悪代官の伏魔殿掲示板
C:ドライブのルートに asc_rdflag というファイルが出現
表題の0バイトのファイルが ‎2019‎年‎7‎月‎17‎日、‏‎6:29:27 に作成されていたのを見つけました。
ちょうどその頃ぐらい以降から、PCの動作に若干の違和感を覚えています。

特に Cities:Skylines というゲームを起動する際、以前はブラウジング等他の作業を
違和感なく同時にこなせていたのが、それ以降PCの動作全体がかなり重くなるようになったため
自分で分かる範囲で調べてみてそのファイルを発見、それが良くないものらしいという事までは判りましたが
それ以上はお手上げの状態です。

また、各IP確認サイトではちゃんと現在利用しているプロパイダが表示されるのですが
なぜか5ch規制リストでだけはアメリカのIPが表示されるのも気になります。
以前はちゃんと日本の利用プロパイダが表示されていました。

以上の件からウィルス感染を疑っているのですが、相談に乗って頂けませんでしょうか。
  • green
  • 2019/07/20 (Sat) 04:52:28
HJT・CCのログです
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:51:56, on 2019/07/20
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
D:\Program Files (x86)\IPMsg\ipmsg.exe
D:\Program Files (x86)\Mfa176\MFA.exe
D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
D:\Program Files (x86)\tvclock111\TVClock.exe
D:\Users\green\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - D:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - HKLM\..\Run: [IObit Malware Fighter] "d:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Program Files\Classic Shell\ClassicIE_32.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 12 (AdvancedSystemCareService12) - IObit - d:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - d:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - d:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - d:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service: @C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe,-100 (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICEsound Service (ICEsoundService) - Unknown owner - C:\WINDOWS\system32\ICEsoundService64.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - d:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - d:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MusicCenter Back-End Service - Sony Video & Sound Products Inc. - D:\Program Files (x86)\Sony\Music Center\avlib\SsBeServiceMc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
O23 - Service: PACSPTISVR-Music_Center - Sony Video & Sound Products Inc. - D:\Program Files (x86)\Sony\Music Center\Sony.Earth\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther VPN Project at University of Tsukuba, Japan. - d:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 8939 bytes



3D ビューアー Microsoft Corporation 2019/03/08 6.1903.4012.0
A-Train PC Classic / みんなのA列車で行こうPC ARTDINK 2018/09/20
A-Train9v5 ARTDINK 2018/12/08 1.21 GB 5.00.4431
Adobe Flash Player 32 PPAPI Adobe 2019/07/09 4.63 MB 32.0.0.223
Adobe Photoshop Elements 5.0 Adobe Systems Inc. 2018/09/23 5.0
Advanced SystemCare 12 IObit 2019/06/22 115 MB 12.4.0
Avast Free Antivirus AVAST Software 2019/05/25 19.5.2378
Besiege Spiderling Studios 2018/11/24
Candy Crush Saga king.com 2019/05/07 1.1501.2.0
Candy Crush Soda Saga king.com 2019/05/17 1.139.500.0
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 2018/09/22 1.7.0.4
Canon Internet Library for ZoomBrowser EX Canon Inc. 2018/09/22 1.6.3.9
Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 2018/09/22 3.2.0.34
Canon Utilities CameraWindow Canon Inc. 2018/09/22 7.3.0.4
Canon Utilities CameraWindow DC Canon Inc. 2018/09/22 7.4.1.10
Canon Utilities CameraWindow DC 8 Canon Inc. 2018/09/22 8.0.0.19
Canon Utilities MyCamera Canon Inc. 2018/09/22 7.3.0.5
Canon Utilities ZoomBrowser EX Canon Inc. 2018/09/22 6.4.0.7
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 2018/09/22 1.2.2.11
CCleaner Piriform 2019/07/20 5.60
Cities: Skylines Colossal Order Ltd. 2018/09/26
Classic Shell IvoSoft 2018/09/19 13.1 MB 4.3.1
Dolby Access Dolby Laboratories 2019/03/12 2.4.520.0
Driver Booster 6 IObit 2018/12/29 75.2 MB 6.1.0
Epson Copy Utility 4 Seiko Epson Corporation 2018/09/24 4.67 MB 4.01.0001
Epson Event Manager Seiko Epson Corporation 2018/09/24 44.0 MB 3.10.0061
EPSON PX-105 Series プリンター アンインストール SEIKO EPSON Corporation 2018/09/20
EPSON Scan Seiko Epson Corporation 2018/09/24
Epson Software Updater Seiko Epson Corporation 2018/09/21 11.1 MB 4.4.9
ffdshow x64 v1.3.4533 [2014-09-29] 2018/09/23 14.7 MB 1.3.4533.0
GOM Player Gretech Corporation 2018/09/25 2.1.47.5133
Google Chrome Google LLC 2019/07/19 75.0.3770.142
Google 日本語入力 Google Inc. 2018/09/18 83.7 MB 2.24.3250.0
Groove ミュージック Microsoft Corporation 2019/04/03 10.19031.11411.0
GV 2018/09/23
HEVC Video Extensions from Device Manufacturer Microsoft Corporation 2018/12/12 1.0.13209.0
Hidden City: アイテム探しアドベンチャー G5 Entertainment AB 2019/05/02 1.28.2803.0
honestech VHS to DVD 2.5 SE honestech 2018/09/23 2.5
I am Bread Bossa Studios 2018/11/24
ILLUSION すくぅ~るメイト2 体験版 ILLUSION 2018/09/24 193 MB 1.00.0000
ILLUSION でじたるメイト ILLUSION 2018/09/24 436 MB 1.00.0000
IObit Malware Fighter 6 IObit 2019/05/19 135 MB 6.6
IObit Uninstaller 8 IObit 2019/03/29 54.3 MB 8.4.0.8
Kerbal Space Program Squad 2018/10/31
Leawo Blu-ray Player バージョン 1.10.0.2 Leawo Software 2019/02/16 133 MB 1.10.0.2
Lhaz ちとらソフト 2018/09/18 3.22 MB 2.5.1
Live5ch 2018/09/18
Microsoft OneDrive Microsoft Corporation 2019/07/19 131 MB 19.103.0527.0003
Microsoft Pay Microsoft Corporation 2018/09/17 2.1.18009.0
Microsoft Solitaire Collection Microsoft Studios 2019/04/12 4.3.4032.0
Microsoft Sticky Notes Microsoft Corporation 2019/05/14 3.6.71.0
Microsoft Store Microsoft Corporation 2019/05/05 11904.1001.1.0
Microsoft Store エクスペリエンス ホスト Microsoft Corporation 2019/01/30 11811.1001.18.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2018/09/23 4.99 MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2018/09/24 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 2019/02/16 5.95 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2018/09/24 10.2 MB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2018/09/20 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2018/09/20 11.1 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2018/09/24 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2018/09/24 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 2018/09/24 19.5 MB 14.0.24215.1
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 Microsoft Corporation 2018/09/18 23.3 MB 14.11.25325.0
Microsoft ニュース Microsoft Corporation 2019/04/03 4.30.10924.0
Minecraft Microsoft Studios 2019/05/17 1.11.301.0
MPC-HC 1.7.13 (64-bit) MPC-HC Team 2018/09/23 47.0 MB 1.7.13
MPEG-2 ビデオ拡張機能 Microsoft Corporation 2018/10/12 1.0.12831.0
Music Center for PC Sony Video & Sound Products Inc. 2018/10/09 209 MB 2.0.0.00992
NVIDIA 3D Vision コントローラー ドライバー 390.41 NVIDIA Corporation 2018/09/21 390.41
NVIDIA PhysX システム ソフトウェア 9.18.0907 NVIDIA Corporation 2018/09/21 9.18.0907
Office Microsoft Corporation 2019/03/22 18.1903.1152.0
OneNote Microsoft Corporation 2019/05/09 16001.11629.20028.0
Opera Stable 62.0.3331.43 Opera Software 2019/07/06 62.0.3331.43
PC Viewer DRY-PC Viewer TypeC YUPITERU 2018/12/20 72.7 MB 1.1.31
People Microsoft Corporation 2019/04/16 10.1902.633.0
PHANTASY STAR ONLINE 2 SEGA Games Co., Ltd. 2018/09/21 7.19 MB
Print 3D Microsoft Corporation 2019/04/25 3.3.791.0
Real Alternative 2.0.2 2018/12/12 23.0 MB 2.0.2
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2019/01/16 6.0.1.8549
sdrt(5.0, 64bit) パルティオソフト株式会社 2018/09/24 4.09 MB 5.0.6.0
SENRAN KAGURA Reflexions Tamsoft 2019/06/25
Skype Skype 2019/05/06 14.44.40.0
Smart Defrag 6 IObit 2019/05/23 59.7 MB 6.2
SoftEther VPN Client SoftEther VPN Project 2018/09/18 4.28.9669
Sony Media Library Earth 9.3.01 Sony Corporation 2018/09/23 50.5 MB 9.3.01.03100
Steam Valve Corporation 2018/09/18 2.10.91.91
Update for Windows 10 for x64-based Systems (KB4023057) Microsoft Corporation 2019/06/22 1.41 MB 2.59.0.0
VLC media player VideoLAN 2019/02/16 3.0.6
Web メディア拡張機能 Microsoft Corporation 2019/01/23 1.0.13321.0
x-アプリ 6.0.04 Sony Corporation 2018/09/23 84.1 MB 10.0.04
Xbox Microsoft Corporation 2019/05/07 48.53.3001.0
Xbox Game bar Microsoft Corporation 2019/05/17 1.41.14001.0
Xbox Game Speech Window Microsoft Corporation 2018/09/18 1.21.13002.0
Xbox gaming overlay Microsoft Corporation 2018/10/30 1.16.1012.0
Xbox Identity Provider Microsoft Corporation 2019/05/02 12.52.24002.0
Xbox Live Microsoft Corporation 2018/12/10 1.24.10001.0
アプリ インストーラー Microsoft Corporation 2019/04/12 1.0.30732.0
アラーム & クロック Microsoft Corporation 2019/05/02 10.1903.1006.0
カスタムオーダーメイド3D2 KISS 2018/12/08 11.2 GB
カスタムメイド3D2 KISS 2018/12/08 7.49 GB
カメラ Microsoft Corporation 2019/05/15 2019.425.30.0
ヒント Microsoft Corporation 2018/10/09 6.15.12641.0
フィードバック Hub Microsoft Corporation 2019/04/09 1.1811.10862.0
フォト Microsoft Corporation 2019/05/06 2019.19031.17720.0
フォト アドオン Microsoft Corporation 2019/04/11 2017.39121.36610.0
ペイント 3D Microsoft Corporation 2019/04/12 5.1904.8017.0
ボイス レコーダー Microsoft Corporation 2019/03/28 10.1902.633.0
マップ Microsoft Corporation 2019/04/10 5.1902.843.0
マーチ オブ エンパイア - 領土戦争 Gameloft. 2019/05/17 4.0.1.1
メッセージング Microsoft Corporation 2019/02/19 4.1901.10241.0
メール/カレンダー Microsoft Corporation 2019/04/02 16005.11425.20190.0
モバイル通信プラン Microsoft Corporation 2019/02/28 5.1902.361.0
問い合わせ Microsoft Corporation 2019/04/19 10.1706.20381.0
天気 Microsoft Corporation 2019/02/14 4.28.10351.0
日本語 ローカル エクスペリエンス パック Microsoft Corporation 2019/05/07 17134.33.47.0
映画 & テレビ Microsoft Corporation 2019/04/03 10.19031.11411.0
電卓 Microsoft Corporation 2019/05/02 10.1903.21.0
  • green
  • 2019/07/20 (Sat) 04:55:35
ちょっと確認を
こんばんは。
ここの管理人の悪代官です。
家老ではなく悪代官です。その証拠に過労です(謎

説明とログを見せていただきました。

本題のasc_rdflagの素性はまだ不明ですが、ログを見たところうざいモノが色々入ってますね。
ですがそれらが絡んでいるかもまだ断定できません。

最初に確認しますが、該当のPCはお仕事か学業にお使いですか?
下記のような業務に使われることが多いアプリが見えてますので。
>Adobe Photoshop Elements 5.0 Adobe Systems Inc. 2018/09/23 5.0

ただお仕事使用のPCとなると下記の無償版セキュリティソフトは使えないはずなので。
>Avast Free Antivirus AVAST Software 2019/05/25 19.5.2378

それから、下記アプリは今回の異常が出だしてからご自身で入れたものですか?
>IObit Malware Fighter 6 IObit 2019/05/19 135 MB 6.6
>IObit Uninstaller 8 IObit 2019/03/29 54.3 MB 8.4.0.8

上記の確認のお返事を訊いてから安全な対応進めましょう
  • 悪代官
  • 2019/07/20 (Sat) 21:06:24
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ご確認、ありがとうございます。
PCは完全に趣味のもので仕事用ではありません。
ブラウジングや画像処理、近年は3Dゲームに対応するために
ある程度ゲーミングPC的な性能があるものを使用しています。

>Adobe Photoshop Elements 5.0 Adobe Systems Inc. 2018/09/23 5.0
これはスキャナだったかなにかに添付されていたもので、趣味の模型用画像などの処理に使っています。
あとは年賀状の文字入れなど。

>Avast Free Antivirus AVAST Software 2019/05/25 19.5.2378
趣味用ということでこのような無償ソフトで対応しています。
もっとも当方、ノートPCやタブレット含めて仕事用PCは所有しておりません。
所有PCにはすべてこのアバストを入れています。

>IObit Malware Fighter 6 IObit 2019/05/19 135 MB 6.6
>IObit Uninstaller 8 IObit 2019/03/29 54.3 MB 8.4.0.8
このあたりは確か最初に Advanced SystemCare を導入、その後
そのソフトからのおすすめ的なものに従って順次入れていったものです。
導入時期は今回の異常が出るよりも前です。

ご質問に対する答えは以上です。どうか宜しくお願い致します。
  • green
  • 2019/07/20 (Sat) 22:37:25
それでは慎重に作業開始です
早速のレスありがとうございます。
説明を見せていただきました。
該当PCはお仕事使用ではないようなので協力可能でしょう。

では慎重に調べながら探っていきますか。

まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。

では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。

隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja

下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「GeekUninstaller」(通称:GU)
説明ページ↓
http://www.gigafree.net/system/install/geekuninstaller.html
ダウンロード↓
http://www.geekuninstaller.com/download
「download free」をクリック、保存後、解凍してください。
片付ける時はフォルダごと手動で削除してください。

「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
https://www.piriform.com/ccleaner/builds
最新バージョンの「ポータブル版」(Portable)をダウンロード後、解凍して起動してください。
片付けるときはそのフォルダを削除すればいいです。

ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。

準備できたら作業開始です。
なお、このあとの作業で探しても見つからないものはスルーして進めていいですが、指示した対象外の物は絶対にいじらないようによく見て作業してください。

また、作業のうえで削除指示するものもあるはずですが、ご自身で必要として入れたものがあればそれの削除は保留して、次のレスでその旨を教えてください。

最初にWindowsUpdateの確認して、必要な更新があればそれを全部更新してください。
ですがそこで更新ができないようならこの後に説明する作業はせずに更新失敗の旨をレスで教えてください。
WUが正常にできなくすることで、感染の解析処置を阻害してくる危険なマルウェアが激増しているためです。
Windowsの各種更新(WindowsUpdate)は常に最新に適用しておかないと、それだけで危険な感染はすぐにでも起きますよ。

なお、Windows10への更新はユーザー自身がよほど必要でなければ非推奨です。
http://www.japan-secure.com/entry/Windows_Update_7.html
http://www.japan-secure.com/entry/how_to_suppress_the_free_upgrade_of_Windows_10.html

少なくとも下記のアプリは旧バージョンです。
>VLC media player VideoLAN 2019/02/16 3.0.6

各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。

また下記は既に開発更新終了しているので脆弱性の面から削除推奨です。
>Real Alternative 2.0.2 2018/12/12 23.0 MB 2.0.2

ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point

今度はPCをセーフモードで起動してください(やり方↓)
http://www.pc-master.jp/sousa/s-safemode.html
Win8の場合は以下を参考に。
http://freesoft.tvbok.com/win8/tips-and-tools/safemode.html

セーフモードでGUを使って、下記をアンインストールしてください。
>Advanced SystemCare 12 IObit 2019/06/22 115 MB 12.4.0

>Driver Booster 6 IObit 2018/12/29 75.2 MB 6.1.0

>GOM Player Gretech Corporation 2018/09/25 2.1.47.5133

>IObit Malware Fighter 6 IObit 2019/05/19 135 MB 6.6

>sdrt(5.0, 64bit) パルティオソフト株式会社 2018/09/24 4.09 MB 5.0.6.0

>Smart Defrag 6 IObit 2019/05/23 59.7 MB 6.2

アプリの削除できたら今度はHJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。

>O4 - HKLM\..\Run: [IObit Malware Fighter] "d:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

>O23 - Service: IMF Service (IMFservice) - IObit - d:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。

ここでPCを通常モードで再起動してから、スタートメニューの「アクセサリ」→「システムツール」から「ディスククリーンアップ」を起動してください。
起動したら対象ドライブでCドライブを選択してスキャンして、表示された中の「ダウンロードされたプログラムファイル」「インターネット一時ファイル」「一時ファイル」の項目だけチェックを入れてから「OK」「ファイルの削除」を押してください。
これを実行すると選択した部分のゴミファイルが掃除されます。

これを実行することで作業時にスキャンで検出される無駄なゴミファイルも減るのでその分かなり時間や解析も楽になるのです。
「ごみ箱」など他の項目にチェックしないのは、間違って正常なファイルを削除しないためと、もし正常なファイルを削除してごみ箱に入れても戻せるようにするための措置です。

続いてCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。

取り直した両ログと、CCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。
  • 悪代官
  • 2019/07/20 (Sat) 23:21:16
Re: C:ドライブのルートに asc_rdflag というファイルが出現
お教えいただいた作業手順で進めてみました。

>VLC media player VideoLAN 2019/02/16 3.0.6
アップデートの確認をしましたところ既に最新版と出て更新できず、
直接vlc.exeを見たところバージョンは3.0.7.1(更新は2019/06/11)となっていました。

Realの方は現在特に使用していないので削除しました。

>sdrt(5.0, 64bit) パルティオソフト株式会社 2018/09/24 4.09 MB 5.0.6.0
こちらのソフト電池はILLUSIONの古いゲームで使用するものなので残しました。
ほかはアンインストールしましたが、GOM Playerは削除途中で先に進まなくなったので
一旦止めて強制削除モードで消しました。いい話を聞かないソフトですがなるほどと思いました。

>O4 - HKLM\..\Run: [IObit Malware Fighter] "d:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
こちらは見つからなかったのでスルー、IMFsrv.exeはFix checkedしました。

以下、ご指定のログです。


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:40:17, on 2019/07/21
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
D:\Program Files (x86)\IPMsg\ipmsg.exe
D:\Program Files (x86)\Mfa176\MFA.exe
D:\Program Files (x86)\NicoNamaAlert\NicoNamaAlert.exe
D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
D:\Program Files (x86)\tvclock111\TVClock.exe
C:\Program Files (x86)\SoftDenchi\sdproxy.exe
C:\Program Files (x86)\SoftDenchi\sdproxy.exe
D:\Program Files (x86)\kct061_full\kct.exe
D:\Users\green\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - D:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Program Files\Classic Shell\ClassicIE_32.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6}
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll
O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - d:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - d:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - d:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service: @C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe,-100 (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICEsound Service (ICEsoundService) - Unknown owner - C:\WINDOWS\system32\ICEsoundService64.exe (file missing)
O23 - Service: IMF Service (IMFservice) - Unknown owner - d:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (file missing)
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - d:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MusicCenter Back-End Service - Sony Video & Sound Products Inc. - D:\Program Files (x86)\Sony\Music Center\avlib\SsBeServiceMc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
O23 - Service: PACSPTISVR-Music_Center - Sony Video & Sound Products Inc. - D:\Program Files (x86)\Sony\Music Center\Sony.Earth\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther VPN Project at University of Tsukuba, Japan. - d:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 10351 bytes


