 
Re: PUP.Optional.Legacyについて
迅速な対応ありがとうございます。
各ログを取りましたので、お手数をおかけしますがご確認のほど宜しくお願い致します。

HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:18:48, on 2018/05/03
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0371)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\uiWinMgr.exe
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 5197 bytes

CC
インストール
3D Builder Microsoft Corporation 2018/04/08 15.2.10821.1000
Apple Application Support(64 ビット) Apple Inc. 2018/04/03 153 MB 6.4
Apple Mobile Device Support Apple Inc. 2018/04/21 25.7 MB 11.3.1.6
Audacity 2.2.2 Audacity Team 2018/04/16 52.1 MB 2.2.2
BUFFALO エアステーション設定ツール BUFFALO INC. 2017/12/07 2.95 MB 2.0.15
CCleaner Piriform 2018/05/01 5.42
Groove ミュージック Microsoft Corporation 2018/04/08 10.18011.13411.1000
iTunes Apple Inc. 2018/04/21 400 MB 12.7.4.80
Malwarebytes バージョン 3.4.5.2467 Malwarebytes 2018/05/01 183 MB 3.4.5.2467
Microsoft Pay Microsoft Corporation 2018/03/28 2.2.18065.0
Microsoft Solitaire Collection Microsoft Studios 2018/05/02 4.1.4251.0
Microsoft Sticky Notes Microsoft Corporation 2018/04/02 2.1.18.0
Microsoft Store Microsoft Corporation 2018/05/03 11803.1001.11.0
Microsoft Store エクスペリエンス ホスト Microsoft Corporation 2018/04/17 11803.1001.8.0
Mixed Reality ビューアー Microsoft Corporation 2018/04/28 4.1804.19012.0
Mozilla Firefox 59.0.3 (x64 ja) Mozilla 2018/05/01 144 MB 59.0.3
Mozilla Maintenance Service Mozilla 2018/05/01 509 KB 59.0.3
Mozilla Thunderbird 52.7.0 (x86 ja) Mozilla 2018/03/26 91.2 MB 52.7.0
NX PAD Driver Alps 2017/10/18 24.2 MB 8.100.909.312
OneNote Microsoft Corporation 2018/04/17 17.9226.20641.0
People Microsoft Corporation 2018/04/08 10.3.3472.1000
Print 3D Microsoft Corporation 2018/03/22 2.0.10611.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2017/10/18 17.0 MB 6.0.1.6186
Xbox Microsoft Corporation 2018/03/27 39.39.21002.0
Xbox Game bar Microsoft Corporation 2017/12/13 1.24.5001.0
Xbox Game Speech Window Microsoft Corporation 2017/12/15 1.21.13002.0
Xbox Identity Provider Microsoft Corporation 2018/04/08 12.39.13003.1000
Xbox Live Microsoft Corporation 2017/12/15 1.11.29001.0
アプリ インストーラー Microsoft Corporation 2017/11/14 1.0.12894.0
アラーム & クロック Microsoft Corporation 2018/04/08 10.1803.614.1000
カメラ Microsoft Corporation 2018/04/08 2018.227.30.1000
セキュリティ対策ツール 西日本電信電話株式会社 2018/03/31 450 MB 12.11
セキュリティ対策ツール 西日本電信電話株式会社 2018/03/31 12.11
ニュース Microsoft Corporation 2018/04/03 4.23.10923.0
ヒント Microsoft Corporation 2018/05/03 6.10.10872.0
フィードバック Hub Microsoft Corporation 2018/05/01 1.1712.1141.0
フォト Microsoft Corporation 2018/04/25 2018.18031.15040.0
ペイント 3D Microsoft Corporation 2018/04/24 4.1804.13047.0
ボイス レコーダー Microsoft Corporation 2018/04/08 10.1803.613.1000
マップ Microsoft Corporation 2018/04/08 5.1711.10477.1000
メッセージング Microsoft Corporation 2018/02/02 3.37.23004.0
メール/カレンダー Microsoft Corporation 2018/04/27 17.9126.21785.0
モバイル プラン Microsoft Corporation 2017/11/16 3.1710.3044.0
問い合わせ Microsoft Corporation 2018/04/25 10.1706.10952.0
映画 & テレビ Microsoft Corporation 2018/04/08 10.17122.16211.1000
電卓 Microsoft Corporation 2018/05/02 10.1804.911.0
電話 Microsoft Corporation 2017/11/28 3.34.12002.0