3D ビューアー Microsoft Corporation 2019/03/08 6.1903.4012.0
A-Train PC Classic / みんなのA列車で行こうPC ARTDINK 2018/09/20
A-Train9v5 ARTDINK 2018/12/08 1.21 GB 5.00.4431
Adobe Flash Player 32 PPAPI Adobe 2019/07/09 4.63 MB 32.0.0.223
Adobe Photoshop Elements 5.0 Adobe Systems Inc. 2018/09/23 5.0
Avast Free Antivirus AVAST Software 2019/05/25 19.5.2378
Besiege Spiderling Studios 2018/11/24
Candy Crush Saga king.com 2019/05/07 1.1501.2.0
Candy Crush Soda Saga king.com 2019/05/17 1.139.500.0
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 2018/09/22 1.7.0.4
Canon Internet Library for ZoomBrowser EX Canon Inc. 2018/09/22 1.6.3.9
Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 2018/09/22 3.2.0.34
Canon Utilities CameraWindow Canon Inc. 2018/09/22 7.3.0.4
Canon Utilities CameraWindow DC Canon Inc. 2018/09/22 7.4.1.10
Canon Utilities CameraWindow DC 8 Canon Inc. 2018/09/22 8.0.0.19
Canon Utilities MyCamera Canon Inc. 2018/09/22 7.3.0.5
Canon Utilities ZoomBrowser EX Canon Inc. 2018/09/22 6.4.0.7
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 2018/09/22 1.2.2.11
CCleaner Piriform 2019/07/20 5.60
Cities: Skylines Colossal Order Ltd. 2018/09/26
Classic Shell IvoSoft 2018/09/19 13.1 MB 4.3.1
Dolby Access Dolby Laboratories 2019/03/12 2.4.520.0
Epson Copy Utility 4 Seiko Epson Corporation 2018/09/24 4.67 MB 4.01.0001
Epson Event Manager Seiko Epson Corporation 2018/09/24 44.0 MB 3.10.0061
EPSON PX-105 Series プリンター アンインストール SEIKO EPSON Corporation 2018/09/20
EPSON Scan Seiko Epson Corporation 2018/09/24
Epson Software Updater Seiko Epson Corporation 2018/09/21 11.1 MB 4.4.9
ffdshow x64 v1.3.4533 [2014-09-29] 2018/09/23 14.7 MB 1.3.4533.0
Google Chrome Google LLC 2019/07/19 75.0.3770.142
Google 日本語入力 Google Inc. 2018/09/18 83.7 MB 2.24.3250.0
Groove ミュージック Microsoft Corporation 2019/04/03 10.19031.11411.0
GV 2018/09/23
HEVC Video Extensions from Device Manufacturer Microsoft Corporation 2018/12/12 1.0.13209.0
Hidden City: アイテム探しアドベンチャー G5 Entertainment AB 2019/05/02 1.28.2803.0
honestech VHS to DVD 2.5 SE honestech 2018/09/23 2.5
I am Bread Bossa Studios 2018/11/24
ILLUSION すくぅ~るメイト2 体験版 ILLUSION 2018/09/24 193 MB 1.00.0000
ILLUSION でじたるメイト ILLUSION 2018/09/24 436 MB 1.00.0000
IObit Uninstaller 8 IObit 2019/03/29 54.3 MB 8.4.0.8
Kerbal Space Program Squad 2018/10/31
Leawo Blu-ray Player バージョン 1.10.0.2 Leawo Software 2019/02/16 133 MB 1.10.0.2
Lhaz ちとらソフト 2018/09/18 3.22 MB 2.5.1
Live5ch 2018/09/18
Microsoft OneDrive Microsoft Corporation 2019/07/19 131 MB 19.103.0527.0003
Microsoft Pay Microsoft Corporation 2018/09/17 2.1.18009.0
Microsoft Solitaire Collection Microsoft Studios 2019/04/12 4.3.4032.0
Microsoft Sticky Notes Microsoft Corporation 2019/05/14 3.6.71.0
Microsoft Store Microsoft Corporation 2019/05/05 11904.1001.1.0
Microsoft Store エクスペリエンス ホスト Microsoft Corporation 2019/01/30 11811.1001.18.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2018/09/23 4.99 MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2018/09/24 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 2019/02/16 5.95 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2018/09/24 10.2 MB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2018/09/20 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2018/09/20 11.1 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2018/09/24 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2018/09/24 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 2018/09/24 19.5 MB 14.0.24215.1
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 Microsoft Corporation 2018/09/18 23.3 MB 14.11.25325.0
Microsoft ニュース Microsoft Corporation 2019/04/03 4.30.10924.0
Minecraft Microsoft Studios 2019/05/17 1.11.301.0
MPC-HC 1.7.13 (64-bit) MPC-HC Team 2018/09/23 47.0 MB 1.7.13
MPEG-2 ビデオ拡張機能 Microsoft Corporation 2018/10/12 1.0.12831.0
Music Center for PC Sony Video & Sound Products Inc. 2018/10/09 209 MB 2.0.0.00992
NVIDIA 3D Vision コントローラー ドライバー 390.41 NVIDIA Corporation 2018/09/21 390.41
NVIDIA PhysX システム ソフトウェア 9.18.0907 NVIDIA Corporation 2018/09/21 9.18.0907
Office Microsoft Corporation 2019/03/22 18.1903.1152.0
OneNote Microsoft Corporation 2019/05/09 16001.11629.20028.0
Opera Stable 62.0.3331.43 Opera Software 2019/07/06 62.0.3331.43
PC Viewer DRY-PC Viewer TypeC YUPITERU 2018/12/20 72.7 MB 1.1.31
People Microsoft Corporation 2019/04/16 10.1902.633.0
PHANTASY STAR ONLINE 2 SEGA Games Co., Ltd. 2018/09/21 7.19 MB
Print 3D Microsoft Corporation 2019/04/25 3.3.791.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2019/01/16 6.0.1.8549
sdrt(5.0, 64bit) パルティオソフト株式会社 2018/09/24 4.09 MB 5.0.6.0
SENRAN KAGURA Reflexions Tamsoft 2019/06/25
Skype Skype 2019/05/06 14.44.40.0
SoftEther VPN Client SoftEther VPN Project 2018/09/18 4.28.9669
Sony Media Library Earth 9.3.01 Sony Corporation 2018/09/23 50.5 MB 9.3.01.03100
Steam Valve Corporation 2018/09/18 2.10.91.91
Update for Windows 10 for x64-based Systems (KB4023057) Microsoft Corporation 2019/06/22 1.41 MB 2.59.0.0
VLC media player VideoLAN 2019/02/16 3.0.6
Web メディア拡張機能 Microsoft Corporation 2019/01/23 1.0.13321.0
x-アプリ 6.0.04 Sony Corporation 2018/09/23 84.1 MB 10.0.04
Xbox Microsoft Corporation 2019/05/07 48.53.3001.0
Xbox Game bar Microsoft Corporation 2019/05/17 1.41.14001.0
Xbox Game Speech Window Microsoft Corporation 2018/09/18 1.21.13002.0
Xbox gaming overlay Microsoft Corporation 2018/10/30 1.16.1012.0
Xbox Identity Provider Microsoft Corporation 2019/05/02 12.52.24002.0
Xbox Live Microsoft Corporation 2018/12/10 1.24.10001.0
アプリ インストーラー Microsoft Corporation 2019/04/12 1.0.30732.0
アラーム & クロック Microsoft Corporation 2019/05/02 10.1903.1006.0
カスタムオーダーメイド3D2 KISS 2018/12/08 11.2 GB
カスタムメイド3D2 KISS 2018/12/08 7.49 GB
カメラ Microsoft Corporation 2019/05/15 2019.425.30.0
ヒント Microsoft Corporation 2018/10/09 6.15.12641.0
フィードバック Hub Microsoft Corporation 2019/04/09 1.1811.10862.0
フォト Microsoft Corporation 2019/05/06 2019.19031.17720.0
フォト アドオン Microsoft Corporation 2019/04/11 2017.39121.36610.0
ペイント 3D Microsoft Corporation 2019/04/12 5.1904.8017.0
ボイス レコーダー Microsoft Corporation 2019/03/28 10.1902.633.0
マップ Microsoft Corporation 2019/04/10 5.1902.843.0
マーチ オブ エンパイア - 領土戦争 Gameloft. 2019/05/17 4.0.1.1
メッセージング Microsoft Corporation 2019/02/19 4.1901.10241.0
メール/カレンダー Microsoft Corporation 2019/04/02 16005.11425.20190.0
モバイル通信プラン Microsoft Corporation 2019/02/28 5.1902.361.0
問い合わせ Microsoft Corporation 2019/04/19 10.1706.20381.0
天気 Microsoft Corporation 2019/02/14 4.28.10351.0
日本語 ローカル エクスペリエンス パック Microsoft Corporation 2019/05/07 17134.33.47.0
映画 & テレビ Microsoft Corporation 2019/04/03 10.19031.11411.0
電卓 Microsoft Corporation 2019/05/02 10.1903.21.0


有効 HKCU:Run CCleaner Smart Cleaning Piriform Software Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run AvastUI.exe AVAST Software "d:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run Classic Start Menu IvoSoft "D:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
有効 HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
有効 HKLM:Run SoftEther VPN Client UI Helper SoftEther VPN Project at University of Tsukuba, Japan. "d:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
有効 Startup Common SoftEther VPN Client Manager Startup.lnk D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
有効 Startup User IPMSG for Win32.lnk D:\Program Files (x86)\IPMsg\ipmsg.exe
有効 Startup User MFA.lnk D:\Program Files (x86)\Mfa176\MFA.exe
有効 Startup User NicoNamaAlert.lnk D:\Program Files (x86)\NicoNamaAlert\NicoNamaAlert.exe
有効 Startup User PROXOMITRON.lnk D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
有効 Startup User TVClock.lnk D:\Program Files (x86)\tvclock111\TVClock.exe


有効 Task Adobe Flash Player PPAPI Notifier Adobe C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe -check pepperplugin
有効 Task Adobe Flash Player Updater Adobe C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task ASC12_SkipUac_greenmax "D:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac
有効 Task CCleanerSkipUAC Piriform Software Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task Driver Booster Scheduler D:\Program Files (x86)\IObit\Driver Booster\6.1.0\Scheduler.exe /scheduler
有効 Task EPSON GT-X980 Update SEIKO EPSON CORPORATION C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe /EXE_S:"EPSON GT-X980","ES00FE.DAT" /F:"Update"
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task IMF_SkipUAC_greenmax d:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /SkipUac
有効 Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
有効 Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
有効 Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
有効 Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
有効 Task NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
有効 Task NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
有効 Task NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
有効 Task OneDrive Standalone Update Task-S-1-5-21-1820434542-3641797410-228512082-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
有効 Task Opera scheduled Autoupdate 1502748092 Opera Software D:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
有効 Task SmartDefrag_Update D:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe /autorun
有効 Task Uninstaller_SkipUac_greenmax IObit d:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer


有効 Directory IObit Malware Fighter
有効 Directory IObitUnstaler d:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory VLCメディアプレイヤーで再生 VideoLAN "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 Directory ファイルの所有権
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File 00asw d:\Program Files\AVAST Software\Avast\ashShell.dll
有効 File avast d:\Program Files\AVAST Software\Avast\ashShell.dll
有効 File IObit Malware Fighter
有効 File IObitUnstaler d:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
有効 File LhazDll d:\Program Files\Lhaz\LhazDll.dll
有効 File LhazDll32 d:\Program Files\Lhaz\LhazDll32.dll
有効 Folder avast d:\Program Files\AVAST Software\Avast\ashShell.dll
有効 Folder IObit Malware Fighter
有効 Folder IObitUnstaler d:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
有効 Folder LhazDll d:\Program Files\Lhaz\LhazDll.dll
有効 Folder LhazDll32 d:\Program Files\Lhaz\LhazDll32.dll
有効 Folder StartMenuExt IvoSoft C:\WINDOWS\system32\StartMenuHelper64.dll


有効 Extension Classic IE Settings D:\Program Files\Classic Shell\ClassicIE_32.exe
有効 Helper ClassicIEBHO Class D:\Program Files\Classic Shell\ClassicIEDLL_32.dll
有効 Helper ClassicIEBHO Class D:\Program Files\Classic Shell\ClassicIEDLL_64.dll
有効 Helper ExplorerBHO Class D:\Program Files\Classic Shell\ClassicExplorer32.dll
有効 Helper ExplorerBHO Class D:\Program Files\Classic Shell\ClassicExplorer64.dll
有効 Helper ExplorerWnd Helper d:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
有効 Toolbar Classic Explorer Bar D:\Program Files\Classic Shell\ClassicExplorer32.dll
有効 Toolbar Classic Explorer Bar D:\Program Files\Classic Shell\ClassicExplorer64.dll


有効 App Gmail 8.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0
有効 App Google ドライブ 14.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0
有効 App YouTube 4.2.8 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Google オフライン ドキュメント 1.7 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1
有効 Extension スプレッドシート 1.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0
有効 Extension スライド 0.10 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0
有効 Extension ドキュメント 0.10 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0


ログは以上です。なおCCのBrowser Pluginのうち、IE・Google Chromeについては上記の通りですが
Operaについては空白でしたので、貼り付けは省略(というか出来ない)しました。

それでは引き続き、宜しくお願い致します。
  • green
  • 2019/07/21 (Sun) 07:28:52
Iobitの行儀悪さは周知です
作業と報告、ご苦労様です。
VLCは最新状態になってましたか。
CCはインストール情報で更新前の表示が出ることがあるので、プログラム自体が更新できていればそこはいいです。

>>sdrt(5.0, 64bit) パルティオソフト株式会社 2018/09/24 4.09 MB 5.0.6.0
>こちらのソフト電池はILLUSIONの古いゲームで使用するものなので残しました。

sdrtは通称「ソフト電池」とも呼ばれ、他のアプリやサービス利用に必要と謳われるものです。
バンドルウェアやアドウェアとの声もありますが、自分はあまり良い評価は聞かないので使うなら自己責任で判断をお願いします。
試しに自分が以前検証したら、ソフト電池が必要と謳っていた動画サービスやネトゲもソフト電池削除した状態で特に支障なく動作しました。

他の作業はおおむねできたようですね。
CCの追加ログも見せてもらいました。
ではまた説明を読んでから続きの作業をお願いします。

CCを起動して先の要領で「スタートアップ」の「スケジュールされたタスク」タブを開いて、下記を「無効」にしてください。
>有効 Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe

>有効 Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe

>有効 Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe

>有効 Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe

>有効 Task NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim

>有効 Task NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim

>有効 Task NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim

>有効 Task Uninstaller_SkipUac_greenmax IObit d:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer

最後のエントリはIObit Uninstallerですがこの説明は後述します。

これらは見ての通りnvidiaのエントリでマルウェアではありませんが、同社は数年前から大幅に仕様変更で、自社製品を入れたPCにはこうやってタスケに食い込んで管理する挙動になっています。
この姿勢に対して多くのユーザーから批判も上がっていますが、タスケ無効化するだけならPC操作上支障はないので無効化推奨です。

次に同タブ内の下記エントリをやはり無効化後、続けて「エントリの削除」してください。
>有効 Task Driver Booster Scheduler D:\Program Files (x86)\IObit\Driver Booster\6.1.0\Scheduler.exe /scheduler

>有効 Task SmartDefrag_Update D:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe /autorun

先にアンインストールしたはずのDriver BoosterとSmartDefragです。
Iobitのアプリはアンインストールしても普通には消えず、以後も残ることがわかっています。
しかも「有効」状態でわかるように「生きて動いている」状態です。
無効化後に削除できればそこは掃除できます。
ここで息の根を止めておきましょう(←この辺が悪代官

今度は「コンテキストメニュー」タブも開いて、下記エントリをまた無効化と削除です。
>有効 Directory IObit Malware Fighter

>有効 File IObit Malware Fighter

これもIobitの残骸です、

今度は「ブラウザプラグイン」の「IE」タブを開いて下記エントリを無効だけしてください。
>有効 Helper ExplorerWnd Helper d:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll

これでIobit関連は一旦止められます。
なおIObit Uninstallerだけ削除せず残しているのは、これは解析ツールとしては非常に優れた性能を持っているので、もしこのあと必要なら解析に使うかもしれないためです。
今回のスレが解決する前にはIUも削除指示する予定です。

CCを終了したら次は下記のツールを準備してください。
「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「設定」欄の最下段にある「アンインストール」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/

ダウンロード
https://www.malwarebytes.org/mwb-download/thankyou/
ファイル直リンです。保存しておいてください。

使い方の説明サイト
http://www.gigafree.net/security/MalwarebytesAnti-MalwareFree.html

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。

続いてここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。

両ツールのアップデートができたらディスククリーンアップを使ってゴミファイルの掃除したあと、PCをセーフモードで再起動してしてください。

続いてPCをセーフモード起動してから、先に一度起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

ACでの作業ができたら次はMBAMの作業です。
またセーフモード起動してからMBAM起動してスキャンしてください。
MBAM起動したら「スキャン」タブで「カスタムスキャン」選択後、Cドライブを含む全ドライブを選択してください。
それとルートキットスキャンの項目もチェック入れておいてください。

この形でスキャンすると時間はかかりますができるだけ細かくスキャンするためです。

両ツールのスキャンの順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、画面右下にその結果を知らせるメッセージが出るので、それを押すとその結果が表示されるはずです。
そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとしばらくPC状態を様子見後、作業後に保存したACとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。

それと、最初の本題だったasc_rdflagがまだ存在していればその情報も調べてください。
同ファイルを右クリックし「プロパティ」で「全般」タブを開き、「作成日時」「更新日時」を次回レスで教えてください。

これらの結果とログを見せてもらってからまた次の対処を考えましょう
  • 悪代官
  • 2019/07/21 (Sun) 19:25:11
Re: C:ドライブのルートに asc_rdflag というファイルが出現
遅くなりまして申し訳ありません、時間がかかるとは書かれていましたが
まさかMBAMのスキャンに60時間かかるとは思いませんでした。

まずCCで、ご指定の項目を無効にしました。

以下ACのログです。

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-21-2019
# Duration: 00:00:28
# OS: Windows 10 Home
# Scanned: 27198
# Detected: 20


***** [ Services ] *****

PUP.Optional.AdvancedSystemCare IMFservice

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\green\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

PUP.Optional.AdvancedSystemCare C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKCU\Software\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.DriverBooster HKLM\Software\Wow6432Node\IObit\Driver Booster
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-21-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 20
# Failed: 0


***** [ Services ] *****

Deleted IMFservice

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Users\green\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\IObit\Advanced SystemCare
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3175 octets] - [21/07/2019 20:48:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


続きましてMBAMのログです。

Malwarebytes
www.malwarebytes.com

-ログの詳細-
スキャン日付: 2019/07/21
スキャン時間: 21:00
ログファイル: 1cf731cf-abaf-11e9-bf43-000000000000.json

-ソフトウェア情報-
バージョン: 3.8.3.2965
コンポーネントバージョン: 1.0.613
パッケージバージョンをアップデート: 1.0.11654
ライセンス: トライアル版

-システム情報-
OS: Windows 10 (Build 17134.860)
CPU: x64
ファイルシステム: NTFS
ユーザー: NANACHI\greenmax

-スキャン結果の概要-
スキャンタイプ: カスタムスキャン
スキャン開始日時: マニュアル
結果: 完了
スキャンされたオブジェクト: 8480208
検出された脅威: 63
隔離された脅威: 63
経過時間: 60 時 31 分 22 秒

-スキャンオプション-
メモリ: 有効
スタートアップ: 有効
ファイルシステム: 有効
アーカイブ: 有効
ルートキット: 有効
ヒューリスティック: 有効
PUP: 検出
PUM: 検出

-スキャンの詳細-
プロセス: 0
(悪意のあるアイテムは検出されませんでした)

モジュール: 0
(悪意のあるアイテムは検出されませんでした)

レジストリキー: 3
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC12_SKIPUAC_GREENMAX, 起動時に削除, [3815], [380341],1.0.11654
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A929A784-5B59-497F-BD3E-535C76F5F1DA}, 起動時に削除, [3815], [380341],1.0.11654
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A929A784-5B59-497F-BD3E-535C76F5F1DA}, 起動時に削除, [3815], [380341],1.0.11654

レジストリ値: 0
(悪意のあるアイテムは検出されませんでした)

レジストリデータ: 0
(悪意のあるアイテムは検出されませんでした)

データストリーム: 0
(悪意のあるアイテムは検出されませんでした)

フォルダ: 0
(悪意のあるアイテムは検出されませんでした)

ファイル: 60
PUP.Optional.AdvancedSystemCare, C:\ADWCLEANER\QUARANTINE\V1\20190721.204919\5\REGISTRYDEFRAGBOOTTIME.EXE#3B6905CC12F26548, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC12_SKIPUAC_GREENMAX, 起動時に削除, [3815], [380341],1.0.11654
HackTool.CheatEngine, F:\Dバックアップ\PROGRAM FILES (X86)\CHEAT ENGINE 6.2\CHEATENGINE-I386.EXE, 起動時に削除, [10014], [118005],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DATABASE\AUTOUPDATE.DAT, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WIN10_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WIN10_IA64\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WIN7_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WIN7_IA64\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WIN7_X86\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WLH_X86\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WLH_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WNET_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WNET_X86\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WXP_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\WXP_X86\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DRIVERS\XP_AMD64\REGISTRYDEFRAGBOOTTIME.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCDOWNLOAD.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCINIT.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\CPUIDINTERFACE.DLL, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\AUTOUPDATE.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\DISKDEFRAG.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\FEEDBACK.EXE, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\JUMPLISTDLL.DLL, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\HARDWARELIB.DLL, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Dバックアップ\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\SCANNER.DLL, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.SofTonic, F:\Eバックアップ\DLもの\動画\SOFTONICDOWNLOADER_FOR_VIDEO-CONVERTER-ULTIMATE-WIN.EXE, 起動時に削除, [1935], [8262],1.0.11654
PUP.Optional.AdvancedSystemCare, F:\Eバックアップ\DLもの\管理\ASC-11_0-JP.ZIP, 起動時に削除, [3815], [396386],1.0.11654
Adware.WhenU, F:\Eバックアップ\DLもの\DAEMON4091-X86.EXE, 起動時に削除, [2815], [294434],1.0.11654
PUP.Optional.OpenCandy, F:\Eバックアップ\DLもの\管理\ADAWARE_INSTALLER.EXE, 起動時に削除, [1159], [297667],1.0.11654
PUP.Optional.Conduit, F:\Eバックアップ\DLもの\解凍\BROTHERSOFTDOWNLOADER_FOR_AMD_DUAL_CORE_OPTIMIZER.EXE, 起動時に削除, [207], [124048],1.0.11654
PUP.Optional.InstallCore, E:\ユーザー\緑・最大\APPDATA\LOCAL\TEMP\ICREINSTALL_JAVA-RUNTIME-ENVIRONMENT-7.EXE, 起動時に削除, [446], [8571],1.0.11654
PUP.Optional.ASK, E:\旧C\PROGRAM FILES\ASK.COM\UPDATETASK.EXE, 起動時に削除, [2], [113867],1.0.11654
PUP.Optional.Spigot, E:\旧C\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL, 起動時に削除, [162], [300859],1.0.11654
PUP.Optional.Spigot, E:\旧C\PROGRAM FILES\IOBIT TOOLBAR\IE\4.4\IOBITTOOLBARIE.DLL, 起動時に削除, [162], [300859],1.0.11654
PUP.Optional.ConduitTB, E:\旧C\PROGRAM FILES\IOBITCOM\IOBITCOMTOOLBARHELPER.EXE, 起動時に削除, [4440], [108009],1.0.11654
PUP.Optional.Conduit, E:\旧C\PROGRAM FILES\IOBITCOM\IOBITCOMTOOLBARHELPER1.EXE, 起動時に削除, [207], [121660],1.0.11654
PUP.Optional.Conduit.Generic, E:\旧C\PROGRAM FILES\IOBITCOM\PRXTBIOB1.DLL, 起動時に削除, [1598], [443509],1.0.11654
PUP.Optional.Conduit.Generic, E:\旧C\PROGRAM FILES\IOBITCOM\PRXTBIOB0.DLL, 起動時に削除, [1598], [443509],1.0.11654
PUP.Optional.Conduit.Generic, E:\旧C\PROGRAM FILES\IOBITCOM\TBIOB1.DLL, 起動時に削除, [1598], [443509],1.0.11654
PUP.Optional.Conduit, E:\旧C\PROGRAM FILES\IOBITCOM\UNINSTALL.EXE, 起動時に削除, [207], [121659],1.0.11654
PUP.Optional.Spigot, E:\旧C\PROGRAM FILES\IOBIT TOOLBAR\WIDGIHELPER.EXE, 起動時に削除, [162], [300859],1.0.11654
PUP.Optional.Conduit.Generic, E:\旧C\PROGRAM FILES\IOBITCOM\TBIOB0.DLL, 起動時に削除, [1598], [443509],1.0.11654
PUP.Optional.AuslogicsBoostSpeed, E:\旧D\PROGRAM FILES\AUSLOGICS\AUSLOGICS DISK DEFRAG\SETTINGS.DLL, 起動時に削除, [3599], [610189],1.0.11654
PUP.Optional.SofTonic, E:\DLもの\動画\SOFTONICDOWNLOADER_FOR_VIDEO-CONVERTER-ULTIMATE-WIN.EXE, 起動時に削除, [1935], [8262],1.0.11654
PUP.Optional.OpenCandy, E:\DLもの\管理\ADAWARE_INSTALLER.EXE, 起動時に削除, [1159], [297667],1.0.11654
PUP.Optional.iObitDriverBooster, E:\DLもの\管理\DRIVER_BOOSTER-6_1-JP.ZIP, 起動時に削除, [5281], [651970],1.0.11654
PUP.Optional.iObitDriverBooster, E:\DLもの\管理\DRIVER_BOOSTER-6_0-JP.ZIP, 起動時に削除, [5281], [651970],1.0.11654
PUP.Optional.AdvancedSystemCare, E:\DLもの\管理\ASC-11_0-JP.ZIP, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, E:\DLもの\管理\ASC-11_3-JP.ZIP, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, E:\DLもの\管理\ASC-11_2-JP.ZIP, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, E:\DLもの\管理\ASC-11_5-JP.ZIP, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.Conduit, E:\DLもの\解凍\BROTHERSOFTDOWNLOADER_FOR_AMD_DUAL_CORE_OPTIMIZER.EXE, 起動時に削除, [207], [124048],1.0.11654
PUP.Optional.AdvancedSystemCare, E:\DLもの\管理\ASC-11_1-JP.ZIP, 起動時に削除, [3815], [396386],1.0.11654
PUP.Optional.AdvancedSystemCare, E:\DLもの\管理\ASC-11_4-JP.ZIP, 起動時に削除, [3815], [396386],1.0.11654
Adware.WhenU, E:\DLもの\DAEMON4091-X86.EXE, 起動時に削除, [2815], [294434],1.0.11654
HackTool.CheatEngine, D:\PROGRAM FILES (X86)\CHEAT ENGINE 6.2\CHEATENGINE-I386.EXE, 起動時に削除, [10014], [118005],1.0.11654
Adware.FusionCore.NSIS, D:\USERS\GREEN\APPDATA\ROAMING\GRETECH\GOMPLAYER\GRLAUNCHERTEMPSETUP.EXE, 起動時に削除, [13950], [569658],1.0.11654

物理セクタ: 0
(悪意のあるアイテムは検出されませんでした)

WMI: 0
(悪意のあるアイテムは検出されませんでした)


(end)

以上です。

なお再起動時、途中でフリーズした(HDDアクセスランプも点かずPC無音状態で数分放置)ようなので
一旦強制的に電源OFFの後再投入で起動させました。念の為ご報告しておきます。


なおCドライブのルート上の asc_rdflag は依然存在です。

作成日時:2019‎年‎7‎月‎21‎日、‏‎0:01:12
更新日時:‎2019‎年‎7‎月‎21‎日、‏‎0:01:12


それではまた、引き続きお願い致します。
  • green
  • 2019/07/24 (Wed) 18:37:08
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ところで今回、MBAMでのスキャン時に全てのドライブを選択とありましたので
常時接続している外付けのE・Fドライブも対象にしましたが、もし今後これらは
無条件もしくは条件付きで対象外となるようでしたらお知らせください。
ならん、今後も外付けドライブをスキャンいたせとの仰せでしたら、無論従います。

ちなみにEドライブは、昔内蔵HDDの容量が心もとなかった頃に現在のDドライブのような使い方をしていたもので
それを後にPC本体が更新されても倉庫として、そのまま老舗の秘伝のタレのごとくデータを注ぎ足していったものです。
また、内蔵HDDに入れるには容量が大きすぎると思ったゲームのインストール先にもなっています。
最近では、Steamのゲームのメインインストール先となっております。

Fドライブの方はEドライブよりも後に増設した純然たる倉庫で、容量に余裕があるので他ドライブの
バックアップ先としてもたまに利用しています。(定期的にではなく、思いついた時に利用。)


更に別の話になりますが、もし現時点でFドライブ内の他ドライブのバックアップを
削除してしまっても構わないようでしたら、その様にしてスキャン時間を少しでも短縮したいと思うのですが
如何でしょうか? お手数ですがご回答をいただければ幸いです。
  • green
  • 2019/07/24 (Wed) 19:00:04
VTを使いますか
作業と報告、ご苦労様です。

>まさかMBAMのスキャンに60時間かかるとは思いませんでした

丸2日以上かかるというのは妙ですね?
一応スキャンはできているし検出処置もできているならそこはよしとしましょう。

>なおCドライブのルート上の asc_rdflag は依然存在です。

>作成日時:2019‎年‎7‎月‎21‎日、‏‎0:01:12
>更新日時:‎2019‎年‎7‎月‎21‎日、‏‎0:01:12

はい、了解です。
日付を見ればその本体となるアプリのインストール日から糸口つかめるかと思いましたがその日付にインストされたアプリはないですね。
まだ素性はつかめませんでしたが他のところは大体進みましたね。

ACとMBAMでそれぞれIobitのエントリが大量に検出されてます。
それらは隔離したままあとで完全削除でいいです。
両アプリの片付け時に特に復元しなければそのまま一緒に削除されます。

MBAMでは既に削除したsoftonicやaskやconduitの他に悪名高いbrothersoftも含めて大漁ですね。
予想以上に入ってました。

スキャン時に前ドライブを対象にしたのは正解です。できるだけ正確な解析できるに越したことはないので。
ただそのせいで60時間もかかったのはお手間かけました。
今後もセキュリティソフトでPCをスキャンする際は全ドライブを対象にするのが確実ですが、毎回そんな時間かけるのは大変なので異常が見えたときに事前準備の上で行うのがよさそうです。

>もし現時点でFドライブ内の他ドライブのバックアップを
>削除してしまっても構わないようでしたら、その様にしてスキャン時間を少しでも短縮したいと思うのですが

はい、不要なデータはPC内から削除したほうが動作も軽くなるのでかまいません。

ちょっと蛇足ですが、悪質巧妙なマルウェアの中にはPC本体のHDDでなく、接続したUSBメモリやSDカード等の外部記録媒体に入り込んでそこに隠れるモノもあります。
これは各社がリリースしているセキュリティソフトの無償版製品ではみな外部記録媒体は保護監視対象外である仕様を突いて、そこに侵入を図る狙いと思われます。
予算の事情で無償版セキュリティソフトを使う人が多いのはわかるし何もセキュリティソフト入れないよりはるかに安全ですが、同じベンダー製品なら無償版より有償版セキュリティソフトのほうが性能で上回るのも確かなので、今後より安全な環境を構築したい場合はそれなりの予算をかけることも考えましょう。
ユーザーがPCに明るければ有償版に届かない部分を設定と操作で補うことも可能ですが、それでも無償版で有償版と同じレベルに持っていくことはできません。

では次の作業にかかる前にasc_rdflagを調べますか。

下記のサイトにアクセスしてください。
https://www.virustotal.com/gui/home/upload
「Virustotal」

ここは複数のセキュリティベンダーのエンジンで特定のファイルを解析可能なサービスです。

「choose file」でスキャン対象ファイルを選択したら「confirm upload」でスキャン開始されます。

しばらく待ってスキャン終了したら結果が出るので、その結果ページのURLをレスで教えてください
  • 悪代官
  • 2019/07/24 (Wed) 19:51:00
Re: C:ドライブのルートに asc_rdflag というファイルが出現
Virustotal での結果というのは、これでよろしいでしょうか?

https://www.virustotal.com/gui/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/detection

もし違っていましたらお知らせください。
それでは宜しくお願い致します。
  • green
  • 2019/07/24 (Wed) 20:33:08
今度はOTLで踏み込んで調べます
早速のレスありがとうございます。

VTの結果も見せてもらいましたが、素性ははっきりしませんでしたね。
ハッシュから調べても該当するものがないみたいで、ますます怪しそうです。

試しにそのファイルをゴミ箱に移せますか?
移せるならしばらくゴミ箱に入れておいてください。

ゴミ箱移動の可否は置いて、次の作業もお願いします。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。
ただし、Windows10をお使いの場合は本体ファイルをそのまま削除すればいいです。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで1万文字以内に分割して、複数回に分けてレス送信してください。
1万文字を越えた投稿はfc2の文字数制限で途切れてしまうためです。
http://www1.odn.ne.jp/megukuma/count.htm

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
  • 悪代官
  • 2019/07/24 (Wed) 21:01:54
Re: C:ドライブのルートに asc_rdflag というファイルが出現
まず asc_rdflag はゴミ箱に移動できました。

以下、OTLのログです。

OTL logfile created on: 2019/07/24 22:05:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\green\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17134.0)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

31.92 Gb Total Physical Memory | 27.55 Gb Available Physical Memory | 86.30% Memory free
85.92 Gb Paging File | 79.95 Gb Available in Paging File | 93.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.15 Gb Total Space | 317.50 Gb Free Space | 68.26% Space Free | Partition Type: NTFS
Drive D: | 1863.02 Gb Total Space | 639.63 Gb Free Space | 34.33% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 523.62 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Drive F: | 3725.90 Gb Total Space | 2900.46 Gb Free Space | 77.85% Space Free | Partition Type: NTFS

Computer Name: NANACHI | User Name: greenmax | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2019/07/24 21:27:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\green\Desktop\OTL.exe
PRC - [2019/07/04 17:54:37 | 000,662,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontdrvhost.exe
PRC - [2019/06/26 11:07:16 | 004,000,080 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2019/02/27 14:56:50 | 002,047,760 | ---- | M] (IObit) -- d:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2018/12/11 16:11:33 | 000,767,016 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
PRC - [2018/09/25 15:17:26 | 000,153,360 | ---- | M] (IObit) -- d:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
PRC - [2018/09/12 20:44:19 | 000,644,976 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
PRC - [2018/08/31 13:09:30 | 000,281,232 | ---- | M] (Paltiosoft Inc.) -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
PRC - [2018/05/22 22:48:28 | 000,994,256 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
PRC - [2018/05/22 22:48:26 | 046,858,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
PRC - [2018/05/22 22:48:26 | 001,563,088 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2018/05/02 17:42:28 | 000,442,128 | ---- | M] () -- d:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2018/05/02 17:42:28 | 000,210,704 | ---- | M] () -- d:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2018/05/02 17:42:28 | 000,059,664 | ---- | M] () -- d:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2019/07/04 13:25:01 | 003,401,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2019/07/04 13:24:31 | 000,153,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:[b]64bit:[/b] - [2019/07/04 13:21:43 | 001,220,608 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:[b]64bit:[/b] - [2019/06/26 13:00:14 | 006,744,288 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:[b]64bit:[/b] - [2019/06/13 16:46:09 | 000,713,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SharedRealitySvc.dll -- (SharedRealitySvc)
SRV:[b]64bit:[/b] - [2019/06/13 15:44:39 | 001,033,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:[b]64bit:[/b] - [2019/06/13 15:10:04 | 001,400,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TokenBroker.dll -- (TokenBroker)
SRV:[b]64bit:[/b] - [2019/06/11 11:37:42 | 000,363,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\rempl\sedsvc.exe -- (sedsvc)
SRV:[b]64bit:[/b] - [2019/06/07 19:40:47 | 001,364,992 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\bcastdvruserservice.dll -- (BcastDVRUserService)
SRV:[b]64bit:[/b] - [2019/06/07 14:18:57 | 000,686,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2019/05/17 14:33:56 | 003,091,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2019/05/17 14:33:39 | 001,487,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\InstallService.dll -- (InstallService)
SRV:[b]64bit:[/b] - [2019/05/17 14:31:35 | 001,027,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:[b]64bit:[/b] - [2019/05/17 14:31:23 | 001,383,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:[b]64bit:[/b] - [2019/05/03 15:00:17 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:[b]64bit:[/b] - [2019/05/03 14:56:29 | 000,773,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2019/04/19 13:36:47 | 000,827,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:[b]64bit:[/b] - [2019/04/19 13:35:53 | 001,458,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:[b]64bit:[/b] - [2019/04/19 13:35:22 | 000,784,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:[b]64bit:[/b] - [2019/03/14 17:30:16 | 004,413,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2019/03/14 16:50:42 | 000,847,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2019/03/14 16:50:38 | 000,947,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2019/02/16 17:13:51 | 000,107,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2019/02/16 16:27:02 | 001,364,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lpasvc.dll -- (wlpasvc)
SRV:[b]64bit:[/b] - [2019/02/06 11:25:27 | 000,507,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
  • green
  • 2019/07/24 (Wed) 22:33:40
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

SRV:[b]64bit:[/b] - [2019/01/16 02:46:42 | 000,807,808 | ---- | M] (ICEpower) [Auto | Running] -- C:\Windows\SysNative\ICEsoundService64.exe -- (ICEsoundService)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (PrintWorkflowUserSvc_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (DevicesFlowUserSvc_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (DevicePickerUserSvc_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (BluetoothUserService_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:39:42 | 000,085,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (BcastDVRUserService_bda33)
SRV:[b]64bit:[/b] - [2019/01/09 14:22:57 | 000,392,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WaaSMedicSvc.dll -- (WaaSMedicSvc)
SRV:[b]64bit:[/b] - [2019/01/09 14:22:42 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\CapabilityAccessManager.dll -- (camsvc)
SRV:[b]64bit:[/b] - [2019/01/01 15:42:29 | 002,247,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2018/12/11 16:11:33 | 000,767,016 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV:[b]64bit:[/b] - [2018/12/08 17:04:40 | 000,885,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:[b]64bit:[/b] - [2018/12/08 16:36:32 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dusmsvc.dll -- (DusmSvc)
SRV:[b]64bit:[/b] - [2018/12/08 16:36:23 | 000,153,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:[b]64bit:[/b] - [2018/11/09 11:20:34 | 000,092,160 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:[b]64bit:[/b] - [2018/11/09 11:20:24 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthAvctpSvc.dll -- (BthAvctpSvc)
SRV:[b]64bit:[/b] - [2018/11/09 11:18:30 | 000,514,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BTAGService.dll -- (BTAGService)
SRV:[b]64bit:[/b] - [2018/11/09 11:16:04 | 000,308,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:[b]64bit:[/b] - [2018/11/01 15:59:14 | 000,241,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:[b]64bit:[/b] - [2018/11/01 15:57:53 | 000,835,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:[b]64bit:[/b] - [2018/11/01 15:57:04 | 000,281,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2018/10/21 16:14:53 | 000,632,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:[b]64bit:[/b] - [2018/10/21 16:14:29 | 000,453,632 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:[b]64bit:[/b] - [2018/09/13 18:54:02 | 001,456,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WpcDesktopMonSvc.dll -- (WpcMonSvc)
SRV:[b]64bit:[/b] - [2018/09/13 18:54:02 | 000,976,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Spectrum.exe -- (spectrum)
SRV:[b]64bit:[/b] - [2018/09/13 18:54:02 | 000,858,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:[b]64bit:[/b] - [2018/09/13 18:54:02 | 000,681,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WFDSConMgrSvc.dll -- (WFDSConMgrSvc)
SRV:[b]64bit:[/b] - [2018/09/13 18:54:00 | 000,760,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SecurityHealthService.exe -- (SecurityHealthService)
SRV:[b]64bit:[/b] - [2018/09/13 18:53:58 | 000,673,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:[b]64bit:[/b] - [2018/09/13 18:53:58 | 000,667,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2018/09/13 18:53:58 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PushToInstall.dll -- (PushToInstall)
SRV:[b]64bit:[/b] - [2018/09/13 18:53:58 | 000,235,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2018/09/13 18:53:58 | 000,091,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 004,970,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 000,061,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:[b]64bit:[/b] - [2018/09/08 12:24:26 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2018/04/12 08:35:21 | 000,681,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:[b]64bit:[/b] - [2018/04/12 08:35:21 | 000,427,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:[b]64bit:[/b] - [2018/04/12 08:35:21 | 000,400,896 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Windows.Devices.Picker.dll -- (DevicePickerUserSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:43 | 000,824,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NaturalAuth.dll -- (NaturalAuthentication)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:43 | 000,590,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:43 | 000,121,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:41 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:40 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:39 | 000,219,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvc.dll -- (diagsvc)
  • green
  • 2019/07/24 (Wed) 22:37:01
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

SRV:[b]64bit:[/b] - [2018/04/12 08:34:38 | 000,671,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:37 | 000,303,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:37 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:34 | 001,273,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:33 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PrintWorkflowService.dll -- (PrintWorkflowUserSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:25 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:24 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:23 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:22 | 000,335,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:22 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:19 | 000,750,080 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\DevicesFlowBroker.dll -- (DevicesFlowUserSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:19 | 000,195,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,712,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 001,495,040 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,582,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,345,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,176,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\xboxgipsvc.dll -- (XboxGipSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:10 | 001,248,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SEMgrSvc.dll -- (SEMgrSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:10 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:10 | 000,048,640 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:10 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:08 | 001,308,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:08 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:08 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GraphicsPerfSvc.dll -- (GraphicsPerfSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:08 | 000,059,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\xbgmsvc.exe -- (xbgm)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:08 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.WARP.JITService.dll -- (WarpJITSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:07 | 001,115,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:06 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:04 | 001,148,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:04 | 000,411,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vac.dll -- (VacSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:04 | 000,199,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LanguageOverlayServer.dll -- (LxpSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:04 | 000,163,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SgrmBroker.exe -- (SgrmBroker)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:02 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Microsoft.Bluetooth.UserService.dll -- (BluetoothUserService)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipxlatcfg.dll -- (IpxlatCfgSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 002,197,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,309,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,309,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:47 | 003,441,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2018/04/11 06:05:00 | 000,324,608 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:[b]64bit:[/b] - [2018/03/11 03:20:00 | 000,495,616 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\OpenSSH\ssh-agent.exe -- (ssh-agent)
SRV:[b]64bit:[/b] - [2012/05/17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
  • green
  • 2019/07/24 (Wed) 22:38:24
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

SRV - [2019/07/17 16:27:52 | 001,695,008 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2019/07/17 04:15:11 | 000,057,504 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- d:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AvastWscReporter)
SRV - [2019/07/17 04:15:10 | 000,414,976 | ---- | M] (AVAST Software) [Auto | Running] -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2019/07/17 04:14:44 | 006,797,008 | ---- | M] (AVAST Software) [On_Demand | Running] -- d:\Program Files\AVAST Software\Avast\aswidsagent.exe -- (aswbIDSAgent)
SRV - [2019/07/13 08:11:51 | 001,098,224 | ---- | M] (Google LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe -- (GoogleChromeElevationService)
SRV - [2019/07/09 18:45:16 | 000,335,416 | ---- | M] (Adobe) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2019/07/04 13:18:19 | 000,965,632 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2019/06/13 13:44:26 | 001,003,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\TokenBroker.dll -- (TokenBroker)
SRV - [2019/05/17 15:19:08 | 001,110,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\InstallService.dll -- (InstallService)
SRV - [2019/04/19 13:38:40 | 000,593,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2018/12/08 16:45:30 | 000,567,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2018/09/25 15:17:26 | 000,153,360 | ---- | M] (IObit) [Auto | Stopped] -- d:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe -- (IObitUnSvr)
SRV - [2018/09/18 21:48:28 | 005,258,552 | ---- | M] (SoftEther VPN Project at University of Tsukuba, Japan.) [Auto | Running] -- d:\Program Files\SoftEther VPN Client\vpnclient_x64.exe -- (SEVPNCLIENT)
SRV - [2018/09/13 18:54:03 | 000,729,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\FlightSettings.dll -- (wisvc)
SRV - [2018/09/13 18:54:02 | 004,469,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2018/09/12 20:44:19 | 000,644,976 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -- (NvTelemetryContainer)
SRV - [2018/08/31 13:09:30 | 000,281,232 | ---- | M] (Paltiosoft Inc.) [Auto | Running] -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe -- (UCManSvc)
SRV - [2018/05/22 22:48:28 | 000,994,256 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe -- (GoogleIMEJaCacheService)
SRV - [2018/05/01 16:51:00 | 007,789,088 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2018/04/12 08:35:22 | 000,312,832 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Windows.Devices.Picker.dll -- (DevicePickerUserSvc)
SRV - [2018/04/12 08:34:57 | 000,138,240 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\PrintWorkflowService.dll -- (PrintWorkflowUserSvc)
SRV - [2018/04/12 08:34:45 | 000,072,192 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\tzautoupdate.dll -- (tzautoupdate)
SRV - [2018/04/12 08:34:45 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2018/04/12 08:33:47 | 003,441,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2017/12/15 15:26:32 | 000,181,928 | ---- | M] (Sony Video & Sound Products Inc.) [On_Demand | Stopped] -- D:\Program Files (x86)\Sony\Music Center\avlib\SsBeServiceMc.exe -- (MusicCenter Back-End Service)
SRV - [2017/12/15 14:42:20 | 000,167,824 | ---- | M] (Sony Video & Sound Products Inc.) [On_Demand | Stopped] -- D:\Program Files (x86)\Sony\Music Center\Sony.Earth\PACSPTISVR.exe -- (PACSPTISVR-Music_Center)
SRV - [2016/06/15 12:04:00 | 000,131,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeService2.exe -- (SonicStage Back-End Service2)
SRV - [2016/03/10 02:06:54 | 000,173,920 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2019/07/24 22:00:01 | 000,073,584 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:[b]64bit:[/b] - [2019/07/24 22:00:00 | 000,224,408 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
DRV:[b]64bit:[/b] - [2019/07/24 22:00:00 | 000,116,112 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebProtection)
DRV:[b]64bit:[/b] - [2019/07/24 21:59:57 | 000,275,232 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:[/b] - [2019/07/21 20:57:58 | 000,199,768 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MbamChameleon.sys -- (MBAMChameleon)
DRV:[b]64bit:[/b] - [2019/06/26 13:00:48 | 000,020,936 | ---- | M] (Malwarebytes) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MbamElam.sys -- (MbamElam)
DRV:[b]64bit:[/b] - [2019/06/21 02:28:46 | 000,168,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2019/06/17 22:38:05 | 000,225,600 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2019/06/07 14:58:50 | 000,076,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:[b]64bit:[/b] - [2019/06/07 14:57:00 | 000,383,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2019/05/30 17:58:42 | 000,385,880 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:44 | 000,477,584 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:44 | 000,112,312 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:44 | 000,087,944 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:44 | 000,042,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:43 | 000,279,120 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswHdsKe.sys -- (aswHdsKe)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:32 | 001,030,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:32 | 000,207,448 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswArPot.sys -- (aswArPot)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:32 | 000,037,104 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswArDisk.sys -- (aswArDisk)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:28 | 000,262,496 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswbidsdriver.sys -- (aswbidsdriver)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:28 | 000,205,848 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbidsh.sys -- (aswbidsh)
DRV:[b]64bit:[/b] - [2019/05/25 14:37:28 | 000,061,472 | ---- | M] (AVAST Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbuniv.sys -- (aswbuniv)
DRV:[b]64bit:[/b] - [2019/05/17 16:07:32 | 000,105,272 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2019/05/17 14:36:02 | 000,228,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winnat.sys -- (WinNat)
DRV:[b]64bit:[/b] - [2019/05/17 14:33:34 | 000,787,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:[b]64bit:[/b] - [2019/05/03 15:43:05 | 000,177,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2019/05/03 15:32:10 | 000,164,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2019/03/17 22:57:40 | 000,042,360 | ---- | M] (IObit) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\IMFCameraProtect.sys -- (IMFCameraProtect)
  • green
  • 2019/07/24 (Wed) 22:40:05
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

DRV:[b]64bit:[/b] - [2019/03/14 23:33:58 | 000,082,432 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:[b]64bit:[/b] - [2019/03/14 17:57:04 | 000,611,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2019/03/14 17:28:15 | 000,152,072 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:[b]64bit:[/b] - [2019/03/14 16:55:51 | 000,414,720 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\cldflt.sys -- (CldFlt)
DRV:[b]64bit:[/b] - [2019/03/06 18:04:46 | 000,945,464 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:[b]64bit:[/b] - [2019/03/06 18:03:04 | 001,921,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2019/01/16 02:47:32 | 020,424,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\nv_dispi.inf_amd64_01c064f3d89f92be\nvlddmkm.sys -- (nvlddmkm)
DRV:[b]64bit:[/b] - [2019/01/16 02:46:12 | 001,122,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:[b]64bit:[/b] - [2019/01/09 14:42:08 | 000,092,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bindflt.sys -- (bindflt)
DRV:[b]64bit:[/b] - [2019/01/08 18:38:32 | 000,015,488 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswElam.sys -- (aswElam)
DRV:[b]64bit:[/b] - [2019/01/08 16:32:04 | 000,153,328 | ---- | M] (Malwarebytes) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver)
DRV:[b]64bit:[/b] - [2018/12/08 17:04:38 | 000,058,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:[b]64bit:[/b] - [2018/12/08 16:38:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:[b]64bit:[/b] - [2018/12/08 16:36:56 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:[b]64bit:[/b] - [2018/12/05 20:38:30 | 000,227,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2018/12/05 20:37:51 | 000,109,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:[b]64bit:[/b] - [2018/11/09 11:49:37 | 000,565,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2018/11/09 11:21:11 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2018/10/21 16:19:52 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:[b]64bit:[/b] - [2018/09/26 18:50:15 | 000,028,648 | ---- | M] (ELECOM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElcMouLFlt.sys -- (ElcMouLFlt)
DRV:[b]64bit:[/b] - [2018/09/26 18:50:15 | 000,027,624 | ---- | M] (ELECOM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElcMouUFlt.sys -- (ElcMouUFlt)
DRV:[b]64bit:[/b] - [2018/09/18 21:49:58 | 000,037,824 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Neo6_x64_VPN.sys -- (Neo_VPN)
DRV:[b]64bit:[/b] - [2018/09/18 20:48:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2018/09/16 22:06:06 | 000,967,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorAC.sys -- (iaStorAC)
DRV:[b]64bit:[/b] - [2018/09/16 22:04:57 | 000,228,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:59 | 000,228,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:59 | 000,072,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 000,295,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 000,230,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 000,128,920 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 000,075,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 000,048,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 000,029,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2018/09/13 18:53:57 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:[b]64bit:[/b] - [2018/04/13 01:34:17 | 000,037,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2018/04/13 01:34:15 | 000,057,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys -- (SpatialGraphFilter)
DRV:[b]64bit:[/b] - [2018/04/13 01:34:13 | 000,030,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:43 | 000,119,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:40 | 000,091,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:40 | 000,060,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bam.sys -- (bam)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:32 | 000,128,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:32 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:32 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afunix.sys -- (afunix)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:32 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:28 | 000,254,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:25 | 000,088,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:22 | 000,175,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:22 | 000,034,208 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:20 | 000,217,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:20 | 000,209,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
  • green
  • 2019/07/24 (Wed) 22:45:49
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