スタートアップ
無効 HKCU:Run OneDriveSetup Microsoft Corporation C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
無効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"

スケジュールされたタスク
無効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory ファイルの所有権
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

IE
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

FF
有効 Extension Activity Stream 2018.02.17.0026-173e2795 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi
有効 Extension Application Update Service Helper 2.0 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Firefox Screenshots 25.0.0 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi
有効 Extension Follow-on Search Telemetry 0.9.6 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi
有効 Extension Form Autofill 1.0 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi
有効 Extension Photon onboarding 1.0 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\onboarding@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Shield Recipe Client 80 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi
有効 Extension TLS 1.3 gradual roll-out 8.0 default Firefox 59.0.3 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\5l0gf04d.default\features\{b98183bd-2f2a-4135-8c81-acb978c716e0}\tls13-rollout-bug1442042@mozilla.org.xpi
無効 Extension Trend Micro Toolbar 12.0.0.1252 default Firefox 59.0.3 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.16.2 All uBlock Origin contributors default Firefox 59.0.3 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\5l0gf04d.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension Web Compat 1.1 default Firefox 59.0.3 C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.1008 Google Inc. default Firefox 59.0.3 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\5l0gf04d.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.7.1 Mozilla Corporation default Firefox 59.0.3 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\5l0gf04d.default\gmp-gmpopenh264\1.7.1\gmpopenh264.dll
  • ペソネ
  • 2018/05/03 (Thu) 21:27:42
返信フォームへ 
洗い直しに来ました
早速の作業と報告、ご苦労様です。
状態の洗い直しに来た「あらいぐま悪代官」です(←悪代官なら悪事から足を洗え

現在の各ログを見せてもらいましたが特にあらたな問題はなさそうですね。

それでは念のため様子見に入りましょう。

そのまま普通にPCを使いながらでいいので1週間ほど様子見してください。

1週間後にまたHJTとインストール情報と各タブのログを取り直して、様子見中の状態報告とともにレスをお願いします。
この時点で状態とログにも異常なくなっていれば「解決」にできそうですが、何か異常見えたら1週間待たずにいいのでそこでレスくれればいいです
  • あらいぐま悪代官
  • 2018/05/03 (Thu) 21:40:15
返信フォームへ 
RuntimeBroker.exeのエラー表示について
悪代官さんこんばんは。
お聞きしたいことがあるのですが、よろしいでしょうか。

歯車マークの「設定」をクリックした際に、エラーが起き
RuntimeBroker.exe「グループまたはリソースは要求した操作の実行に適切な状態ではありません」
といったメッセージが表示されました。

不審に思い調べてみたところ、RuntimeBrokerとは
Windowsストアアプリのアクセス許可の管理をおこなうWindowsプロセスだそうで
有害なものでは無さそうですが、なぜエラーが起きたのかが分かりません。

通知画面にMicrosoft Storeから
「日本語 ローカル エクスペリエンス パック」なるものを自動的にダウンロードした履歴がありまして
Twitterで検索をかけると、同じように自動で落とされている人もおり、
恐らくはこれがらみではないかと思うのですが、これは異常な状態なのでしょうか?

お忙しいところ恐れ入りますが、お時間の空いた時に返信お願い致します。


  • ペソネ
  • 2018/05/07 (Mon) 20:40:05
返信フォームへ 
ストアアプリがあればアンインストールを
こんばんは。
別口のエラーが出たようですね。

RuntimeBrokerでのエラーということで、ご自身でも以前に日本語 ローカル エクスペリエンス パックを入れた覚えがあるとのことですね。

ではちょっと確認してもらえますか。
下記ページの説明を読んでから
http://askpc.panasonic.co.jp/beginner/guide/ten07/7018.html

その手順に沿ってストアアプリをアンインストールしてみてください。
アンインストールできたら一度PC再起動後に状態確認後、件のエラーが沈静化したかどうかを教えてください。

ですがストアアプリ自体見つからないならそのことだけレスで教えてください。

それと該当のファイルも存在するか確認です。

隠しファイル表示設定は有効になっていると思うのでその状態で下記パスのファイルを探してください。

C:\Windows\System32\RuntimeBroker.exe

これが件のファイルのパスです。
ここにファイルがあればいいですが、ファイル自体が存在しないならそのせいでエラー吐いている疑いも出てきます。
  • 悪代官
  • 2018/05/07 (Mon) 20:57:27
返信フォームへ 
RuntimeBroker.exeのエラー表示について
早速のご返答ありがとうございます。