DRV:[b]64bit:[/b] - [2018/04/12 08:34:19 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:15 | 000,021,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdmCompanionFilter.sys -- (WdmCompanionFilter)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,282,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,154,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,152,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,128,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,075,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,067,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,039,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshwnclx.sys -- (HwNClx0101)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,169,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,082,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:12 | 000,055,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:04 | 000,128,000 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:04 | 000,063,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SgrmAgent.sys -- (SgrmAgent)
DRV:[b]64bit:[/b] - [2018/04/12 08:34:04 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:58 | 000,331,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:58 | 000,044,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:58 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:58 | 000,030,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,140,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,127,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,055,808 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,039,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ramdisk.sys -- (Ramdisk)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:54 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipt.sys -- (IPT)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,434,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,287,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,097,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,050,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,050,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:52 | 000,018,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:51 | 000,144,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:51 | 000,098,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:51 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:51 | 000,028,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:51 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 001,836,952 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,885,144 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAVC.sys -- (iaStorAVC)
  • green
  • 2019/07/24 (Wed) 22:47:31
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,842,648 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,526,232 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,505,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbhost.sys -- (mausbhost)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,321,432 | ---- | M] (Chelsio Communications) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,305,560 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,197,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,156,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,108,952 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,105,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmem.sys -- (pmem)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvdimm.sys -- (nvdimm)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,079,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,064,920 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,061,848 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,058,776 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,056,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbip.sys -- (mausbip)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,038,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bttflt.sys -- (bttflt)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,033,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hvcrash.sys -- (hvcrash)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,033,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SDFRd.sys -- (SDFRd)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,032,152 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,031,128 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,018,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys -- (swenum)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,016,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 003,419,032 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 001,135,520 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,533,912 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,259,480 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,145,816 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ItSas35i.sys -- (ItSas35i)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,128,408 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,124,312 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,123,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,107,416 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rhproxy.sys -- (rhproxy)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,083,360 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,082,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,082,328 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\megasas35i.sys -- (megasas35i)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,075,160 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,064,408 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,063,904 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,027,032 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
  • green
  • 2019/07/24 (Wed) 22:49:55
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnpmem.sys -- (PNPMEM)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:48 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys -- (iaLPSS2i_I2C_BXT_P)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,171,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,118,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,091,648 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,088,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys -- (iaLPSS2i_GPIO2_BXT_P)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,079,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,060,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAD.sys -- (CAD)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys -- (CompositeBus)
DRV:[b]64bit:[/b] - [2018/04/12 08:33:45 | 000,036,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:[b]64bit:[/b] - [2018/03/24 10:19:20 | 000,058,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvvhci.sys -- (nvvhci)
DRV:[b]64bit:[/b] - [2012/12/19 08:42:10 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t_mouse.sys -- (t_mouse.sys)
DRV:[b]64bit:[/b] - [2012/08/09 16:30:12 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2010/02/05 19:44:16 | 000,746,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DC1150.X64.SYS -- (DC1150.X64)
DRV - [2019/01/16 02:47:32 | 020,424,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_01c064f3d89f92be\nvlddmkm.sys -- (nvlddmkm)
DRV - [2018/10/16 13:37:42 | 000,043,392 | -H-- | M] (IObit) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\IURegistryFilter.sys -- (IURegistryFilter)
DRV - [2018/10/16 13:37:42 | 000,037,184 | -H-- | M] (IObit) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\IUProcessFilter.sys -- (IUProcessFilter)
DRV - [2018/09/18 20:43:23 | 000,027,552 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2018/04/12 08:34:58 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\afunix.sys -- (afunix)
DRV - [2018/04/12 08:33:49 | 000,018,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys -- (swenum)
DRV - [2018/04/12 08:33:45 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys -- (CompositeBus)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-21-1820434542-3641797410-228512082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-1820434542-3641797410-228512082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 5C 48 D7 5F 3C E7 D4 01 [binary data]
IE - HKU\S-1-5-21-1820434542-3641797410-228512082-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-1820434542-3641797410-228512082-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1820434542-3641797410-228512082-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: d:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll (Google LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll (Google LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.6: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)



[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\
CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\
CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\
CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\
CHR - Extension: No name found = C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7519.422.0.3_0\

  • green
  • 2019/07/24 (Wed) 22:52:12
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

O1 HOSTS File: ([2019/07/05 06:16:34 | 000,454,754 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15616 more lines...
O2:[b]64bit:[/b] - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - d:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:[b]64bit:[/b] - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:[b]64bit:[/b] - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - D:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - D:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:[b]64bit:[/b] - HKLM..\Run: [AvastUI.exe] d:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [Classic Start Menu] D:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SecurityHealth] C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SoftEther VPN Client UI Helper] d:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
O4 - HKLM..\Run: [Google Japanese Input Prelauncher] C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFullTrustStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUwpStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportFullTrustStartupTasks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportUwpStartupTasks = 1
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4a9b40d7-a167-4512-a81f-daef0ade2cc5}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C6658531-8DB9-3115-B6D1-F89B57830CFC} - .NET Framework
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
  • green
  • 2019/07/24 (Wed) 22:54:32
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B82EE9BD-ADE2-3058-8091-78419781EC8E} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2019/07/24 22:00:01 | 000,073,584 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2019/07/24 22:00:00 | 000,224,408 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\farflt.sys
[2019/07/24 22:00:00 | 000,116,112 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2019/07/24 21:59:57 | 000,275,232 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamswissarmy.sys
[2019/07/24 21:27:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\green\Desktop\OTL.exe
[2019/07/24 18:16:50 | 007,623,880 | ---- | C] (Malwarebytes) -- D:\Users\green\Desktop\adwcleaner_7.4.exe
[2019/07/21 20:57:58 | 000,199,768 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MbamChameleon.sys
[2019/07/21 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\green\AppData\Local\mbam
[2019/07/21 20:23:15 | 000,000,000 | ---D | C] -- C:\Users\green\AppData\Local\mbamtray
[2019/07/21 20:23:09 | 000,020,936 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MbamElam.sys
[2019/07/21 20:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2019/07/21 20:23:06 | 000,153,328 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbae64.sys
[2019/07/21 20:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2019/07/21 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2019/07/21 20:21:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2019/07/21 20:18:06 | 064,666,816 | ---- | C] (Malwarebytes ) -- D:\Users\green\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11640.exe
[2019/07/21 01:00:11 | 000,000,000 | ---D | C] -- D:\Users\green\Desktop\CC用
[2019/07/21 00:15:36 | 000,000,000 | ---D | C] -- C:\Users\green\AppData\Roaming\IObit
[2019/07/21 00:04:17 | 000,000,000 | ---D | C] -- C:\Users\green\AppData\Roaming\Geek Uninstaller
[2019/07/20 23:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2019/07/20 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\green\AppData\Roaming\Media Player Classic
[2019/07/20 23:40:40 | 025,857,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2019/07/20 23:40:40 | 007,519,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2019/07/20 23:40:40 | 006,570,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2019/07/20 23:40:38 | 022,017,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2019/07/20 23:40:37 | 009,084,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2019/07/20 23:40:36 | 007,589,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2019/07/20 23:40:36 | 007,436,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll
[2019/07/20 23:40:35 | 006,044,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll
[2019/07/20 23:40:35 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2019/07/20 23:40:35 | 004,861,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2019/07/20 23:40:35 | 004,385,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EdgeContent.dll
[2019/07/20 23:40:35 | 003,614,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2019/07/20 23:40:35 | 003,292,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2019/07/20 23:40:35 | 001,616,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2019/07/20 23:40:34 | 003,401,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2019/07/20 23:40:34 | 003,202,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2019/07/20 23:40:34 | 002,882,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2019/07/20 23:40:34 | 002,479,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2019/07/20 23:40:34 | 001,219,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvix64.exe
[2019/07/20 23:40:34 | 001,035,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ApplyTrustOffline.exe
[2019/07/20 23:40:33 | 008,627,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2019/07/20 23:40:33 | 007,990,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2019/07/20 23:40:33 | 002,571,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2019/07/20 23:40:33 | 002,176,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2019/07/20 23:40:33 | 002,166,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2019/07/20 23:40:33 | 001,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2019/07/20 23:40:33 | 001,453,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2019/07/20 23:40:33 | 001,175,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2019/07/20 23:40:33 | 001,027,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvax64.exe
[2019/07/20 23:40:32 | 001,663,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2019/07/20 23:40:32 | 001,609,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2019/07/20 23:40:32 | 001,566,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxPackaging.dll
[2019/07/20 23:40:32 | 001,561,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2019/07/20 23:40:32 | 001,549,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2019/07/20 23:40:32 | 001,471,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2019/07/20 23:40:32 | 001,459,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2019/07/20 23:40:32 | 001,427,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxPackaging.dll
[2019/07/20 23:40:32 | 001,328,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpx.dll
[2019/07/20 23:40:32 | 001,260,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2019/07/20 23:40:32 | 001,141,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2019/07/20 23:40:32 | 000,986,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2019/07/20 23:40:32 | 000,983,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2019/07/20 23:40:32 | 000,953,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2019/07/20 23:40:32 | 000,832,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
  • green
  • 2019/07/24 (Wed) 22:58:19
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

[2019/07/20 23:40:32 | 000,790,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2019/07/20 23:40:32 | 000,776,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wer.dll
[2019/07/20 23:40:32 | 000,767,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2019/07/20 23:40:32 | 000,734,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2019/07/20 23:40:32 | 000,723,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2019/07/20 23:40:32 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedRealitySvc.dll
[2019/07/20 23:40:32 | 000,665,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wer.dll
[2019/07/20 23:40:32 | 000,568,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tcblaunch.exe
[2019/07/20 23:40:32 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\daxexec.dll
[2019/07/20 23:40:32 | 000,559,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2019/07/20 23:40:32 | 000,544,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2019/07/20 23:40:32 | 000,493,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcryptprimitives.dll
[2019/07/20 23:40:32 | 000,392,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2019/07/20 23:40:32 | 000,362,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll
[2019/07/20 23:40:32 | 000,356,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bcryptprimitives.dll
[2019/07/20 23:40:31 | 001,220,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Unistore.dll
[2019/07/20 23:40:31 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcore.dll
[2019/07/20 23:40:31 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpcore.dll
[2019/07/20 23:40:31 | 000,965,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Unistore.dll
[2019/07/20 23:40:31 | 000,713,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVideoDSP.dll
[2019/07/20 23:40:31 | 000,662,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2019/07/20 23:40:31 | 000,604,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\securekernel.exe
[2019/07/20 23:40:31 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcdedit.exe
[2019/07/20 23:40:31 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpclip.exe
[2019/07/20 23:40:31 | 000,416,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanapi.dll
[2019/07/20 23:40:31 | 000,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptprov.dll
[2019/07/20 23:40:31 | 000,328,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanapi.dll
[2019/07/20 23:40:31 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2019/07/20 23:40:31 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wc_storage.dll
[2019/07/20 23:40:31 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TDLMigration.dll
[2019/07/20 23:40:31 | 000,287,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
[2019/07/20 23:40:31 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptprov.dll
[2019/07/20 23:40:31 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2019/07/20 23:40:31 | 000,209,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wermgr.exe
[2019/07/20 23:40:31 | 000,194,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\skci.dll
[2019/07/20 23:40:31 | 000,191,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wermgr.exe
[2019/07/20 23:40:31 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dssvc.dll
[2019/07/20 23:40:31 | 000,137,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcrypt.dll
[2019/07/20 23:40:31 | 000,134,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvloader.dll
[2019/07/20 23:40:31 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\splwow64.exe
[2019/07/20 23:40:31 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxSysprep.dll
[2019/07/20 23:40:31 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2019/07/20 23:40:31 | 000,115,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdnet.dll
[2019/07/20 23:40:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2019/07/20 23:40:31 | 000,094,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll
[2019/07/20 23:40:31 | 000,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpfve.sys
[2019/07/20 23:40:31 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\offreg.dll
[2019/07/20 23:40:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\offreg.dll
[2019/07/20 23:40:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TpmTasks.dll
[2019/07/20 23:40:30 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\HeadTrackerStorage.dll
[2019/07/20 23:40:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\werdiagcontroller.dll
[2019/07/20 23:39:07 | 000,000,000 | ---D | C] -- D:\Users\green\Desktop\geek
[2019/07/20 03:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2019/07/20 03:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2019/07/20 03:03:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- D:\Users\green\Desktop\HijackThis.exe
[2019/07/19 05:08:31 | 000,000,000 | -H-D | C] -- C:\$SysReset
[2019/07/19 04:53:23 | 000,000,000 | ---D | C] -- D:\Users\green\Desktop\SteamLibrary
[2019/07/19 03:36:13 | 001,917,528 | ---- | C] (Mister Group ) -- D:\Users\green\Desktop\SystemExplorerSetup_700.exe
[2019/07/19 03:26:25 | 000,300,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- D:\Users\green\Desktop\tcpview.exe
[2019/07/03 15:03:00 | 005,625,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StartTileData.dll
[2019/07/03 15:03:00 | 001,721,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2019/07/03 15:02:59 | 004,847,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2019/07/03 15:02:59 | 004,718,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.pcshell.dll
[2019/07/03 15:02:58 | 006,586,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2019/07/03 15:02:58 | 004,771,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputService.dll
[2019/07/03 15:02:58 | 004,038,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2019/07/03 15:02:58 | 000,740,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2019/07/03 15:02:58 | 000,513,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2019/07/03 15:02:57 | 005,657,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2019/07/03 15:02:57 | 003,700,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2019/07/03 15:02:57 | 003,318,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2019/07/03 15:02:57 | 002,871,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2019/07/03 15:02:57 | 002,370,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebRuntimeManager.dll
[2019/07/03 15:02:57 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sppcext.dll
[2019/07/03 15:02:57 | 000,810,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2019/07/03 15:02:57 | 000,415,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aepic.dll
[2019/07/03 15:02:56 | 002,899,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2019/07/03 15:02:56 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll
[2019/07/03 15:02:56 | 001,215,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationController.dll
[2019/07/03 15:02:56 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppcext.dll
[2019/07/03 15:02:56 | 000,900,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\slui.exe
[2019/07/03 15:02:56 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppcommdlg.dll
[2019/07/03 15:02:56 | 000,637,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2019/07/03 15:02:56 | 000,511,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dcntel.dll
[2019/07/03 15:02:56 | 000,464,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2019/07/03 15:02:56 | 000,164,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe
[2019/07/03 15:02:56 | 000,071,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32appinventorycsp.dll
  • green
  • 2019/07/24 (Wed) 22:59:20
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

[2019/07/03 15:02:55 | 003,554,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputService.dll
[2019/07/03 15:02:55 | 002,546,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UpdateAgent.dll
[2019/07/03 15:02:55 | 001,626,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2019/07/03 15:02:55 | 001,376,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2019/07/03 15:02:55 | 001,048,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll
[2019/07/03 15:02:55 | 001,033,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ClipSVC.dll
[2019/07/03 15:02:55 | 000,922,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll
[2019/07/03 15:02:55 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusUpdateHandlers.dll
[2019/07/03 15:02:55 | 000,894,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\webplatstorageserver.dll
[2019/07/03 15:02:55 | 000,808,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EdgeManager.dll
[2019/07/03 15:02:55 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PsmServiceExtHost.dll
[2019/07/03 15:02:55 | 000,607,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TextInputFramework.dll
[2019/07/03 15:02:55 | 000,566,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\phoneactivate.exe
[2019/07/03 15:02:55 | 000,324,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2019/07/03 15:02:54 | 002,406,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AcGenral.dll
[2019/07/03 15:02:54 | 001,339,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TaskFlowDataEngine.dll
[2019/07/03 15:02:54 | 001,130,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll
[2019/07/03 15:02:54 | 001,127,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nettrace.dll
[2019/07/03 15:02:54 | 001,098,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvproc.dll
[2019/07/03 15:02:54 | 001,076,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efscore.dll
[2019/07/03 15:02:54 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll
[2019/07/03 15:02:54 | 000,871,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.BackgroundMediaPlayback.dll
[2019/07/03 15:02:54 | 000,849,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Playback.MediaPlayer.dll
[2019/07/03 15:02:54 | 000,785,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pkeyhelper.dll
[2019/07/03 15:02:54 | 000,765,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdh.dll
[2019/07/03 15:02:54 | 000,681,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2019/07/03 15:02:54 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdh.dll
[2019/07/03 15:02:54 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EdgeManager.dll
[2019/07/03 15:02:54 | 000,545,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hal.dll
[2019/07/03 15:02:54 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\QuietHours.dll
[2019/07/03 15:02:54 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmenrollengine.dll
[2019/07/03 15:02:54 | 000,510,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\policymanager.dll
[2019/07/03 15:02:54 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgeIso.dll
[2019/07/03 15:02:54 | 000,443,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\policymanager.dll
[2019/07/03 15:02:54 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe
[2019/07/03 15:02:54 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AcGenral.dll
[2019/07/03 15:02:54 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotificationUx.exe
[2019/07/03 15:02:54 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CXHProvisioningServer.dll
[2019/07/03 15:02:54 | 000,251,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppwinob.dll
[2019/07/03 15:02:54 | 000,093,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wldp.dll
[2019/07/03 15:02:54 | 000,080,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wldp.dll
[2019/07/03 15:02:53 | 001,063,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SecConfig.efi
[2019/07/03 15:02:53 | 000,869,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Playback.BackgroundMediaPlayer.dll
[2019/07/03 15:02:53 | 000,766,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicensingWinRT.dll
[2019/07/03 15:02:53 | 000,761,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll
[2019/07/03 15:02:53 | 000,755,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Core.TextInput.dll
[2019/07/03 15:02:53 | 000,660,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicensingWinRT.dll
[2019/07/03 15:02:53 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.BackgroundMediaPlayback.dll
[2019/07/03 15:02:53 | 000,646,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.BackgroundMediaPlayer.dll
[2019/07/03 15:02:53 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Playback.MediaPlayer.dll
[2019/07/03 15:02:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll
[2019/07/03 15:02:53 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSVideoDSP.dll
[2019/07/03 15:02:53 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\webplatstorageserver.dll
[2019/07/03 15:02:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nltest.exe
[2019/07/03 15:02:53 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll
[2019/07/03 15:02:53 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmenrollengine.dll
[2019/07/03 15:02:53 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputSwitch.dll
[2019/07/03 15:02:53 | 000,361,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceEnroller.exe
[2019/07/03 15:02:53 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgeIso.dll
[2019/07/03 15:02:53 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vdsbas.dll
[2019/07/03 15:02:53 | 000,236,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditionUpgradeManagerObj.dll
[2019/07/03 15:02:53 | 000,221,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EditionUpgradeManagerObj.dll
[2019/07/03 15:02:53 | 000,146,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicensingUI.exe
[2019/07/03 15:02:53 | 000,130,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rmclient.dll
[2019/07/03 15:02:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ngcpopkeysrv.dll
[2019/07/03 15:02:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationControllerPS.dll
[2019/07/03 15:02:53 | 000,101,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rmclient.dll
[2019/07/03 15:02:53 | 000,101,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\changepk.exe
[2019/07/03 15:02:53 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KdsCli.dll
[2019/07/03 15:02:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBrokerUI.dll
[2019/07/03 15:02:53 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBrokerUI.dll
[2019/07/03 15:02:53 | 000,036,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceCensus.exe
  • green
  • 2019/07/24 (Wed) 23:00:55
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

[2019/07/03 15:02:52 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
[2019/07/03 15:02:52 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Notifications.dll
[2019/07/03 15:02:52 | 000,450,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll
[2019/07/03 15:02:52 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanmsm.dll
[2019/07/03 15:02:52 | 000,371,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputSwitch.dll
[2019/07/03 15:02:52 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msIso.dll
[2019/07/03 15:02:52 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DesktopSwitcherDataModel.dll
[2019/07/03 15:02:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enrollmentapi.dll
[2019/07/03 15:02:52 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditionUpgradeHelper.dll
[2019/07/03 15:02:52 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmvdsitf.dll
[2019/07/03 15:02:52 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\enrollmentapi.dll
[2019/07/03 15:02:52 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmvdsitf.dll
[2019/07/03 15:02:52 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmmigrator.dll
[2019/07/03 15:02:52 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputLocaleManager.dll
[2019/07/03 15:02:52 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RjvMDMConfig.dll
[2019/07/03 15:02:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2019/07/03 15:02:52 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe
[2019/07/03 15:02:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UpgradeResultsUI.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2019/07/24 22:06:39 | 001,447,762 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2019/07/24 22:06:39 | 000,699,762 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2019/07/24 22:06:39 | 000,480,294 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2019/07/24 22:06:39 | 000,132,702 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2019/07/24 22:06:39 | 000,132,262 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2019/07/24 22:01:52 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2019/07/24 22:00:08 | 003,829,440 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2019/07/24 22:00:01 | 000,073,584 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2019/07/24 22:00:00 | 000,224,408 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\farflt.sys
[2019/07/24 22:00:00 | 000,116,112 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2019/07/24 21:59:57 | 000,275,232 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamswissarmy.sys
[2019/07/24 21:59:56 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2019/07/24 21:59:53 | 000,000,917 | ---- | M] () -- C:\WINDOWS\tasks\EPSON GT-X980 Update.job
[2019/07/24 21:59:50 | 824,741,885 | -HS- | M] () -- C:\hiberfil.sys
[2019/07/24 21:27:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\green\Desktop\OTL.exe
[2019/07/24 18:16:50 | 007,623,880 | ---- | M] (Malwarebytes) -- D:\Users\green\Desktop\adwcleaner_7.4.exe
[2019/07/24 17:57:41 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2019/07/21 20:57:58 | 000,199,768 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MbamChameleon.sys
[2019/07/21 20:38:55 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_greenmax.job
[2019/07/21 20:23:07 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2019/07/21 20:20:34 | 064,666,816 | ---- | M] (Malwarebytes ) -- D:\Users\green\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11640.exe
[2019/07/21 06:42:36 | 000,000,890 | ---- | M] () -- D:\Users\green\Desktop\CCleaner.lnk
[2019/07/20 03:03:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- D:\Users\green\Desktop\HijackThis.exe
[2019/07/19 14:59:14 | 002,653,400 | ---- | M] () -- D:\Users\green\Desktop\geek.zip
[2019/07/19 03:36:20 | 001,917,528 | ---- | M] (Mister Group ) -- D:\Users\green\Desktop\SystemExplorerSetup_700.exe
[2019/07/19 03:26:32 | 000,300,832 | ---- | M] (Sysinternals - www.sysinternals.com) -- D:\Users\green\Desktop\tcpview.exe
[2019/07/05 11:41:09 | 000,000,123 | ---- | M] () -- D:\Users\green\Desktop\月_指先から本気の熱情-幼なじみは消防士- [最新話無料] - ニコニコチャンネル-アニメ.url
[2019/07/05 06:16:34 | 000,454,754 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2019/07/04 18:43:27 | 000,094,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll
[2019/07/04 18:40:51 | 000,790,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe
[2019/07/04 18:40:33 | 001,631,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2019/07/04 18:40:32 | 001,616,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2019/07/04 18:22:58 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\splwow64.exe
[2019/07/04 18:22:43 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxSysprep.dll
[2019/07/04 18:21:11 | 008,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2019/07/04 18:20:08 | 001,609,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2019/07/04 18:19:44 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpclip.exe
[2019/07/04 18:18:59 | 003,614,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2019/07/04 18:18:11 | 001,663,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GdiPlus.dll
[2019/07/04 17:56:04 | 001,453,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2019/07/04 17:54:37 | 000,662,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe
[2019/07/04 17:41:01 | 007,990,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2019/07/04 17:37:57 | 002,882,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2019/07/04 17:36:56 | 001,471,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GdiPlus.dll
[2019/07/04 14:00:29 | 001,035,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ApplyTrustOffline.exe
[2019/07/04 13:58:29 | 001,328,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpx.dll
[2019/07/04 13:58:09 | 001,219,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvix64.exe
[2019/07/04 13:58:06 | 000,416,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlanapi.dll
[2019/07/04 13:57:57 | 001,027,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvax64.exe
[2019/07/04 13:57:57 | 000,568,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tcblaunch.exe
[2019/07/04 13:57:57 | 000,194,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\skci.dll
[2019/07/04 13:57:57 | 000,134,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvloader.dll
[2019/07/04 13:57:18 | 000,362,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll
[2019/07/04 13:57:16 | 000,986,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2019/07/04 13:57:15 | 000,776,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wer.dll
[2019/07/04 13:57:14 | 000,723,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll
[2019/07/04 13:57:13 | 000,209,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wermgr.exe
[2019/07/04 13:57:05 | 003,292,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2019/07/04 13:57:03 | 000,137,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcrypt.dll
[2019/07/04 13:57:00 | 000,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpfve.sys
  • green
  • 2019/07/24 (Wed) 23:02:09
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

[2019/07/04 13:56:32 | 007,436,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll
[2019/07/04 13:56:32 | 000,493,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcryptprimitives.dll
[2019/07/04 13:56:27 | 009,084,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2019/07/04 13:56:26 | 007,519,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2019/07/04 13:56:26 | 002,571,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2019/07/04 13:56:21 | 001,141,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2019/07/04 13:56:21 | 000,983,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2019/07/04 13:56:20 | 001,566,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxPackaging.dll
[2019/07/04 13:56:20 | 000,734,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2019/07/04 13:56:13 | 000,713,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MSVideoDSP.dll
[2019/07/04 13:56:10 | 001,459,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2019/07/04 13:56:10 | 001,260,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2019/07/04 13:56:10 | 000,767,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll
[2019/07/04 13:56:05 | 000,604,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\securekernel.exe
[2019/07/04 13:56:03 | 000,115,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kdnet.dll
[2019/07/04 13:43:21 | 000,191,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wermgr.exe
[2019/07/04 13:43:17 | 000,287,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
[2019/07/04 13:43:03 | 000,832,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2019/07/04 13:43:02 | 000,328,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlanapi.dll
[2019/07/04 13:43:01 | 000,665,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wer.dll
[2019/07/04 13:42:46 | 002,479,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2019/07/04 13:42:13 | 006,044,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll
[2019/07/04 13:42:13 | 000,356,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bcryptprimitives.dll
[2019/07/04 13:42:07 | 001,427,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxPackaging.dll
[2019/07/04 13:42:03 | 006,570,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2019/07/04 13:41:58 | 000,559,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2019/07/04 13:37:42 | 025,857,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2019/07/04 13:33:43 | 022,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2019/07/04 13:26:50 | 000,310,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wc_storage.dll
[2019/07/04 13:26:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TpmTasks.dll
[2019/07/04 13:26:18 | 004,385,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EdgeContent.dll
[2019/07/04 13:25:57 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TDLMigration.dll
[2019/07/04 13:25:34 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\offreg.dll
[2019/07/04 13:25:22 | 007,589,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2019/07/04 13:25:07 | 004,861,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2019/07/04 13:25:01 | 003,401,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2019/07/04 13:24:31 | 000,153,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dssvc.dll
[2019/07/04 13:24:16 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcdedit.exe
[2019/07/04 13:24:11 | 000,567,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\daxexec.dll
[2019/07/04 13:23:05 | 001,217,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcore.dll
[2019/07/04 13:22:48 | 001,549,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2019/07/04 13:22:47 | 002,176,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2019/07/04 13:22:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\werdiagcontroller.dll
[2019/07/04 13:22:18 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2019/07/04 13:22:01 | 001,561,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2019/07/04 13:22:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\profext.dll
[2019/07/04 13:21:45 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\profext.dll
[2019/07/04 13:21:43 | 001,220,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Unistore.dll
[2019/07/04 13:21:39 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2019/07/04 13:21:39 | 003,202,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2019/07/04 13:21:33 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppxAllUserStore.dll
[2019/07/04 13:21:09 | 002,166,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2019/07/04 13:21:02 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\offreg.dll
[2019/07/04 13:20:53 | 000,392,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2019/07/04 13:20:38 | 000,330,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptprov.dll
[2019/07/04 13:20:14 | 000,544,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2019/07/04 13:19:21 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
[2019/07/04 13:18:53 | 000,953,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2019/07/04 13:18:44 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpcore.dll
[2019/07/04 13:18:19 | 000,965,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Unistore.dll
[2019/07/04 13:18:14 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptprov.dll
[2019/07/04 12:01:57 | 000,001,312 | ---- | M] () -- C:\WINDOWS\SysNative\tcbres.wim
[2019/06/27 21:00:04 | 000,039,779 | ---- | M] () -- D:\Users\green\Desktop\140993776232675203226.jpg
[2019/06/27 14:36:53 | 000,199,219 | ---- | M] () -- D:\Users\green\Desktop\img_3.jpg
[2019/06/27 14:34:42 | 000,255,382 | ---- | M] () -- D:\Users\green\Desktop\img_0.jpg
[2019/06/26 13:00:48 | 000,020,936 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MbamElam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2019/07/24 17:57:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2019/07/21 20:23:07 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2019/07/21 06:42:36 | 000,000,890 | ---- | C] () -- D:\Users\green\Desktop\CCleaner.lnk
[2019/07/21 00:44:49 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_greenmax.job
[2019/07/20 23:40:30 | 000,001,312 | ---- | C] () -- C:\WINDOWS\SysNative\tcbres.wim
[2019/07/19 14:59:08 | 002,653,400 | ---- | C] () -- D:\Users\green\Desktop\geek.zip
[2019/07/06 05:13:21 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera ブラウザ.lnk
[2019/07/05 11:41:09 | 000,000,123 | ---- | C] () -- D:\Users\green\Desktop\月_指先から本気の熱情-幼なじみは消防士- [最新話無料] - ニコニコチャンネル-アニメ.url
[2019/06/27 21:00:04 | 000,039,779 | ---- | C] () -- D:\Users\green\Desktop\140993776232675203226.jpg
[2019/06/27 14:36:53 | 000,199,219 | ---- | C] () -- D:\Users\green\Desktop\img_3.jpg
[2019/06/27 14:34:42 | 000,255,382 | ---- | C] () -- D:\Users\green\Desktop\img_0.jpg
[2019/06/18 05:49:58 | 000,003,584 | ---- | C] () -- C:\Users\green\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2019/01/16 02:47:31 | 000,845,216 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1-999-0-0-0.dll
[2019/01/16 02:47:31 | 000,845,216 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1.dll
[2019/01/16 02:47:31 | 000,243,616 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo-1-999-0-0-0.exe
[2019/01/16 02:47:31 | 000,243,616 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo.exe
[2018/09/24 18:40:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\esint00.dll
[2018/09/21 21:53:34 | 000,000,209 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2018/09/17 22:21:30 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2018/09/17 22:20:32 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
  • green
  • 2019/07/24 (Wed) 23:03:24
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

[2018/09/17 22:16:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2018/09/17 22:16:07 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2018/09/13 18:54:03 | 002,841,312 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Mirage.dll
[2018/09/13 18:54:03 | 000,018,716 | ---- | C] () -- C:\WINDOWS\SysWow64\srms-apr.dat
[2018/04/12 08:34:55 | 000,518,144 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2018/04/12 08:34:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2018/04/12 08:34:49 | 000,002,404 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2018/04/12 08:34:47 | 000,364,200 | ---- | C] () -- C:\WINDOWS\SysWow64\InputHost.dll
[2018/04/12 08:34:46 | 003,575,808 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.Analysis.dll
[2018/04/12 08:34:46 | 000,025,600 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.WARP.JITService.exe
[2018/04/12 08:34:45 | 000,329,216 | ---- | C] () -- C:\WINDOWS\SysWow64\ssdm.dll
[2018/04/12 08:34:45 | 000,223,232 | ---- | C] () -- C:\WINDOWS\SysWow64\HeatCore.dll
[2018/04/12 08:34:45 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2018/04/12 08:34:45 | 000,111,616 | ---- | C] () -- C:\WINDOWS\SysWow64\WindowsDefaultHeatProcessor.dll
[2018/04/12 08:34:45 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\xboxgipsynthetic.dll
[2018/04/12 08:34:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2018/04/12 08:34:30 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2018/09/20 23:13:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2019/07/04 13:56:32 | 007,436,536 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2019/07/04 13:42:13 | 006,044,008 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2018/04/12 08:34:40 | 000,973,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2018/04/12 08:34:55 | 000,785,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2018/04/12 08:34:40 | 000,524,288 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2019/07/21 20:23:03 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2018/09/17 22:20:50 | 000,000,000 | -H-D | M] -- C:\Recovery
[2018/09/24 19:52:42 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2019/07/19 04:11:59 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsApps
[2018/09/24 19:26:42 | 000,000,000 | -H-D | M] -- C:\ProgramData\EPSON\PRINTER
[2018/09/24 19:56:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\EPSON\EPSON PX-105 Series\Language
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2018/09/20 21:14:27 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\DMProfiles
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2018/09/17 22:23:28 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2018/09/24 19:26:42 | 000,000,000 | -H-D | M] -- C:\Users\All Users\EPSON\PRINTER
[2018/09/24 19:56:06 | 000,000,000 | -H-D | M] -- C:\Users\All Users\EPSON\EPSON PX-105 Series\Language
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2018/09/20 21:14:27 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\DMProfiles
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2018/09/17 22:23:13 | 000,000,000 | -H-D | M] -- C:\Users\green\AppData
[2018/09/17 22:09:07 | 000,000,000 | -H-D | M] -- C:\Users\green\MicrosoftEdgeBackups
[2019/07/19 04:33:19 | 000,000,000 | RH-D | M] -- C:\Users\green\AppData\Local\Microsoft\Windows\Burn\Burn
[2018/09/18 20:48:49 | 000,000,000 | RH-D | M] -- C:\Users\green\AppData\Local\Microsoft\Windows\Burn\Burn1
[2019/03/31 06:06:04 | 000,000,000 | -H-D | M] -- C:\Users\green\AppData\Local\Microsoft\Windows\INetCache\Virtualized
[2018/09/17 22:24:16 | 000,000,000 | -H-D | M] -- C:\Users\green\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
[2018/09/17 22:24:16 | 000,000,000 | -H-D | M] -- C:\Users\green\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
[2018/09/17 22:24:16 | 000,000,000 | -H-D | M] -- C:\Users\green\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
[2018/09/21 21:41:52 | 000,000,000 | -H-D | M] -- C:\Users\green\AppData\Local\VirtualStore\ProgramData
[2019/07/21 06:41:19 | 000,000,000 | -H-D | M] -- C:\Users\green\AppData\Roaming\Fenrir Inc\Sleipnir\~temp
[2018/09/20 19:11:32 | 000,000,000 | -H-D | M] -- C:\Users\green\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2019/07/24 22:00:21 | 000,000,000 | RH-D | M] -- C:\Users\Public\AccountPictures
[2019/07/21 20:23:07 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2018/09/17 22:23:14 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2018/09/17 22:23:13 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\Default
[2018/09/24 19:26:42 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\EPSON\PRINTER
[2018/09/24 19:56:06 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\EPSON\EPSON PX-105 Series\Language
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\Microsoft\WwanSvc
[2018/09/20 21:14:27 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\Microsoft\WwanSvc\DMProfiles
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\All Users\Microsoft\WwanSvc\Profiles
[2018/09/17 21:56:14 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\Default\AppData
[2018/09/17 22:05:05 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\defaultuser0\AppData
[2018/09/17 22:05:09 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2018/09/17 22:23:13 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData
  • green
  • 2019/07/24 (Wed) 23:05:16
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\IECompatCache
[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\IECompatUaCache
[2018/09/17 22:10:20 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\Burn\Burn
[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\IECompatCache\Low
[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\IECompatUaCache\Low
[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\INetCache\Virtualized
[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\INetCookies\DNTException
[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE
[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
[2018/09/17 22:08:50 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
[2018/09/17 22:08:51 | 000,000,000 | -H-D | M] -- C:\Windows.old\Users\green\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2018/09/17 22:08:50 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\Public\AccountPictures
[2018/09/17 21:56:16 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\Public\Desktop
[2018/09/17 21:56:16 | 000,000,000 | RH-D | M] -- C:\Windows.old\Users\Public\Libraries
[2019/07/21 20:23:09 | 000,000,000 | -H-D | M] -- C:\Windows\ELAMBKUP
[2018/09/17 22:16:03 | 000,000,000 | -H-D | M] -- C:\Windows\LanguageOverlayCache
[2018/09/20 22:37:24 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2018/09/18 18:49:34 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2018/09/21 20:01:53 | 000,000,000 | -H-D | M] -- C:\Windows\SysWOW64\directx\websetup

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2019/07/24 17:57:41 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job
[2019/07/24 21:59:53 | 000,000,917 | ---- | M] () -- C:\WINDOWS\tasks\EPSON GT-X980 Update.job
[2019/07/21 20:38:55 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_greenmax.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: CT500MX500SSD1
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST2000DM005-2CW102
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: ELECOM ELECOM USBHDD USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: BUFFALO External HDD USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 465.00GB
Starting Offset: 122683392
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 510.00MB
Starting Offset: 499573063680
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 3,726.00GB
Starting Offset: 135266304
Hidden sectors: 0


DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,397.00GB
Starting Offset: 32256
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
No service found with a name of AeLookupSvc
SRV:[b]64bit:[/b] - [2018/04/12 08:34:06 | 000,166,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:14 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:07 | 001,374,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2019/05/03 14:54:44 | 000,778,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:22 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2018/04/12 08:34:50 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:20 | 000,486,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2018/04/12 08:34:51 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
No service found with a name of Browser
SRV:[b]64bit:[/b] - [2018/04/12 08:34:20 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2019/07/04 13:20:11 | 001,156,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2019/03/14 16:54:29 | 000,354,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2019/03/14 17:15:31 | 000,318,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2019/07/04 13:22:41 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:41 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:27 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2018/04/12 08:34:51 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:34 | 000,604,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:24 | 000,441,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2018/04/12 08:34:40 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
No service found with a name of MMCSS
  • green
  • 2019/07/24 (Wed) 23:06:37
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

SRV:[b]64bit:[/b] - [2018/04/12 08:34:44 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2019/02/06 11:25:27 | 000,507,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:32 | 000,367,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:20 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:15 | 000,119,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:41 | 000,768,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2018/04/12 08:34:33 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2019/04/19 13:34:35 | 000,935,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2019/07/04 13:20:11 | 001,156,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2018/10/21 16:18:06 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2018/10/21 16:45:36 | 000,058,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:43 | 000,266,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2019/05/17 14:30:51 | 000,276,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:23 | 000,613,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2018/04/12 08:34:51 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2019/06/07 14:17:05 | 000,889,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:36 | 000,308,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2018/04/12 08:35:00 | 000,254,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:36 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2019/04/19 13:37:20 | 000,397,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:40 | 001,540,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2019/07/04 13:23:46 | 001,765,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2019/06/07 14:18:57 | 000,686,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2018/04/12 08:33:53 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2019/02/16 17:13:51 | 000,107,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2019/06/13 15:09:04 | 001,854,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2019/07/04 13:19:37 | 000,886,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (mpssvc)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:24 | 000,611,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2018/09/13 18:53:59 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2018/09/13 18:54:03 | 000,060,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:40 | 000,224,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2019/06/13 15:10:40 | 002,912,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2018/04/12 08:34:44 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2019/07/04 13:22:33 | 002,587,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2019/06/13 15:11:42 | 000,271,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 236 bytes -> C:\Users\green\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity

< End of report >
  • green
  • 2019/07/24 (Wed) 23:07:39
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(ここから Extras)

OTL Extras logfile created on: 2019/07/24 22:05:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\green\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17134.0)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

31.92 Gb Total Physical Memory | 27.55 Gb Available Physical Memory | 86.30% Memory free
85.92 Gb Paging File | 79.95 Gb Available in Paging File | 93.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.15 Gb Total Space | 317.50 Gb Free Space | 68.26% Space Free | Partition Type: NTFS
Drive D: | 1863.02 Gb Total Space | 639.63 Gb Free Space | 34.33% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 523.62 Gb Free Space | 37.47% Space Free | Partition Type: NTFS
Drive F: | 3725.90 Gb Total Space | 2900.46 Gb Free Space | 77.85% Space Free | Partition Type: NTFS

Computer Name: NANACHI | User Name: greenmax | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = A4 46 D5 9A 89 4E D4 01 [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


  • green
  • 2019/07/24 (Wed) 23:10:45
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00118C4B-D10F-4404-8288-A35A7E31CE30}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{029B0E6F-2F91-4CF6-9190-6764C652902D}" = rport=138 | protocol=17 | dir=out | app=system |
"{1AD3E7C3-0AB2-4B09-8A58-D4C0CB4D26D6}" = lport=5353 | protocol=17 | dir=in | app=d:\program files\opera\62.0.3331.43\opera.exe |
"{21675FC4-756B-44E8-B8D2-FFCCAB15DCA1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{35C23AD7-B33B-4F50-ACF3-A0EB82BBD734}" = lport=138 | protocol=17 | dir=in | app=system |
"{444E3CF6-B4FF-4826-9694-1FDFB35E6E2B}" = rport=139 | protocol=6 | dir=out | app=system |
"{44DEEA84-3E48-4E43-81A4-2B0CB64C61AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{508AB3F7-BE5E-43B9-8F65-9259EBE2F8AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{51B3EEE2-5A05-4C8A-99B4-E47C69C20CCE}" = lport=2968 | protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{671E902C-3C40-4832-9CA9-ED0D37788F08}" = lport=139 | protocol=6 | dir=in | app=system |
"{7957C34B-E9BA-40BE-82A1-6A14B07B18AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86EB76B2-C26C-445B-ABC2-C629506A95A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{876F718A-8539-4823-9F8E-360C9C2E6478}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3EAE637-C0E4-4110-8247-8B7D6673B8DC}" = lport=2968 | protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{EB52E5A7-EBB5-469B-A8B4-5D70EFA1F0D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA63968F-7481-4739-9384-38958354B0F4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FAA4F3-DE9B-418F-9FFD-C5BC64E52970}" = dir=out | name=xbox tcui |
"{0610FA9F-A562-4C61-ACA4-72A67DC5262F}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\planet coaster\planetcoaster.exe |
"{07011E55-57E4-49A6-9078-B6A8E3FAEA03}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1811.10862.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{085ABF74-D011-4B2E-9444-4DDF66B051C6}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe |
"{0C23959C-788C-4C6E-8F39-A38A85D2D21B}" = dir=in | app=d:\program files\softether vpn client\vpncmd.exe |
"{0FA1370B-145F-4BE7-B1C1-2E52F467DDCA}" = dir=out | name=@{microsoft.people_10.1902.633.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{10FCCFB6-751E-4ED7-8F31-7F6603B52BAB}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} |
"{11F7D96F-08AF-4AF5-9AD7-B776DE04EBE4}" = dir=in | name=xbox |
"{12B8F12D-6359-4483-8D4D-EE91B2A4D359}" = dir=out | name=@{microsoft.ppiprojection_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{145D98F8-F124-41C2-9358-1747B864A429}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steam.exe |
"{14A537D9-7F8D-45EA-BFE7-F92B41731FDD}" = dir=out | name=spybot ip immunization |
"{150AC359-872F-43CE-8176-F8F8A0078833}" = protocol=6 | dir=in | app=c:\steamlibrary\steamapps\common\cities_skylines\cities.exe |
"{1552C411-077F-4F37-BCD3-9F90545001D8}" = dir=in | name=@{microsoft.windows.photos_2019.19031.17720.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{155FA07C-BDEE-46F5-88D6-E8A56A515F80}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\fallout 4\fallout4launcher.exe |
"{19978E23-5038-4592-9812-42D942E1A3BD}" = dir=out | name=@{microsoft.zunevideo_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{1EA7AB23-208C-47F2-A6AB-E4626F433138}" = dir=out | name=onenote |
"{1EE1ADCD-1807-47DC-93A0-FFDC51772231}" = dir=out | name=@{microsoft.windowscalculator_10.1903.21.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} |
"{1FF5474A-39BF-4C28-BF0E-AD273405BCD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{216E0A66-9E57-4D37-A26E-B88B71877F6E}" = dir=out | name=candy crush saga |
"{244A985E-B5CA-41FD-8F85-B7AD99D7AA81}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1811.10862.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{27965F0A-A2C8-4845-A415-C1B75C4E3C7B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{27B8A9EC-7390-490E-B16F-161885458085}" = dir=out | name=@{microsoft.ppiprojection_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{27EA3865-1073-4ADE-962E-A3D6AB66A6D4}" = dir=out | name=@{microsoft.windowsmaps_5.1902.843.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{2B4921BD-E663-4E9C-93C2-6812B5984003}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{2DAB94F2-DD6C-40A2-9659-A6C0B75CDC0F}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\iambread\iambread.exe |
"{31084C0E-691E-4B3D-B69B-46F4E4EA2693}" = dir=in | name=@{microsoft.microsoftedge_42.17134.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{34735ACC-C37E-4731-8BE3-792CA240F8C3}" = dir=in | name=@{microsoft.desktopappinstaller_1.0.30732.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} |
"{34CC8A71-1634-431E-8CBF-A50A65DF8288}" = dir=in | app=d:\program files\softether vpn client\vpncmd_x64.exe |
"{374A1208-77F8-467F-8947-470E1EAB4EED}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\senran kagura reflexions\skreflexions.exe |
"{38C29B36-E0B7-4BAB-B8CD-05B75A7CA255}" = dir=out | name=microsoft sticky notes |
"{3EE7D37B-F7EA-4E44-9276-C9E832EAA400}" = dir=out | name=@{microsoft.windows.photos_2019.19031.17720.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{3F5EB5A3-2291-4725-8FEC-2D605B2B03B1}" = dir=out | name=print 3d |
"{4208C8EE-D707-4DF3-A8A5-99965EC07133}" = dir=in | name=@{microsoft.zunemusic_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{43759BE7-0A1A-4FF5-A1F1-B3F2A00BB300}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{483E71D2-C099-4E39-B0A0-FB4720CE768C}" = dir=out | name=candy crush soda saga |
"{49CFDF08-77B0-4581-A4AD-211C36033B8E}" = dir=in | name=@{microsoft.oneconnect_5.1902.361.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnectstrings/oneconnect/appstorename} |
"{4A73D9B4-0DFF-4E23-8333-0E04481E3118}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{4A77124A-F5E8-4AFC-97B0-61B89021C996}" = dir=in | app=d:\program files\softether vpn client\vpncmgr_x64.exe |
"{4C3D2F07-95B7-4D8B-B6A8-49B96A1CDA5B}" = protocol=17 | dir=in | app=c:\steamlibrary\steamapps\common\kerbal space program\ksp_x64.exe |
"{4CB74800-EE5D-4F5B-8022-26CBDBF874CD}" = dir=out | name=@{microsoft.lockapp_10.0.17134.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{4E0DD377-CB8B-461D-B8E2-5DA6BE981864}" = dir=out | app=d:\program files (x86)\iobit\driver booster\6.1.0\dbdownloader.exe |
"{4F3975B1-D7D9-4796-A774-7161A6DCE188}" = protocol=17 | dir=in | app=c:\steamlibrary\steamapps\common\cities_skylines\cities.exe |
"{4F9684DB-EE7C-4996-8EC1-B4B0CA4E9CF0}" = dir=in | name=onenote |
"{51B8AADA-5DFD-40E6-B3AF-C8A65717D7EF}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steam.exe |
"{5242F796-2F83-4DB4-929B-F4B5D5501477}" = dir=out | name=minecraft for windows 10 |
"{5382E79C-483A-4EC8-8ADF-A912BBDE818C}" = dir=in | app=d:\program files\softether vpn client\vpncmgr.exe |
"{574B9353-7E6D-46BF-A979-98ACA5728295}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{5BC6892C-0C2F-4B38-BB2C-4291971194C1}" = dir=in | name=dolby access |
"{5D46B64F-A49B-43C4-BB88-D0F9C07322EE}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\poly bridge\polybridge.exe |
"{5D8FEB92-2A49-4E98-9B01-7FB3ADA2CEB7}" = dir=in | name=@{microsoft.zunevideo_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{5FED764E-0180-4579-A766-7656A8F8C933}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{60FA64F9-6155-4C2A-B3F9-DB87D4482111}" = dir=in | name=microsoft sticky notes |
"{6380F33D-B654-4B87-9BA2-23E5EDD9D570}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\planet coaster\planetcoaster.exe |
"{6830E749-2F92-43CB-AA81-5CDEC6E8A458}" = dir=in | name=skype |
  • green
  • 2019/07/24 (Wed) 23:13:22
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