>手順に沿ってストアアプリをアンインストールしてみてください。
>ストアアプリ自体見つからないならそのことだけレスで教えてください。
アプリは存在したものの、アンインストールは出来ないようです。

>下記パスのファイルを探してください。
ファイルは存在していました。

>件のエラーが沈静化したかどうかを教えてください
何度か起動してみましたが、エラーは起きていません。

ストアの説明を見る限り、どうやらこれはアプリというよりかは
更新プログラム的なものではないかと思います。
自動的に落ちてきたのも、5/5にバージョン1803にアップデートしたので
それが関係しているようです。(同じ事例を何件も確認しました)
アンインストールできないのは
そのせいではと考えてみたのですが、いかがでしょうか。



  • ペソネ
  • 2018/05/07 (Mon) 22:18:32
返信フォームへ 
更新プログラムなら安易に止めるのも控えましょう
今夜もレスが遅くなってすみません。

>アプリは存在したものの、アンインストールは出来ないようです。

>ファイルは存在していました。

>ストアの説明を見る限り、どうやらこれはアプリというよりかは
>更新プログラム的なものではないかと思います

はい、わかりました。どうやらそのようですね。

>自動的に落ちてきたのも、5/5にバージョン1803にアップデートしたので
>それが関係しているようです

自分はまだWin10使ってないので仕様も把握できていないところが多いですが、ペソネさんが詳しく確認と報告してくれたおかげで状況も見えてきました。

>何度か起動してみましたが、エラーは起きていません。

現在異常が出てないのはいいですね。
Win10が行儀悪いのはもう有名と思いますが(←ヲマエが言うな)、一応更新プログラムの一つなら下手に無効化するのも控えたほうがよさそうですね。
今のところは異常出てないならそのままにして様子見を続けてください。

様子見期間が終わった時点でまた各ログと状態報告を見せてもらってから調べたほうが無難です。

なお、明日は都合で自分はレスできないかもしれないので、すみませんがご了承ください
  • 悪代官
  • 2018/05/08 (Tue) 20:16:48
返信フォームへ 
Re: PUP.Optional.Legacyについて
了解しました。それでは5/10に状態を報告しようと思います。
その時にはまたよろしくお願いいたします。
  • ペソネ
  • 2018/05/08 (Tue) 21:08:52
返信フォームへ 
Re: PUP.Optional.Legacyについて
悪代官さん、こんばんは。
1週間経ちましたが、PCの挙動に異常はありません。

ログはこちらになります。お手数をお掛けしますがご確認のほどよろしくお願いします。
HJT
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:46:43, on 2018/05/10
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: OpenSSH Authentication Agent (ssh-agent) - Unknown owner - C:\WINDOWS\System32\OpenSSH\ssh-agent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 4841 bytes

CC
インストールリスト
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:46:43, on 2018/05/10
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Users\imagawa\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O3 - Toolbar: セキュリティツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O2FLASH - Unknown owner - C:\WINDOWS\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: OpenSSH Authentication Agent (ssh-agent) - Unknown owner - C:\WINDOWS\System32\OpenSSH\ssh-agent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 4841 bytes

スタートアップ
Windows
無効 HKCU:Run OneDriveSetup Microsoft Corporation C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
有効 HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint2K\Apoint.exe
有効 HKLM:Run HotKeysCmds Intel Corporation C:\WINDOWS\system32\hkcmd.exe
有効 HKLM:Run IgfxTray Intel Corporation C:\WINDOWS\system32\igfxtray.exe
無効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run NECMFK NEC Corporation, NEC Personal Products, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Persistence Intel Corporation C:\WINDOWS\system32\igfxpers.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
有効 HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmWrk\UIWatchDog.exe"

スケジュールされたタスク
無効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory ファイルの所有権
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\UniClient\UiFrmwrk\tmdshell.dll

IE
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll
無効 Toolbar セキュリティツールバー Trend Micro Inc. C:\Program Files (x86)\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll

FF
有効 Extension Activity Stream 2018.04.20.1103-b3b95672 default Firefox 60.0 C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi
有効 Extension Application Update Service Helper 2.0 default Firefox 60.0 C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Firefox Screenshots 30.1.0 default Firefox 60.0 C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi
有効 Extension Follow-on Search Telemetry 0.9.6 default Firefox 60.0 C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi
有効 Extension Form Autofill 1.0 default Firefox 60.0 C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi
有効 Extension Photon onboarding 1.0 default Firefox 60.0 C:\Program Files\Mozilla Firefox\browser\features\onboarding@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 60.0 C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
無効 Extension Trend Micro Toolbar 12.0.0.1252 default Firefox 60.0 C:\Program Files (x86)\NTTW\SECURITY\SEC\UIFramework\Toolbar\firefoxextension
有効 Extension uBlock Origin 1.16.4 All uBlock Origin contributors default Firefox 60.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\5l0gf04d.default\extensions\uBlock0@raymondhill.net.xpi
有効 Extension Web Compat 1.1 default Firefox 60.0 C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.1008 Google Inc. default Firefox 60.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\5l0gf04d.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.7.1 Mozilla Corporation default Firefox 60.0 C:\Users\imagawa\AppData\Roaming\Mozilla\Firefox\Profiles\5l0gf04d.default\gmp-gmpopenh264\1.7.1\gmpopenh264.dll

  • ペソネ
  • 2018/05/10 (Thu) 19:57:48
返信フォームへ 
情報ログも追加でお願いします
こんばんは。
様子見後の報告ですね。

>1週間経ちましたが、PCの挙動に異常はありません。

はい、ログも見せてもらいましたが特に怪しいところもなさそうですね。
インストール情報のログだけ抜けているようなので、これも追加で見せてもらえますか。

よほどおかしなことでもない限りこの1週間の間に知らないモノが入ってたりしないでしょうが、最後まで油断しないで行きましょう。
人の目はごまかせてもお天道様はすべてお見通しです(←それ悪代官側のセリフじゃないから
  • 悪代官
  • 2018/05/10 (Thu) 20:05:12
返信フォームへ 
PUP.Optional.Legacyについて
失礼いたしました。ログはこちらになります。