"{7275D234-B0BD-4F49-A2A0-6D93A84F9227}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\senran kagura reflexions\skreflexions.exe |
"{742C183D-3E86-444A-95B4-097CFA9080E8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\iambread\iambread.exe |
"{780D1807-1C2C-4140-8C7A-9582E4FE54D8}" = dir=in | name=@{microsoft.windows.cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{7BAEE11C-B374-400C-99AF-91FE828DA5A1}" = dir=out | name=dolby access |
"{7D7234D7-FEBB-4A47-9F12-9683464A542D}" = dir=in | name=microsoft solitaire collection |
"{7E15321F-7812-4E3F-A9E8-9E8EB667C26B}" = dir=out | name=office |
"{8230D256-B86C-46B8-BD0D-9DEE8FF5FD93}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{84773FB9-B12D-4EE4-81C3-5354848BE32C}" = dir=in | name=print 3d |
"{88025FDB-623D-4857-850F-03E200ECA3C1}" = dir=out | name=@{microsoft.windows.cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{88AF5740-5D6C-43DD-B6FF-3AD55027E8BE}" = dir=out | name=@{microsoft.getstarted_6.15.12641.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{8C2ECBA6-0684-4722-ABA0-C40495C82130}" = dir=out | name=@{microsoft.windowscamera_2019.425.30.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} |
"{8E48EA52-98DC-4791-86F1-5E530CFC41FD}" = dir=out | name=@{microsoft.microsoftedge_42.17134.1.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{8EF30372-1388-4C03-80AF-1A4E5510359F}" = dir=out | name=@{a278ab0d.marchofempires_4.0.1.1_x86__h6adky7gbf63m?ms-resource://a278ab0d.marchofempires/resources/marchofempires} |
"{8F769A79-17DF-4360-90F9-EEC5E52E2D26}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{902F6FD1-FAE8-44A6-A5CE-1525E82D8207}" = dir=out | name=@{microsoft.windowsstore_11904.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{90E0A3DC-4E3A-4C41-8B58-CDE454D66977}" = dir=out | name=xbox |
"{942AFDC4-0B93-461C-ACCC-93A3152B1EAF}" = dir=in | app=d:\program files (x86)\iobit\driver booster\6.1.0\autoupdate.exe |
"{947E695F-B622-49D5-A151-C217D10F81F4}" = dir=out | name=win32webviewhost |
"{951B464B-BE6F-4272-AF2D-A30E6EB91881}" = dir=out | name=@{microsoft.accountscontrol_10.0.17134.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{970251D5-8BA7-4364-9053-E83E77A0E828}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{97FD8FC9-7545-4CD0-95B2-83C3D668ABED}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{9E67BECA-1694-49EA-BABC-E44D0FCEA40A}" = dir=out | app=d:\program files (x86)\iobit\driver booster\6.1.0\autoupdate.exe |
"{A1B7CD28-C025-47F6-9D67-F8482560F4AB}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\fallout 4\fallout4launcher.exe |
"{A21F328D-4D40-4455-A8EA-167924CB51EE}" = dir=out | name=@{microsoft.windows.holographicfirstrun_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.holographicfirstrun/resources/pkgdisplayname} |
"{A2E5366B-A422-4863-A912-9CA960307B51}" = dir=out | name=@{microsoft.messaging_4.1901.10241.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{A33715AD-D08B-442C-9870-0B315FA3B53A}" = dir=out | name=@{microsoft.zunemusic_10.19031.11411.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{A98C1627-6041-4440-A1B7-4913E9EC06FD}" = dir=out | name=xbox gaming overlay |
"{AB7B5959-D1A0-4691-B1B2-856E469B71B4}" = dir=out | name=xbox game bar |
"{AB86AA34-1C39-4D15-8A10-BD1BD478DE5F}" = dir=out | name=@{microsoft.mspaint_5.1904.8017.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mspaint/resources/appname} |
"{AF37C9CD-DDB8-4746-B022-429328ED8CF8}" = dir=out | name=@{microsoft.bingnews_4.30.10924.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithtagline} |
"{B3DBA8D9-5B67-4150-99A9-93F8F1F29C9B}" = dir=out | name=@{microsoft.gethelp_10.1706.20381.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} |
"{B79313F3-9415-4B6D-9E9A-9C088DC6F03B}" = dir=in | app=d:\program files (x86)\iobit\driver booster\6.1.0\dbdownloader.exe |
"{B7DE9E9B-A795-4551-B929-DF65C683AC5E}" = dir=in | name=@{microsoft.ppiprojection_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{BB96AEAD-7510-4A6A-8DE8-552036AF1C43}" = dir=in | name=win32webviewhost |
"{BC123877-4A64-44C7-8CEF-3EC487F5BC57}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\poly bridge\polybridge.exe |
"{BD8C25BF-EE6A-4866-A601-8D5EAA3059DC}" = dir=in | name=minecraft for windows 10 |
"{C035310D-7F88-4DD7-BB5C-AE2B99A71FFC}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{C107321C-8F7D-4E5A-B139-41059FB5FEAE}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.17134.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} |
"{C2598A4E-84F2-45E5-9B2B-C1BD392EE4D7}" = dir=in | app=d:\program files\softether vpn client\vpnclient_x64.exe |
"{C39986A4-924B-49AE-8821-9FDFE79A1515}" = dir=in | name=@{microsoft.ppiprojection_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{C39DCFEA-1500-4CC6-AB9E-8D7D71147EEE}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{C47981F8-8FB7-4501-84E3-8B36A7AD7883}" = dir=out | name=@{microsoft.desktopappinstaller_1.0.30732.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} |
"{C8AA58EA-48D2-4DF0-9594-D88BB53C3CC3}" = dir=in | app=d:\program files\softether vpn client\vpnclient.exe |
"{CA0565EE-508B-40A5-ABF9-056600A80810}" = protocol=6 | dir=in | app=c:\steamlibrary\steamapps\common\kerbal space program\ksp_x64.exe |
"{D1551439-05FB-42DC-8698-F551179CF577}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\atrainpc\atrainpc.exe |
"{D25B6461-AA6F-4266-9D57-EA21E83A177C}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{D281BB3D-627D-43A5-9C0A-5BCD3054D88A}" = dir=out | name=@{microsoft.microsoft3dviewer_6.1903.4012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoft3dviewer/common.view.uwp/resources/storeappname} |
"{D347C718-152A-49B4-AF6C-79E7EF07E514}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{D384978E-8E52-46B9-B43E-DFDD26F86D46}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\atrainpc\atrainpc.exe |
"{DB3752A9-E65A-4BE0-B30C-A52717BC86CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC3BFC9A-5EF3-4028-BBB0-F9CCF6DAB7C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DC85C0C6-A3A6-4B1E-9BFA-BBFA8E0021D8}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.17134.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{DD0F64B8-D1CC-43D8-8AE8-71D8922CCE53}" = dir=in | name=@{microsoft.windowsstore_11904.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{DD2C96BF-B263-4BC5-8DD8-F48BFA77BA9C}" = dir=in | name=@{a278ab0d.marchofempires_4.0.1.1_x86__h6adky7gbf63m?ms-resource://a278ab0d.marchofempires/resources/marchofempires} |
  • green
  • 2019/07/24 (Wed) 23:15:11
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

"{E01EBF35-4F7B-4548-9D46-6311C04CFC00}" = dir=out | name=microsoft pay |
"{E2C4163A-7980-49C7-99EA-B29C1848B26B}" = dir=out | name=shell input application |
"{E58FA863-841C-4AD5-A9E1-E0845F7C2FAC}" = dir=out | name=@{microsoft.storepurchaseapp_11811.1001.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} |
"{E7178160-7643-4687-B49E-B94753A3C938}" = dir=out | name=skype |
"{EC815FDC-E136-4CE8-957A-EE4567D3C1D3}" = dir=out | name=@{microsoft.xboxidentityprovider_12.52.24002.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{ECEDFD5C-4277-454A-8BF5-778A6CFB9B11}" = dir=out | name=@{microsoft.bingweather_4.28.10351.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{EDA417CF-B9D0-499B-8A78-099B89A42F44}" = dir=out | name=microsoft solitaire collection |
"{EE6AF6F7-C006-48CE-B6B9-9DC560A12FAD}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\goatsimulator\binaries\win32\goatgame-win32-shipping.exe |
"{EF012895-C792-4168-9F27-607C45089DA2}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\goatsimulator\binaries\win32\goatgame-win32-shipping.exe |
"{F38EFC8A-D7E3-4324-9C46-CB584A2CCB38}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{F68061C1-F129-4F71-AEE8-0C23F678813E}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe |
"{F917E609-FA6D-4607-A1E5-9F9881357AF5}" = dir=out | name=@{microsoft.oneconnect_5.1902.361.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnectstrings/oneconnect/appstorename} |
"{FAB3781B-61AC-42D6-B2A8-9BB5EF608A56}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.17134.1_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} |
"{FCA390F0-CD4A-4077-B461-391F506EB8BF}" = dir=out | name=@{828b5831.hiddencitymysteryofshadows_1.28.2803.0_x86__ytsefhwckbdv6?ms-resource://828b5831.hiddencitymysteryofshadows/resources/appname} |
"{FEC19061-FA50-4A7D-A88D-CAC6FF4CF9FC}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\besiege\besiege.exe |
"{FEF1E8E6-CE66-4998-952A-F4E07D36C2D3}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\besiege\besiege.exe |
"{FFC3E026-5550-425F-943D-B3AEE26CD20C}" = dir=in | name=@{microsoft.messaging_4.1901.10241.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"TCP Query User{0638DF3E-163F-4251-8385-A2BCC6886382}D:\program files (x86)\sony\music center\musiccenter.exe" = protocol=6 | dir=in | app=d:\program files (x86)\sony\music center\musiccenter.exe |
"TCP Query User{3E7EB24F-A236-4436-BF1F-D4B8930739B4}D:\kiss\custommaidonline\ct64.exe" = protocol=6 | dir=in | app=d:\kiss\custommaidonline\ct64.exe |
"TCP Query User{63EB09FE-4693-4F45-BA73-68EB2EE0DB07}D:\program files (x86)\tvclock111\tvclock.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tvclock111\tvclock.exe |
"TCP Query User{6C9D05DD-9C9D-4643-AF24-7F77E8D983EF}D:\program files (x86)\tvclock111\tvclock.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tvclock111\tvclock.exe |
"TCP Query User{7066D015-E683-4CE1-9B2B-8E4B3017408A}D:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{92EF4FD9-EA74-4E4B-AC04-72773F0293BD}D:\kiss\com3d2\com3d2x64.exe" = protocol=6 | dir=in | app=d:\kiss\com3d2\com3d2x64.exe |
"TCP Query User{A854FFDD-275C-4DB7-B113-96F2417BFBF5}D:\program files (x86)\ipmsg\ipmsg.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ipmsg\ipmsg.exe |
"TCP Query User{B39B155A-F0B5-410C-BFAD-02FCD9603A39}D:\kiss\cm3d2\cm3d2x64.exe" = protocol=6 | dir=in | app=d:\kiss\cm3d2\cm3d2x64.exe |
"TCP Query User{BC234863-3732-413C-B2A8-CDC0C3800B12}D:\program files (x86)\ipmsg\ipmsg.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ipmsg\ipmsg.exe |
"TCP Query User{E1EBAC58-AB67-44B0-A76B-DB57D73F79DA}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{061A755E-C4FC-4CA8-861A-057145D90D11}D:\program files (x86)\tvclock111\tvclock.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tvclock111\tvclock.exe |
"UDP Query User{29BED003-19D4-4625-A07C-9A0275F942D4}D:\program files (x86)\ipmsg\ipmsg.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ipmsg\ipmsg.exe |
"UDP Query User{4570F4B8-BA70-4BAB-9B62-ABC66F973DB3}D:\program files (x86)\sony\music center\musiccenter.exe" = protocol=17 | dir=in | app=d:\program files (x86)\sony\music center\musiccenter.exe |
"UDP Query User{45D53262-DCFA-453A-B109-62D1017DFBF2}D:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{57E4B07D-E961-42F0-80AE-68A6E4D5118C}D:\kiss\custommaidonline\ct64.exe" = protocol=17 | dir=in | app=d:\kiss\custommaidonline\ct64.exe |
"UDP Query User{833193FA-4B85-4F43-984B-F11F209FC23D}D:\kiss\cm3d2\cm3d2x64.exe" = protocol=17 | dir=in | app=d:\kiss\cm3d2\cm3d2x64.exe |
"UDP Query User{89A1E1C6-5002-4730-990B-B466E5480AE1}D:\program files (x86)\tvclock111\tvclock.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tvclock111\tvclock.exe |
"UDP Query User{8C35355E-B51B-4A14-B01D-781704468F04}D:\kiss\com3d2\com3d2x64.exe" = protocol=17 | dir=in | app=d:\kiss\com3d2\com3d2x64.exe |
"UDP Query User{964F98CC-B3DF-45BC-9D21-88D7B079BE0C}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{CA5FF4FA-99AE-442E-AAC1-AF1BC396FA31}D:\program files (x86)\ipmsg\ipmsg.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ipmsg\ipmsg.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.13 (64-bit)
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes バージョン 3.8.3.2965
"{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}" = sdrt(5.0, 64bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B0037450-526D-3448-A370-CACBD87769A0}" = Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.11.25325
"{B13B3E11-1555-353F-A63A-8933EE104FBD}" = Microsoft Visual C++ 2017 x64 Additional Runtime - 14.11.25325
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = NVIDIA Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA コントロール パネル 417.35
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision コントローラー ドライバー 390.41
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 33.2.0.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX システム ソフトウェア 9.18.0907
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer" = DisplayDriverAnalyzer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog" = NVIDIA Display Watchdog Plugin
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer" = NVIDIA Display Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NVIDIA Telemetry Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer" = NVIDIA Telemetry Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}" = Classic Shell
"{DD4E0E70-C0D8-4B20-947D-AF1BD276AFAC}" = Google 日本語入力
"CCleaner" = CCleaner
"EPSON PX-105 Series" = EPSON PX-105 Series プリンター アンインストール
"ffdshow64_is1" = ffdshow x64 v1.3.4533 [2014-09-29]
"Lhaz" = Lhaz
"softether_sevpnclient" = SoftEther VPN Client
"Steam App 220200" = Kerbal Space Program
"Steam App 255710" = Cities: Skylines
"Steam App 327890" = I am Bread
"Steam App 346010" = Besiege
"Steam App 492090" = A-Train PC Classic / みんなのA列車で行こうPC
"Steam App 981770" = SENRAN KAGURA Reflexions

  • green
  • 2019/07/24 (Wed) 23:16:47
Re: C:ドライブのルートに asc_rdflag というファイルが出現
(続き)

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2019/06/24 4:48:51 | Computer Name = NANACHI | Source = ESENT | ID = 455
Description = wuaueng.dll (9980,R,98) SUS20ClientDataStore: ログ ファイル C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00008.log
を開いているときに、エラー -1811 (0xfffff8ed) が発生しました。

Error - 2019/06/26 22:57:06 | Computer Name = NANACHI | Source = Perflib | ID = 1008
Description =

Error - 2019/06/26 22:57:07 | Computer Name = NANACHI | Source = Perflib | ID = 1023
Description =

Error - 2019/06/27 8:30:22 | Computer Name = NANACHI | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: wmplayer.exe、バージョン: 12.0.17134.1、タイム スタンプ: 0x15287420
障害が発生しているモジュール名:
combase.dll、バージョン: 10.0.17134.619、タイム スタンプ: 0xa54ce84e 例外コード: 0xc0000005 障害オフセット:
0x00000000000a0f08 障害が発生しているプロセス ID: 0x5f58 障害が発生しているアプリケーションの開始時刻: 0x01d52cdfba1a4ab1
障害が発生しているアプリケーション
パス: C:\Program Files\Windows Media Player\wmplayer.exe 障害が発生しているモジュール パス: C:\WINDOWS\System32\combase.dll
レポート
ID: 31d0251f-53b2-4c53-b900-c5b3b5b99053 障害が発生しているパッケージの完全な名前: ? 障害が発生しているパッケージに関連するアプリケーション
ID: ?

Error - 2019/06/29 3:17:25 | Computer Name = NANACHI | Source = Perflib | ID = 1008
Description =

Error - 2019/06/29 3:17:25 | Computer Name = NANACHI | Source = Perflib | ID = 1023
Description =

Error - 2019/06/29 22:41:19 | Computer Name = NANACHI | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: CM3D2x64.exe、バージョン: 5.3.5.46481、タイム スタンプ: 0x57657436
障害が発生しているモジュール名:
OPENGL32.dll、バージョン: 0.0.0.0、タイム スタンプ: 0x57ee693f 例外コード: 0xc0000005 障害オフセット: 0x0000000000007a31
障害が発生しているプロセス
ID: 0x6264 障害が発生しているアプリケーションの開始時刻: 0x01d52eec04c363bc 障害が発生しているアプリケーション パス: D:\KISS\CM3D2\CM3D2x64.exe
障害が発生しているモジュール
パス: D:\KISS\CM3D2\OPENGL32.dll レポート ID: 8afa1246-f1b8-4b2e-b92d-e1bf8c13a840 障害が発生しているパッケージの完全な名前:
? 障害が発生しているパッケージに関連するアプリケーション ID: ?

Error - 2019/06/29 22:42:36 | Computer Name = NANACHI | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: CM3D2x64.exe、バージョン: 5.3.5.46481、タイム スタンプ: 0x57657436
障害が発生しているモジュール名:
OPENGL32.dll、バージョン: 0.0.0.0、タイム スタンプ: 0x57ee693f 例外コード: 0xc0000005 障害オフセット: 0x000000000000767e
障害が発生しているプロセス
ID: 0x6888 障害が発生しているアプリケーションの開始時刻: 0x01d52eed580987cf 障害が発生しているアプリケーション パス: D:\KISS\CM3D2\CM3D2x64.exe
障害が発生しているモジュール
パス: D:\KISS\CM3D2\OPENGL32.dll レポート ID: 7c8d9ed7-e659-4bf4-bdcf-35e4ba1bccbf 障害が発生しているパッケージの完全な名前:
? 障害が発生しているパッケージに関連するアプリケーション ID: ?

Error - 2019/06/29 23:22:24 | Computer Name = NANACHI | Source = Application Error | ID = 1000
Description = 障害が発生しているアプリケーション名: COM3D2x64.exe、バージョン: 5.6.4.36806、タイム スタンプ: 0x5a0051a1
障害が発生しているモジュール名:
ntdll.dll、バージョン: 10.0.17134.799、タイム スタンプ: 0x7f828745 例外コード: 0xc0000374 障害オフセット: 0x00000000000f479b
障害が発生しているプロセス
ID: 0x81d0 障害が発生しているアプリケーションの開始時刻: 0x01d52ef0d620117e 障害が発生しているアプリケーション パス: D:\KISS\COM3D2\COM3D2x64.exe
障害が発生しているモジュール
パス: C:\WINDOWS\SYSTEM32\ntdll.dll レポート ID: 09d8d3a3-8bb2-4549-b414-4957d5df512a 障害が発生しているパッケージの完全な名前:
? 障害が発生しているパッケージに関連するアプリケーション ID: ?

Error - 2019/06/30 1:21:05 | Computer Name = NANACHI | Source = Application Hang | ID = 1002
Description = プログラム UnDup.exe バージョン 0.0.0.0 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、セキュリティとメンテナンス
コントロール パネルで、問題の履歴を参照してください。 プロセス ID: 6cbc 開始時刻: 01d52f02dbc23229 終了時刻: 4 アプリケーション パス:
D:\Program Files (x86)\undup15\UnDup.exe レポート ID: ff74c02a-2717-4c89-be7b-1b8fed27dd29

障害が発生しているパッケージのフル
ネーム: ? 障害が発生しているパッケージに関連するアプリケーション ID: ?