インストールリスト
3D Builder Microsoft Corporation 2018/04/08 15.2.10821.1000
Apple Application Support(64 ビット) Apple Inc. 2018/04/03 153 MB 6.4
Apple Mobile Device Support Apple Inc. 2018/04/21 25.7 MB 11.3.1.6
BUFFALO エアステーション設定ツール BUFFALO INC. 2017/12/07 2.95 MB 2.0.15
CCleaner Piriform 2018/05/04 5.42
Groove ミュージック Microsoft Corporation 2018/04/08 10.18011.13411.1000
iTunes Apple Inc. 2018/04/21 400 MB 12.7.4.80
Malwarebytes バージョン 3.4.5.2467 Malwarebytes 2018/05/01 183 MB 3.4.5.2467
Microsoft Pay Microsoft Corporation 2018/03/28 2.2.18065.0
Microsoft Solitaire Collection Microsoft Studios 2018/05/02 4.1.4251.0
Microsoft Sticky Notes Microsoft Corporation 2018/04/02 2.1.18.0
Microsoft Store Microsoft Corporation 2018/05/10 11804.1001.8.0
Microsoft Store エクスペリエンス ホスト Microsoft Corporation 2018/05/10 11804.1001.9.0
Mixed Reality ビューアー Microsoft Corporation 2018/04/28 4.1804.19012.0
Mozilla Firefox 60.0 (x64 en-US) Mozilla 2018/05/10 143 MB 60.0
Mozilla Maintenance Service Mozilla 2018/05/04 509 KB 59.0.3
Mozilla Thunderbird 52.7.0 (x86 ja) Mozilla 2018/05/04 91.2 MB 52.7.0
My Office Microsoft Corporation 2018/05/04 17.8918.5926.0
NX PAD Driver Alps 2018/05/04 24.2 MB 8.100.909.312
OneNote Microsoft Corporation 2018/04/17 17.9226.20641.0
People Microsoft Corporation 2018/05/04 10.3.10452.0
Print 3D Microsoft Corporation 2018/03/22 2.0.10611.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2018/05/04 17.0 MB 6.0.1.6186
Web メディア拡張機能 Microsoft Corporation 2018/05/04 1.0.10671.0
Xbox Microsoft Corporation 2018/03/27 39.39.21002.0
Xbox Game bar Microsoft Corporation 2018/05/04 1.26.6001.0
Xbox Game Speech Window Microsoft Corporation 2017/12/15 1.21.13002.0
Xbox gaming overlay Microsoft Corporation 2018/05/04 1.15.1001.0
Xbox Identity Provider Microsoft Corporation 2018/04/08 12.39.13003.1000
Xbox Live Microsoft Corporation 2017/12/15 1.11.29001.0
アプリ インストーラー Microsoft Corporation 2018/05/07 1.0.20921.0
アラーム & クロック Microsoft Corporation 2018/05/04 10.1804.1101.0
カメラ Microsoft Corporation 2018/04/08 2018.227.30.1000
セキュリティ対策ツール 西日本電信電話株式会社 2018/03/31 12.11
セキュリティ対策ツール 西日本電信電話株式会社 2018/03/31 450 MB 12.11
ニュース Microsoft Corporation 2018/04/03 4.23.10923.0
ヒント Microsoft Corporation 2018/05/03 6.10.10872.0
フィードバック Hub Microsoft Corporation 2018/05/01 1.1712.1141.0
フォト Microsoft Corporation 2018/05/04 2018.18031.15820.0
ペイント 3D Microsoft Corporation 2018/04/24 4.1804.13047.0
ボイス レコーダー Microsoft Corporation 2018/04/08 10.1803.613.1000
マップ Microsoft Corporation 2018/04/08 5.1711.10477.1000
メッセージング Microsoft Corporation 2018/05/04 3.38.22001.0
メール/カレンダー Microsoft Corporation 2018/05/10 17.9226.21295.0
モバイル通信プラン Microsoft Corporation 2018/05/04 4.1801.521.0
問い合わせ Microsoft Corporation 2018/04/25 10.1706.10952.0
天気 Microsoft Corporation 2018/05/04 4.23.10923.0
日本語 ローカル エクスペリエンス パック Microsoft Corporation 2018/05/07 17134.0.1.0
映画 & テレビ Microsoft Corporation 2018/04/08 10.17122.16211.1000
電卓 Microsoft Corporation 2018/05/02 10.1804.911.0
電話 Microsoft Corporation 2017/11/28 3.34.12002.0
  • ペソネ
  • 2018/05/10 (Thu) 20:38:53
返信フォームへ 
今後はACの検出結果も鵜呑みにせず吟味しましょう
追加の情報ログも見せていただきました。
今度も怪しいものはなさそうですね。

現在はRuntimeBroker絡みのエラーも出てなければ本題の処置はできたとみていいでしょう。

では作業に使った各ツールは準備時の説明に沿って片付けて「解決」でいいでしょう。

今後はPC環境とセキュリティ意識もひとつずつ固めていってください。

ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

おさらいですが今回は高性能で知られるACやMBAMも万能ではなく、誤検出や過剰反応もあることを改めて示した事例です。

ネット上の大手質問サイトでも毎日ACとMBAMを使えとレスする方は多いものの、その細かい使い方や、誤った使い方による危険性を注意する人はめったにいないのが現状です。
高性能なツールほど過剰反応による誤検出率も高くなるのが常です。
それを理解せず、スキャンで検出されたモノを安易にすぐ隔離削除するとどんな結果が起きてもおかしくないので、検出された結果をよく見てから対処することを忘れないでください。

PCセキュリティのうえでは覚えておくべきことは山ほどありますが、最初から全部頭に詰めこむ必要もありません。
わかる範囲からひとつずつ消化していけばいいのです。

今回も面倒な作業をお疲れ様でした。
以後は安全で快適なPCライフを
  • 悪代官
  • 2018/05/10 (Thu) 20:59:36
返信フォームへ 
Re: PUP.Optional.Legacyについて
悪代官さん、この9日間私の問題にお力添えいただきありがとうございました。
どうやら、ADWの誤検出とのことで、
前回相談した時と同じミスでお手を煩わせてしまって
申し訳ない気持ちで胸がいっぱいです。
これからは何かが検出されたとしてもまず一呼吸おいて
物事へ冷静に対処していきたいと思います。
悪代官さん、重ね重ねありがとうございました。
  • ペソネ
  • 2018/05/10 (Thu) 22:07:52
返信フォームへ 

返信フォーム
プレビュー (投稿前に内容を確認)
  
Template by  マシマロック