[ System Events ]
Error - 2019/07/24 8:21:01 | Computer Name = NANACHI | Source = Service Control Manager | ID = 7034
Description = Windows Push Notifications User Service_6a938 サービスは予期せぬ原因により終了しました。このサービスの強制終了は
8 回目です。

Error - 2019/07/24 8:21:31 | Computer Name = NANACHI | Source = Service Control Manager | ID = 7034
Description = Windows Push Notifications User Service_6a938 サービスは予期せぬ原因により終了しました。このサービスの強制終了は
9 回目です。

Error - 2019/07/24 8:22:02 | Computer Name = NANACHI | Source = Service Control Manager | ID = 7034
Description = Windows Push Notifications User Service_6a938 サービスは予期せぬ原因により終了しました。このサービスの強制終了は
10 回目です。

Error - 2019/07/24 8:22:32 | Computer Name = NANACHI | Source = Service Control Manager | ID = 7034
Description = Windows Push Notifications User Service_6a938 サービスは予期せぬ原因により終了しました。このサービスの強制終了は
11 回目です。

Error - 2019/07/24 8:23:02 | Computer Name = NANACHI | Source = Service Control Manager | ID = 7034
Description = Windows Push Notifications User Service_6a938 サービスは予期せぬ原因により終了しました。このサービスの強制終了は
12 回目です。

Error - 2019/07/24 8:23:32 | Computer Name = NANACHI | Source = Service Control Manager | ID = 7034
Description = Windows Push Notifications User Service_6a938 サービスは予期せぬ原因により終了しました。このサービスの強制終了は
13 回目です。

Error - 2019/07/24 8:24:03 | Computer Name = NANACHI | Source = Service Control Manager | ID = 7034
Description = Windows Push Notifications User Service_6a938 サービスは予期せぬ原因により終了しました。このサービスの強制終了は
14 回目です。

Error - 2019/07/24 9:00:16 | Computer Name = NANACHI | Source = DCOM | ID = 10016
Description =

Error - 2019/07/24 9:01:20 | Computer Name = NANACHI | Source = DCOM | ID = 10016
Description =

Error - 2019/07/24 9:01:21 | Computer Name = NANACHI | Source = DCOM | ID = 10016
Description =


< End of report >

以上です。
長くなりましたが、宜しくお願い致します。
  • green
  • 2019/07/24 (Wed) 23:19:40
では代行で
こんばんは、tあまに出没するIVNOと申します。
悪代官さんがレスできない状況ですので、代行します。

ログを見させていただきました。
これでは、今もブラウザを開いて検索をすると複数の広告が表示される状況かと思います。
過去のMBAMやACのログを見る限りでも、正直余裕はない状況ですので、私個人としてはリカバリを推奨したいところです。
特にDドライブへの感染も見て取れますので、現在ご利用になっている合計4つのドライブすべての中身の削除とリカバリがベストではあります。
ただ、リカバリをなされるか否かについてのご判断はお任せしたいと思います。

では上記の判断は別として、OTLで処置していきましょう。
メモ帳を起動させ、以下をコピペしてください。
なお、:OTL、:Files、:Commands等はOTLでの処理方法を決める命令文です。
削除なされないようご注意ください。

------コピペこの下より------
:OTL
MOD - [2018/05/02 17:42:28 | 000,442,128 | ---- | M] () -- d:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2018/05/02 17:42:28 | 000,210,704 | ---- | M] () -- d:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2018/05/02 17:42:28 | 000,059,664 | ---- | M] () -- d:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
SRV - [2018/09/25 15:17:26 | 000,153,360 | ---- | M] (IObit) [Auto | Stopped] -- d:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe -- (IObitUnSvr)
DRV:[b]64bit:[/b] - [2019/03/17 22:57:40 | 000,042,360 | ---- | M] (IObit) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\IMFCameraProtect.sys -- (IMFCameraProtect)
DRV:[b]64bit:[/b] - [2018/09/18 20:48:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2018/10/16 13:37:42 | 000,043,392 | -H-- | M] (IObit) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\IURegistryFilter.sys -- (IURegistryFilter)
DRV - [2018/10/16 13:37:42 | 000,037,184 | -H-- | M] (IObit) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\IUProcessFilter.sys -- (IUProcessFilter)
O2:[b]64bit:[/b] - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - d:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
[2019/07/21 00:15:36 | 000,000,000 | ---D | C] -- C:\Users\green\AppData\Roaming\IObit

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E0DD377-CB8B-461D-B8E2-5DA6BE981864}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{942AFDC4-0B93-461C-ACCC-93A3152B1EAF}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E67BECA-1694-49EA-BABC-E44D0FCEA40A}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B79313F3-9415-4B6D-9E9A-9C088DC6F03B}"=-

:Files
d:\program files (x86)\iobit

:Commands
[purity]
[resethosts]
[emptyflash]
[emptyjava]
[emptytemp]
[createrestorepoint]
[reboot]
------コピペこの上まで------

コピペが完了しましたら、分かりやすいお名前をつけて保存してください。
その後、PCをセーフモードで起動させてください。
再度OTLを起動させ、Custom Scan/Fixesの項目内に上記で保存した内容をコピペしてください。
今回は駆除作業のため、その他のチェック項目はありません。
赤い文字の[Run Fix]をクリックして処置を開始してください。
OTLの処置に従って進めてゆき、通常モードで再起動を行う前後いずれかに処置ログが表示されますので、
そちらのログを貼り付けてご連絡ください。
またその際に状況報告もお願いいたします。
  • IVNO
  • 2019/07/27 (Sat) 00:02:40
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ご対応ありがとうございます。
以下、OTLのログです。


All processes killed
========== OTL ==========
Service IObitUnSvr stopped successfully!
Service IObitUnSvr deleted successfully!
d:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe moved successfully.
Service IMFCameraProtect stopped successfully!
Service IMFCameraProtect deleted successfully!
C:\Windows\SysNative\drivers\IMFCameraProtect.sys moved successfully.
Error: Unable to stop service dtsoftbus01!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dtsoftbus01 deleted successfully.
File move failed. C:\Windows\SysNative\drivers\dtsoftbus01.sys scheduled to be moved on reboot.
Service IURegistryFilter stopped successfully!
Service IURegistryFilter deleted successfully!
D:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\IURegistryFilter.sys moved successfully.
Service IUProcessFilter stopped successfully!
Service IUProcessFilter deleted successfully!
D:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\IUProcessFilter.sys moved successfully.
C:\Users\green\AppData\Roaming\IObit\IObit Uninstaller\UMlog folder moved successfully.
C:\Users\green\AppData\Roaming\IObit\IObit Uninstaller\SpLog folder moved successfully.
C:\Users\green\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\green\AppData\Roaming\IObit\IObit Uninstaller\Autolog folder moved successfully.
C:\Users\green\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\green\AppData\Roaming\IObit folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E0DD377-CB8B-461D-B8E2-5DA6BE981864} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E0DD377-CB8B-461D-B8E2-5DA6BE981864}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{942AFDC4-0B93-461C-ACCC-93A3152B1EAF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{942AFDC4-0B93-461C-ACCC-93A3152B1EAF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E67BECA-1694-49EA-BABC-E44D0FCEA40A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E67BECA-1694-49EA-BABC-E44D0FCEA40A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B79313F3-9415-4B6D-9E9A-9C088DC6F03B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B79313F3-9415-4B6D-9E9A-9C088DC6F03B}\ not found.
========== FILES ==========
d:\program files (x86)\IObit\IObit Uninstaller\update\Temp folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\update folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Skin folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Pub folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Language folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\DS folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Drivers\win7_x86 folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Drivers\win7_ia64 folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Drivers\win7_amd64 folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Drivers\win10_x86 folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Drivers\win10_ia64 folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64 folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Drivers folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Database folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller\Backup folder moved successfully.
d:\program files (x86)\IObit\IObit Uninstaller folder moved successfully.
d:\program files (x86)\IObit folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: green
->Flash cache emptied: 2336 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: green

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: green
->Temp folder emptied: 37835655 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 401977780 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10707142 bytes
RecycleBin emptied: 383684 bytes

Total Files Cleaned = 430.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 07272019_010236

Files\Folders moved on Reboot...
C:\Windows\SysNative\drivers\dtsoftbus01.sys moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


以上です。

ところで、ブラウザを開いて検索をすると複数の広告が表示されるのではとの事ですが
常用のOpera、サブのGoogle Chrome、予備のSleipnir のいずれに置いても
特に広告表示というのは見受けられません。(グーグル検索の場合)
念のため普段全く使っていないMicrosoft Edge でも試してみましたが同様でした。
もし他の検索方法の事についてでしたら、その方法をお知らせいただけますでしょうか。

それでは引き続き、宜しくお願い致します。
  • green
  • 2019/07/27 (Sat) 01:28:39
HJTとCCのログ取得を
OTLの処置ログを確認いたしました。
処置そのものは正常に完了していますね。
そしてHostsファイルに書き込まれていた、およそ15,650種の悪質なURLの記録ですが、見間違えていたようで、どうやらこれは拒否リストのようですね。
恐らくは多大な数のマルウェアの感染による影響を、アバスト辺りのセキュリティソフトがブロックしていたものが表示されていたのでしょう。
ですので、こちらは現状では問題がないと言えるものです。

それでは今一度見直しを行います。
HJTのログ、CCのインストール情報ログ、同じくCCのスタートアップの各項目のログ、CCのブラウザプラグインの各項目のログを再取得し、貼り付けてご連絡ください。
  • IVNO
  • 2019/07/27 (Sat) 07:49:56
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ご指定のログを取得いたしました。
以下の通りです。


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:07:05, on 2019/07/27
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
D:\Program Files (x86)\IPMsg\ipmsg.exe
D:\Program Files (x86)\Mfa176\MFA.exe
D:\Program Files (x86)\NicoNamaAlert\NicoNamaAlert.exe
D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
D:\Program Files (x86)\tvclock111\TVClock.exe
D:\Users\green\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - D:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - D:\Program Files\Classic Shell\ClassicIE_32.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - d:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - d:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - d:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service: @C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe,-100 (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICEsound Service (ICEsoundService) - Unknown owner - C:\WINDOWS\system32\ICEsoundService64.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MusicCenter Back-End Service - Sony Video & Sound Products Inc. - D:\Program Files (x86)\Sony\Music Center\avlib\SsBeServiceMc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
O23 - Service: PACSPTISVR-Music_Center - Sony Video & Sound Products Inc. - D:\Program Files (x86)\Sony\Music Center\Sony.Earth\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther VPN Project at University of Tsukuba, Japan. - d:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 8671 bytes


3D ビューアー Microsoft Corporation 2019/03/08 6.1903.4012.0
A-Train PC Classic / みんなのA列車で行こうPC ARTDINK 2018/09/20
A-Train9v5 ARTDINK 2018/12/08 1.21 GB 5.00.4431
Adobe Flash Player 32 PPAPI Adobe 2019/07/09 4.63 MB 32.0.0.223
Adobe Photoshop Elements 5.0 Adobe Systems Inc. 2018/09/23 5.0
Avast Free Antivirus AVAST Software 2019/05/25 19.5.2378
Besiege Spiderling Studios 2018/11/24
Candy Crush Saga king.com 2019/05/07 1.1501.2.0
Candy Crush Soda Saga king.com 2019/05/17 1.139.500.0
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 2018/09/22 1.7.0.4
Canon Internet Library for ZoomBrowser EX Canon Inc. 2018/09/22 1.6.3.9
Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 2018/09/22 3.2.0.34
Canon Utilities CameraWindow Canon Inc. 2018/09/22 7.3.0.4
Canon Utilities CameraWindow DC Canon Inc. 2018/09/22 7.4.1.10
Canon Utilities CameraWindow DC 8 Canon Inc. 2018/09/22 8.0.0.19
Canon Utilities MyCamera Canon Inc. 2018/09/22 7.3.0.5
Canon Utilities ZoomBrowser EX Canon Inc. 2018/09/22 6.4.0.7
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 2018/09/22 1.2.2.11
CCleaner Piriform 2019/07/20 5.60
Cities: Skylines Colossal Order Ltd. 2018/09/26
Classic Shell IvoSoft 2018/09/19 13.1 MB 4.3.1
Dolby Access Dolby Laboratories 2019/03/12 2.4.520.0
Epson Copy Utility 4 Seiko Epson Corporation 2018/09/24 4.67 MB 4.01.0001
Epson Event Manager Seiko Epson Corporation 2018/09/24 44.0 MB 3.10.0061
EPSON PX-105 Series プリンター アンインストール SEIKO EPSON Corporation 2018/09/20
EPSON Scan Seiko Epson Corporation 2018/09/24
Epson Software Updater Seiko Epson Corporation 2018/09/21 11.1 MB 4.4.9
ffdshow x64 v1.3.4533 [2014-09-29] 2018/09/23 14.7 MB 1.3.4533.0
Google Chrome Google LLC 2019/07/19 75.0.3770.142
Google 日本語入力 Google Inc. 2019/07/26 79.6 MB 2.25.3700.0
Groove ミュージック Microsoft Corporation 2019/04/03 10.19031.11411.0
GV 2018/09/23
HEVC Video Extensions from Device Manufacturer Microsoft Corporation 2018/12/12 1.0.13209.0
Hidden City: アイテム探しアドベンチャー G5 Entertainment AB 2019/05/02 1.28.2803.0
honestech VHS to DVD 2.5 SE honestech 2018/09/23 2.5
I am Bread Bossa Studios 2018/11/24
ILLUSION すくぅ~るメイト2 体験版 ILLUSION 2018/09/24 193 MB 1.00.0000
ILLUSION でじたるメイト ILLUSION 2018/09/24 436 MB 1.00.0000
IObit Uninstaller 8 IObit 2019/03/29 54.3 MB 8.4.0.8
Kerbal Space Program Squad 2018/10/31
Leawo Blu-ray Player バージョン 1.10.0.2 Leawo Software 2019/02/16 133 MB 1.10.0.2
Lhaz ちとらソフト 2018/09/18 3.22 MB 2.5.1
Live5ch 2018/09/18
Malwarebytes バージョン 3.8.3.2965 Malwarebytes 2019/07/21 180 MB 3.8.3.2965
Microsoft OneDrive Microsoft Corporation 2019/07/19 131 MB 19.103.0527.0003
Microsoft Pay Microsoft Corporation 2018/09/17 2.1.18009.0
Microsoft Solitaire Collection Microsoft Studios 2019/04/12 4.3.4032.0
Microsoft Sticky Notes Microsoft Corporation 2019/05/14 3.6.71.0
Microsoft Store Microsoft Corporation 2019/05/05 11904.1001.1.0
Microsoft Store エクスペリエンス ホスト Microsoft Corporation 2019/01/30 11811.1001.18.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2018/09/23 4.99 MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2018/09/24 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 2019/02/16 5.95 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2018/09/24 10.2 MB 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2018/09/20 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2018/09/20 11.1 MB 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2018/09/24 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2018/09/24 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 2018/09/24 19.5 MB 14.0.24215.1
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 Microsoft Corporation 2018/09/18 23.3 MB 14.11.25325.0
Microsoft ニュース Microsoft Corporation 2019/04/03 4.30.10924.0
Minecraft Microsoft Studios 2019/05/17 1.11.301.0
MPC-HC 1.7.13 (64-bit) MPC-HC Team 2018/09/23 47.0 MB 1.7.13
MPEG-2 ビデオ拡張機能 Microsoft Corporation 2018/10/12 1.0.12831.0
Music Center for PC Sony Video & Sound Products Inc. 2018/10/09 209 MB 2.0.0.00992
NVIDIA 3D Vision コントローラー ドライバー 390.41 NVIDIA Corporation 2018/09/21 390.41
NVIDIA PhysX システム ソフトウェア 9.18.0907 NVIDIA Corporation 2018/09/21 9.18.0907
Office Microsoft Corporation 2019/03/22 18.1903.1152.0
OneNote Microsoft Corporation 2019/05/09 16001.11629.20028.0
Opera Stable 62.0.3331.43 Opera Software 2019/07/06 62.0.3331.43
PC Viewer DRY-PC Viewer TypeC YUPITERU 2018/12/20 72.7 MB 1.1.31
People Microsoft Corporation 2019/04/16 10.1902.633.0
PHANTASY STAR ONLINE 2 SEGA Games Co., Ltd. 2018/09/21 7.19 MB
Print 3D Microsoft Corporation 2019/04/25 3.3.791.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2019/01/16 6.0.1.8549
sdrt(5.0, 64bit) パルティオソフト株式会社 2018/09/24 4.09 MB 5.0.6.0
SENRAN KAGURA Reflexions Tamsoft 2019/06/25
Skype Skype 2019/05/06 14.44.40.0
SoftEther VPN Client SoftEther VPN Project 2018/09/18 4.28.9669
Sony Media Library Earth 9.3.01 Sony Corporation 2018/09/23 50.5 MB 9.3.01.03100
Steam Valve Corporation 2018/09/18 2.10.91.91
Update for Windows 10 for x64-based Systems (KB4023057) Microsoft Corporation 2019/06/22 1.41 MB 2.59.0.0
VLC media player VideoLAN 2019/02/16 3.0.6
Web メディア拡張機能 Microsoft Corporation 2019/01/23 1.0.13321.0
x-アプリ 6.0.04 Sony Corporation 2018/09/23 84.1 MB 10.0.04
Xbox Microsoft Corporation 2019/05/07 48.53.3001.0
Xbox Game bar Microsoft Corporation 2019/05/17 1.41.14001.0
Xbox Game Speech Window Microsoft Corporation 2018/09/18 1.21.13002.0
Xbox gaming overlay Microsoft Corporation 2018/10/30 1.16.1012.0
Xbox Identity Provider Microsoft Corporation 2019/05/02 12.52.24002.0
Xbox Live Microsoft Corporation 2018/12/10 1.24.10001.0
アプリ インストーラー Microsoft Corporation 2019/04/12 1.0.30732.0
アラーム & クロック Microsoft Corporation 2019/05/02 10.1903.1006.0
カスタムオーダーメイド3D2 KISS 2018/12/08 11.2 GB
カスタムメイド3D2 KISS 2018/12/08 7.49 GB
カメラ Microsoft Corporation 2019/05/15 2019.425.30.0
ヒント Microsoft Corporation 2018/10/09 6.15.12641.0
フィードバック Hub Microsoft Corporation 2019/04/09 1.1811.10862.0
フォト Microsoft Corporation 2019/05/06 2019.19031.17720.0
フォト アドオン Microsoft Corporation 2019/04/11 2017.39121.36610.0
ペイント 3D Microsoft Corporation 2019/04/12 5.1904.8017.0
ボイス レコーダー Microsoft Corporation 2019/03/28 10.1902.633.0
マップ Microsoft Corporation 2019/04/10 5.1902.843.0
マーチ オブ エンパイア - 領土戦争 Gameloft. 2019/05/17 4.0.1.1
メッセージング Microsoft Corporation 2019/02/19 4.1901.10241.0
メール/カレンダー Microsoft Corporation 2019/04/02 16005.11425.20190.0
モバイル通信プラン Microsoft Corporation 2019/02/28 5.1902.361.0
問い合わせ Microsoft Corporation 2019/04/19 10.1706.20381.0
天気 Microsoft Corporation 2019/02/14 4.28.10351.0
日本語 ローカル エクスペリエンス パック Microsoft Corporation 2019/05/07 17134.33.47.0
映画 & テレビ Microsoft Corporation 2019/04/03 10.19031.11411.0
電卓 Microsoft Corporation 2019/05/02 10.1903.21.0


有効 HKLM:Run AvastUI.exe AVAST Software "d:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run Classic Start Menu IvoSoft "D:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
有効 HKLM:Run SecurityHealth Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCuiL.exe
有効 HKLM:Run SoftEther VPN Client UI Helper SoftEther VPN Project at University of Tsukuba, Japan. "d:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
有効 Startup Common SoftEther VPN Client Manager Startup.lnk D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
有効 Startup User IPMSG for Win32.lnk D:\Program Files (x86)\IPMsg\ipmsg.exe
有効 Startup User MFA.lnk D:\Program Files (x86)\Mfa176\MFA.exe
有効 Startup User NicoNamaAlert.lnk D:\Program Files (x86)\NicoNamaAlert\NicoNamaAlert.exe
有効 Startup User PROXOMITRON.lnk D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
有効 Startup User TVClock.lnk D:\Program Files (x86)\tvclock111\TVClock.exe


有効 Task Adobe Flash Player PPAPI Notifier Adobe C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe -check pepperplugin
有効 Task Adobe Flash Player Updater Adobe C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Software Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task EPSON GT-X980 Update SEIKO EPSON CORPORATION C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe /EXE_S:"EPSON GT-X980","ES00FE.DAT" /F:"Update"
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task IMF_SkipUAC_greenmax d:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /SkipUac
無効 Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
無効 Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
無効 Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
無効 Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
無効 Task NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
無効 Task NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
無効 Task NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
有効 Task OneDrive Standalone Update Task-S-1-5-21-1820434542-3641797410-228512082-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
有効 Task Opera scheduled Autoupdate 1502748092 Opera Software D:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
無効 Task Uninstaller_SkipUac_greenmax d:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer


有効 Directory IObitUnstaler d:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory VLCメディアプレイヤーで再生 VideoLAN "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
有効 Directory VLCメディアプレイヤーのプレイリストに追加 VideoLAN "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
有効 Directory ファイルの所有権
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File 00asw d:\Program Files\AVAST Software\Avast\ashShell.dll
有効 File avast d:\Program Files\AVAST Software\Avast\ashShell.dll
有効 File IObitUnstaler d:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
有効 File LhazDll d:\Program Files\Lhaz\LhazDll.dll
有効 File LhazDll32 d:\Program Files\Lhaz\LhazDll32.dll
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder avast d:\Program Files\AVAST Software\Avast\ashShell.dll
有効 Folder IObit Malware Fighter
有効 Folder IObitUnstaler d:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
有効 Folder LhazDll d:\Program Files\Lhaz\LhazDll.dll
有効 Folder LhazDll32 d:\Program Files\Lhaz\LhazDll32.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder StartMenuExt IvoSoft C:\WINDOWS\system32\StartMenuHelper64.dll


有効 Extension Classic IE Settings D:\Program Files\Classic Shell\ClassicIE_32.exe
有効 Helper ClassicIEBHO Class D:\Program Files\Classic Shell\ClassicIEDLL_32.dll
有効 Helper ClassicIEBHO Class D:\Program Files\Classic Shell\ClassicIEDLL_64.dll
有効 Helper ExplorerBHO Class D:\Program Files\Classic Shell\ClassicExplorer32.dll
有効 Helper ExplorerBHO Class D:\Program Files\Classic Shell\ClassicExplorer64.dll
無効 Helper ExplorerWnd Helper d:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
有効 Toolbar Classic Explorer Bar D:\Program Files\Classic Shell\ClassicExplorer32.dll
有効 Toolbar Classic Explorer Bar D:\Program Files\Classic Shell\ClassicExplorer64.dll


有効 App Gmail 8.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0
有効 App Google ドライブ 14.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0
有効 App YouTube 4.2.8 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Google オフライン ドキュメント 1.7 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1
有効 Extension スプレッドシート 1.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0
有効 Extension スライド 0.10 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0
有効 Extension ドキュメント 0.10 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0


以上です。
それでは、改めて宜しくお願い致します。
  • green
  • 2019/07/27 (Sat) 09:36:51
悪代官復帰しますた
レスが遅くなってすみません。

IVNOさん、フォローありがとうございます。

greenさん、現在の各ログを見せてもらいました。
状態としては異常は出ていないようですね。

それでは本題の部分はいいとして、まだ気になる部分があるので今度はIObitUnstaler(以下:IU)を使っての解析作業をお願いします。

IUを起動して、画面上部の三本線(オプション)から「リストをエクスポート」選択するとIUでのログが保存可能になります。
デフォルトでは「Program List.txt」というファイル名になるのでそれをデスクトップ上に保存してください。
保存直後そのログがメモ帳で開きます。
保存したらIUは終了後、そのログをまたレスで見せてください。

このIUログはCCでのインストール情報に該当しますが、CCよりもかなり詳細な内容を調べることが可能です。
このログでまだ何か隠れていないかを解析します
  • 悪代官
  • 2019/07/28 (Sun) 20:27:21
Re: C:ドライブのルートに asc_rdflag というファイルが出現
病み上がりでのご対応、ありがとうございます。

IUを立ち上げたところ、バージョンアップのお知らせがありましたので
念の為8.6にしてからログを取りました。(最初立ち上げ時は8.4でした。)
以下そのログです。


====================================
Software List
Application Version:8.6.0.8
Windows 10
Exported Time:07-28-2019 20:59:44
====================================

Software Name: A-Train PC Classic / みんなのA列車で行こうPC
Version: -
Publisher: ARTDINK
Install Time:
Size: 0 Byte
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 492090
Uninstall Command: "D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/492090
----------------------------------------------

Software Name: A-Train9v5
Version: 5.00.4431
Publisher: ARTDINK
Install Time: 2018/12/08
Size: 1.22 GB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{87D376D1-F8A2-413A-A2F1-1B7161BE5E1A}
Uninstall Command: MsiExec.exe /X{87D376D1-F8A2-413A-A2F1-1B7161BE5E1A}
----------------------------------------------

Software Name: Adobe Flash Player 32 PPAPI
Version: 32.0.0.223
Publisher: Adobe
Install Time: 2018/09/17
Size: 4.64 MB
Help info: http://www.adobe.com/go/flashplayer_support/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI
Uninstall Command: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe -maintain pepperplugin
----------------------------------------------

Software Name: Adobe Photoshop Elements 5.0
Version: 5.0
Publisher: Adobe Systems Inc.
Install Time: 2018/09/15
Size: 335.05 MB
Help info: http://www.adobe.co.jp/support/main.html
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop Elements 5
Uninstall Command: msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
----------------------------------------------

Software Name: Avast Free Antivirus
Version: 19.5.2378
Publisher: AVAST Software
Install Time: 2018/09/14
Size: 1.26 GB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Antivirus
Uninstall Command: d:\Program Files\AVAST Software\Avast\setup\Instup.exe /control_panel
----------------------------------------------

Software Name: Besiege
Version: -
Publisher: Spiderling Studios
Install Time:
Size: 0 Byte
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 346010
Uninstall Command: "E:\Program Files (x86)\Steam\steam.exe" steam://uninstall/346010
----------------------------------------------

Software Name: CANON iMAGE GATEWAY Task for ZoomBrowser EX
Version: 1.7.0.4
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 133.12 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CANON iMAGE GATEWAY Task
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
----------------------------------------------

Software Name: Canon Internet Library for ZoomBrowser EX
Version: 1.6.3.9
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 133.12 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Canon Internet Library for ZoomBrowser EX
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
----------------------------------------------

Software Name: Canon MovieEdit Task for ZoomBrowser EX
Version: 3.2.0.34
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 133.12 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MovieEditTask
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
----------------------------------------------

Software Name: Canon Utilities CameraWindow
Version: 7.3.0.4
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 1.51 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowLauncher
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
----------------------------------------------

Software Name: Canon Utilities CameraWindow DC
Version: 7.4.1.10
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 5.22 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
----------------------------------------------

Software Name: Canon Utilities CameraWindow DC 8
Version: 8.0.0.19
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 11.75 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC8
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\CameraWindow\CameraWindowDC8\Uninst.ini"
----------------------------------------------

Software Name: Canon Utilities MyCamera
Version: 7.3.0.5
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 7.33 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyCamera
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\CameraWindow\MyCamera\Uninst.ini"
----------------------------------------------

Software Name: Canon Utilities ZoomBrowser EX
Version: 6.4.0.7
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 133.12 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomBrowser EX
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\ZoomBrowser EX\Program\Uninst.ini"
----------------------------------------------

Software Name: Canon ZoomBrowser EX Memory Card Utility
Version: 1.2.2.11
Publisher: Canon Inc.
Install Time: 2018/09/15
Size: 12.72 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomBrowser EX Memory Card Utility
Uninstall Command: "C:\Program Files (x86)\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "d:\Program Files (x86)\Canon\ZoomBrowser EX MCU\Uninst.ini"
----------------------------------------------

Software Name: CCleaner
Version: 5.60
Publisher: Piriform
Install Time:
Size: 0 Byte
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
Uninstall Command: "C:\Program Files\CCleaner\uninst.exe"
----------------------------------------------

Software Name: Cities: Skylines
Version: -
Publisher: Colossal Order Ltd.
Install Time:
Size: 0 Byte
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 255710
Uninstall Command: "E:\Program Files (x86)\Steam\steam.exe" steam://uninstall/255710
----------------------------------------------

Software Name: Classic Shell
Version: 4.3.1
Publisher: IvoSoft
Install Time: 2018/09/19
Size: 13.20 MB
Help info: http://www.classicshell.net/forum/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}
Uninstall Command: MsiExec.exe /X{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}
----------------------------------------------

Software Name: Epson Copy Utility 4
Version: 4.01.0001
Publisher: Seiko Epson Corporation
Install Time: 2018/09/24
Size: 4.67 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}
Uninstall Command: MsiExec.exe /X{06A7E8AB-2856-4490-BAA9-F338ABE7695A}
----------------------------------------------

Software Name: Epson Event Manager
Version: 3.10.0061
Publisher: Seiko Epson Corporation
Install Time: 2018/09/24
Size: 44.03 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F205E94-9E42-4486-A92A-DF3F6CB85444}
Uninstall Command: MsiExec.exe /X{9F205E94-9E42-4486-A92A-DF3F6CB85444}
----------------------------------------------

Software Name: EPSON PX-105 Series プリンター アンインストール
Version: -
Publisher: SEIKO EPSON Corporation
Install Time:
Size: 0 Byte
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON PX-105 Series
Uninstall Command: C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YINSIYJ.EXE /R /APD /P:"EPSON PX-105 Series"
----------------------------------------------

Software Name: EPSON Scan
Version: -
Publisher: Seiko Epson Corporation
Install Time: 2018/09/24
Size: 1.00 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Scanner
Uninstall Command: C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
----------------------------------------------

Software Name: Epson Software Updater
Version: 4.4.9
Publisher: Seiko Epson Corporation
Install Time: 2018/09/21
Size: 11.19 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}
Uninstall Command: MsiExec.exe /X{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}
----------------------------------------------

Software Name: ffdshow x64 v1.3.4533 [2014-09-29]
Version: 1.3.4533.0
Publisher:
Install Time: 2018/09/23
Size: 14.78 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ffdshow64_is1
Uninstall Command: "d:\Program Files\ffdshow\unins000.exe"
----------------------------------------------

Software Name: Google Chrome
Version: 75.0.3770.142
Publisher: Google LLC
Install Time: 2019/07/19
Size: 226.68 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Uninstall Command: "C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\setup.exe" --uninstall --system-level --verbose-logging
----------------------------------------------

Software Name: Google 日本語入力
Version: 2.25.3700.0
Publisher: Google Inc.
Install Time: 2019/07/26
Size: 79.64 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0E71BB6-8FE0-40B8-B6B5-A8D5073F785F}
Uninstall Command: MsiExec.exe /X{A0E71BB6-8FE0-40B8-B6B5-A8D5073F785F}
----------------------------------------------

Software Name: GV
Version: -
Publisher:
Install Time: 2018/09/23
Size: 861.94 KB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GV
Uninstall Command: D:\Program Files (x86)\GV\UNINST_GV.EXE /UNINST
----------------------------------------------

Software Name: honestech VHS to DVD 2.5 SE
Version: 2.5
Publisher: honestech
Install Time: 2018/09/23
Size: 26.21 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}
Uninstall Command: C:\Program Files (x86)\InstallShield Installation Information\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}\setup.exe -runfromtemp -l0x0011 -removeonly
----------------------------------------------

Software Name: I am Bread
Version: -
Publisher: Bossa Studios
Install Time:
Size: 0 Byte
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 327890
Uninstall Command: "E:\Program Files (x86)\Steam\steam.exe" steam://uninstall/327890
----------------------------------------------

Software Name: ILLUSION すくぅ~るメイト2 体験版
Version: 1.00.0000
Publisher: ILLUSION
Install Time: 2018/09/24
Size: 193.47 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B60F4BF-CE4F-4EDC-BA41-609CF2D6F9C5}
Uninstall Command: MsiExec.exe /X{0B60F4BF-CE4F-4EDC-BA41-609CF2D6F9C5}
----------------------------------------------

Software Name: ILLUSION でじたるメイト
Version: 1.00.0000
Publisher: ILLUSION
Install Time: 2018/09/24
Size: 436.03 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{322CE629-58C4-4835-BEF8-46F6111434B6}
Uninstall Command: MsiExec.exe /X{322CE629-58C4-4835-BEF8-46F6111434B6}
----------------------------------------------

Software Name: IObit Uninstaller 8
Version: 8.6.0.8
Publisher: IObit
Install Time: 2019/07/28
Size: 54.67 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObitUninstall
Uninstall Command: "C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe"
----------------------------------------------

Software Name: Kerbal Space Program
Version: -
Publisher: Squad
Install Time:
Size: 0 Byte
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 220200
Uninstall Command: "E:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220200
----------------------------------------------

Software Name: Leawo Blu-ray Player バージョン 1.10.0.2
Version: 1.10.0.2
Publisher: Leawo Software
Install Time: 2019/02/16
Size: 133.54 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF7F52BF-DEE0-44CD-A7E1-AADD5CCECCDD}_is1
Uninstall Command: "d:\Program Files (x86)\Leawo\Blu-ray Player\unins000.exe"
----------------------------------------------

Software Name: Lhaz
Version: 2.5.1
Publisher: ちとらソフト
Install Time:
Size: 3.22 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lhaz
Uninstall Command: d:\Program Files\Lhaz\Setup.exe /u
----------------------------------------------

Software Name: Live5ch
Version: -
Publisher:
Install Time: 2018/09/15
Size: 315.95 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1
Uninstall Command: C:\WINDOWS\st6unst.exe -n "D:\Program Files (x86)\Live2ch\ST6UNST.008"
----------------------------------------------

Software Name: Malwarebytes バージョン 3.8.3.2965
Version: 3.8.3.2965
Publisher: Malwarebytes
Install Time: 2019/07/21
Size: 180.04 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Uninstall Command: "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG
----------------------------------------------

Software Name: Microsoft OneDrive
Version: 19.103.0527.0003
Publisher: Microsoft Corporation
Install Time:
Size: 131.61 MB
Help info: http://go.microsoft.com/fwlink/?LinkID=215117
Registry Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
Uninstall Command: C:\Users\green\AppData\Local\Microsoft\OneDrive\19.103.0527.0003_1\OneDriveSetup.exe /uninstall
----------------------------------------------

Software Name: Microsoft Visual C++ 2005 Redistributable
Version: 8.0.56336
Publisher: Microsoft Corporation
Install Time: 2018/09/23
Size: 5.00 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
Uninstall Command: MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Version: 9.0.30729
Publisher: Microsoft Corporation
Install Time: 2018/09/24
Size: 13.28 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}
Uninstall Command: MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Version: 9.0.21022
Publisher: Microsoft Corporation
Install Time: 2019/02/16
Size: 5.95 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Uninstall Command: MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
----------------------------------------------

Software Name: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Version: 9.0.30729
Publisher: Microsoft Corporation
Install Time: 2018/09/24
Size: 10.27 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Uninstall Command: MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
----------------------------------------------

Software Name: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2018/09/20
Size: 13.87 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=146008
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Uninstall Command: MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
----------------------------------------------

Software Name: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Version: 10.0.40219
Publisher: Microsoft Corporation
Install Time: 2018/09/20
Size: 11.15 MB
Help info: http://go.microsoft.com/fwlink/?LinkId=146008
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Uninstall Command: MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
----------------------------------------------

Software Name: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Version: 12.0.30501.0
Publisher: Microsoft Corporation
Install Time: 2018/09/24
Size: 20.57 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}
Uninstall Command: "C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
----------------------------------------------

Software Name: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Version: 12.0.30501.0
Publisher: Microsoft Corporation
Install Time: 2018/09/24
Size: 17.19 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}
Uninstall Command: "C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
----------------------------------------------

Software Name: Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
Version: 14.0.24215.1
Publisher: Microsoft Corporation
Install Time: 2018/09/24
Size: 19.55 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e2803110-78b3-4664-a479-3611a381656a}
Uninstall Command: "C:\ProgramData\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe" /uninstall
----------------------------------------------

Software Name: Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325
Version: 14.11.25325.0
Publisher: Microsoft Corporation
Install Time: 2018/09/18
Size: 23.39 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}
Uninstall Command: "C:\ProgramData\Package Cache\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\VC_redist.x64.exe" /uninstall
----------------------------------------------

Software Name: MPC-HC 1.7.13 (64-bit)
Version: 1.7.13
Publisher: MPC-HC Team
Install Time: 2018/09/23
Size: 47.04 MB
Help info: https://trac.mpc-hc.org/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1
Uninstall Command: "d:\Program Files\MPC-HC\unins000.exe"
----------------------------------------------

Software Name: Music Center for PC
Version: 2.0.0.00992
Publisher: Sony Video & Sound Products Inc.
Install Time: 2018/10/09
Size: 209.42 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{140EF09D-F58C-4C40-B476-C2A5D67AD948}
Uninstall Command: MsiExec.exe /X{140EF09D-F58C-4C40-B476-C2A5D67AD948}
----------------------------------------------

Software Name: NVIDIA 3D Vision コントローラー ドライバー 390.41
Version: 390.41
Publisher: NVIDIA Corporation
Install Time: 2018/09/21
Size: 0 Byte
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB
----------------------------------------------

Software Name: NVIDIA PhysX システム ソフトウェア 9.18.0907
Version: 9.18.0907
Publisher: NVIDIA Corporation
Install Time: 2018/09/21
Size: 0 Byte
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX
Uninstall Command: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
----------------------------------------------

Software Name: Opera Stable 62.0.3331.43
Version: 62.0.3331.43
Publisher: Opera Software
Install Time: 2018/09/15
Size: 382.37 MB
Help info: https://help.opera.com/latest/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera 62.0.3331.43
Uninstall Command: "D:\Program Files\Opera\Launcher.exe" /uninstall
----------------------------------------------

Software Name: PC Viewer DRY-PC Viewer TypeC
Version: 1.1.31
Publisher: YUPITERU
Install Time: 2018/12/20
Size: 72.74 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB7B1E6F-E8F9-4CA3-85BF-8F70D6CB9C86}
Uninstall Command: MsiExec.exe /X{BB7B1E6F-E8F9-4CA3-85BF-8F70D6CB9C86}
----------------------------------------------

Software Name: PHANTASY STAR ONLINE 2
Version: -
Publisher: SEGA Games Co., Ltd.
Install Time: 2018/09/21
Size: 7.20 MB
Help info: http://pso2.jp/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\http://pso2.jp/appid/release_is1
Uninstall Command: "d:\Program Files (x86)\SEGA\PHANTASYSTARONLINE2\unins000.exe"
----------------------------------------------

Software Name: Realtek High Definition Audio Driver
Version: 6.0.1.8549
Publisher: Realtek Semiconductor Corp.
Install Time: 2018/09/17
Size: 53.23 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
Uninstall Command: "C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe" -r -m -nrg2709
----------------------------------------------

Software Name: sdrt(5.0, 64bit)
Version: 5.0.6.0
Publisher: パルティオソフト株式会社
Install Time: 2018/09/24
Size: 4.09 MB
Help info: http://www.paltio.co.jp
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}
Uninstall Command: MsiExec.exe /X{63A3DBCF-FB40-4398-9AE5-94EE6206CE12}
----------------------------------------------

Software Name: SENRAN KAGURA Reflexions
Version: -
Publisher: Tamsoft
Install Time:
Size: 0 Byte
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 981770
Uninstall Command: "E:\Program Files (x86)\Steam\steam.exe" steam://uninstall/981770
----------------------------------------------

Software Name: SoftEther VPN Client
Version: 4.28.9669
Publisher: SoftEther VPN Project
Install Time:
Size: 0 Byte
Help info: http://selinks.org/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softether_sevpnclient
Uninstall Command: "d:\Program Files\SoftEther VPN Client\vpnsetup.exe"
----------------------------------------------

Software Name: Sony Media Library Earth 9.3.01
Version: 9.3.01.03100
Publisher: Sony Corporation
Install Time: 2018/09/23
Size: 50.59 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F2DCAA9D-BEFB-4ABD-921F-B361E26AC51E}
Uninstall Command: C:\Program Files (x86)\InstallShield Installation Information\{F2DCAA9D-BEFB-4ABD-921F-B361E26AC51E}\IS_Setup.exe -l0x0411 /z"UNINSTALL"
----------------------------------------------

Software Name: Steam
Version: 2.10.91.91
Publisher: Valve Corporation
Install Time: 2018/09/18
Size: 20.90 GB
Help info: http://support.steampowered.com/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam
Uninstall Command: d:\Program Files (x86)\Steam\uninstall.exe
----------------------------------------------

Software Name: VLC media player
Version: 3.0.6
Publisher: VideoLAN
Install Time: 2018/09/15
Size: 186.68 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player
Uninstall Command: "d:\Program Files (x86)\VideoLAN\VLC\uninstall.exe"
----------------------------------------------

Software Name: x-アプリ 6.0.04
Version: 10.0.04
Publisher: Sony Corporation
Install Time: 2018/09/23
Size: 84.15 MB
Help info: -
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{3028C189-CF08-4759-98B8-0A6CA112B6F3}
Uninstall Command: "C:\Program Files (x86)\InstallShield Installation Information\{3028C189-CF08-4759-98B8-0A6CA112B6F3}\setup.exe" -l0x0411 -removeonly
----------------------------------------------

Software Name: カスタムオーダーメイド3D2
Version: -
Publisher: KISS
Install Time:
Size: 11.21 GB
Help info: http://kisskiss.tv/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\カスタムオーダーメイド3D2
Uninstall Command: D:\KISS\COM3D2\uninst.exe /luninst1
----------------------------------------------

Software Name: カスタムメイド3D2
Version: -
Publisher: KISS
Install Time:
Size: 7.49 GB
Help info: http://kisskiss.tv/
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\カスタムメイド3D2
Uninstall Command: D:\KISS\CM3D2\uninst.exe /luninst1
----------------------------------------------

====================================
Browser Plug-ins List
Application Version:8.6.0.8
Windows 10
Exported Time:07-28-2019 20:59:44
====================================

====================================
Browser: Internet Explorer
====================================

************************************
Toolbar
************************************

Name: Classic Explorer Bar
Version: 4. 3. 1. 0
Description: Adds classic Windows Explorer features
Publisher: Ivaylo Beltchev
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: Classic IE Settings
Version:
Description:
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: Classic Explorer Bar
Version: 4. 3. 1. 0
Description: Adds classic Windows Explorer features
Publisher: Ivaylo Beltchev
Path: TStringList
Architecture: 64-bit
----------------------------------------------

Name: Classic IE Settings
Version:
Description:
Publisher:
Path: TStringList
Architecture: 64-bit
----------------------------------------------

************************************
BHO
************************************

Name: ExplorerBHO Class
Version: 4. 3. 1. 0
Description: Adds classic Windows Explorer features
Publisher: Ivaylo Beltchev
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: ClassicIEBHO Class
Version: 4. 3. 1. 0
Description: Customizations for the title bar and status bar of IE
Publisher: Ivaylo Beltchev
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: ExplorerBHO Class
Version: 4. 3. 1. 0
Description: Adds classic Windows Explorer features
Publisher: Ivaylo Beltchev
Path: TStringList
Architecture: 64-bit
----------------------------------------------

Name: ClassicIEBHO Class
Version: 4. 3. 1. 0
Description: Customizations for the title bar and status bar of IE
Publisher: Ivaylo Beltchev
Path: TStringList
Architecture: 64-bit
----------------------------------------------

************************************
ActiveX
************************************

Name: VLC ActiveX Plugin and IE Web Plugin v2
Version: 3.0.3
Description: VLC media player (Activex Plugin)
Publisher: VideoLAN
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: XML HTTP Request
Version: 8.110.17134.706
Description: MSXML 3.0
Publisher: Microsoft Corporation
Path: TStringList
Architecture: 32-bit
----------------------------------------------

====================================
Browser: Google Chrome
====================================

************************************
Extensions
************************************

Name: スライド
Version: 0.10
Description: プレゼンテーションを作成、編集する
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: ドキュメント
Version: 0.10
Description: ドキュメントを作成、編集する
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: Google ドライブ
Version: 14.2
Description: Google ドライブ: あらゆるファイルの作成、共有、保存を 1 か所で行えます。
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: YouTube
Version: 4.2.8
Description:
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: アバスト セーフプライス | 比較、お得な情報、クーポン
Version: 18.8.1222
Description: オンライン ショッピングの際にアバストが開発した価格比較とクーポンの拡張機能を利用して最もお得な価格、プロモーションやクーポンを見つけることができます。
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: スプレッドシート
Version: 1.2
Description: スプレッドシートを作成、編集する
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: Google オフライン ドキュメント
Version: 1.7
Description: Google ドキュメントの一連のサービスを使って、オフラインでも作業を完了できます。
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: Avast Online Security
Version: 19.1.199
Description: Avast Browser Security and Web Reputation Plugin.
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

Name: Gmail
Version: 8.2
Description: 高速で検索機能に優れた、迷惑メールの少ないメール システムです。
Publisher:
Path: TStringList
Architecture: 32-bit
----------------------------------------------

====================================
Browser: Opera
====================================

====================================
Browser: Microsoft Edge
====================================



====================================
Metro Info
Application Version:8.6.0.8
Windows 10
Exported Time:07-28-2019 20:59:44
====================================

Software Name: Hidden City: アイテム探しアドベンチャー
Version: 1.28.2803.0
Publisher: G5 Entertainment AB
Install Time: 2019/05/03
Size: 321.87 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\828B5831.HiddenCityMysteryofShadows_ytsefhwckbdv6
Path: C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.28.2803.0_x86__ytsefhwckbdv6\
Uninstall Command: 828B5831.HiddenCityMysteryofShadows_1.28.2803.0_x86__ytsefhwckbdv6
----------------------------------------------

Software Name: マーチ オブ エンパイア - 領土戦争
Version: 4.0.1.1
Publisher: Gameloft.
Install Time: 2019/05/18
Size: 207.18 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\A278AB0D.MarchofEmpires_h6adky7gbf63m
Path: C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.0.1.1_x86__h6adky7gbf63m\
Uninstall Command: A278AB0D.MarchofEmpires_4.0.1.1_x86__h6adky7gbf63m
----------------------------------------------

Software Name: Dolby Access
Version: 2.4.520.0
Publisher: Dolby Laboratories
Install Time: 2019/03/12
Size: 30.94 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DolbyLaboratories.DolbyAccess_rz1tebttyb220
Path: C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220\
Uninstall Command: DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220
----------------------------------------------

Software Name: Candy Crush Saga
Version: 1.1501.2.0
Publisher: king.com
Install Time: 2019/05/08
Size: 244.55 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\king.com.CandyCrushSaga_kgqvnymyfvs32
Path: C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1501.2.0_x86__kgqvnymyfvs32\
Uninstall Command: king.com.CandyCrushSaga_1.1501.2.0_x86__kgqvnymyfvs32
----------------------------------------------

Software Name: Candy Crush Soda Saga
Version: 1.139.500.0
Publisher: king.com
Install Time: 2019/05/18
Size: 145.33 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\king.com.CandyCrushSodaSaga_kgqvnymyfvs32
Path: C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.139.500.0_x86__kgqvnymyfvs32\
Uninstall Command: king.com.CandyCrushSodaSaga_1.139.500.0_x86__kgqvnymyfvs32
----------------------------------------------

Software Name: Microsoft ニュース
Version: 4.30.10924.0
Publisher: Microsoft Corporation
Install Time: 2019/04/04
Size: 21.25 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: 天気
Version: 4.28.10351.0
Publisher: Microsoft Corporation
Install Time: 2019/02/14
Size: 20.49 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: アプリ インストーラー
Version: 1.0.30732.0
Publisher: Microsoft Corporation
Install Time: 2019/04/13
Size: 3.01 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30732.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.DesktopAppInstaller_1.0.30732.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Microsoft.DesktopAppInstaller
Version: 1.0.30732.0
Publisher: Microsoft Corporation
Install Time: 2019/04/13
Size: 3.01 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30732.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.DesktopAppInstaller_1.0.30732.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: 問い合わせ
Version: 10.1706.20381.0
Publisher: Microsoft Corporation
Install Time: 2019/04/20
Size: 8.16 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.GetHelp_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.20381.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.GetHelp_10.1706.20381.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: ヒント
Version: 6.15.12641.0
Publisher: Microsoft Corporation
Install Time: 2018/10/10
Size: 8.73 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Getstarted_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Getstarted_6.15.12641.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Getstarted_6.15.12641.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: HEVC Video Extensions from Device Manufacturer
Version: 1.0.13209.0
Publisher: Microsoft Corporation
Install Time: 2018/12/13
Size: 6.42 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.13209.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.HEVCVideoExtension_1.0.13209.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: 日本語 ローカル エクスペリエンス パック
Version: 17134.33.47.0
Publisher: Microsoft Corporation
Install Time: 2019/05/08
Size: 48.34 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.LanguageExperiencePackja-jp_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackja-jp_17134.33.47.0_neutral__8wekyb3d8bbwe\
Uninstall Command: Microsoft.LanguageExperiencePackja-jp_17134.33.47.0_neutral__8wekyb3d8bbwe
----------------------------------------------

Software Name: Microsoft.Messaging
Version: 4.1901.10241.0
Publisher: Microsoft Corporation
Install Time: 2019/02/20
Size: 20.68 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Messaging_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Messaging_4.1901.10241.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Messaging_4.1901.10241.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: 3D ビューアー
Version: 6.1903.4012.0
Publisher: Microsoft Corporation
Install Time: 2019/03/08
Size: 66.40 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1903.4012.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Microsoft3DViewer_6.1903.4012.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Office
Version: 18.1903.1152.0
Publisher: Microsoft Corporation
Install Time: 2019/03/22
Size: 31.75 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Microsoft Solitaire Collection
Version: 4.3.4032.0
Publisher: Microsoft Studios
Install Time: 2019/04/13
Size: 57.58 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe
----------------------------------------------

Software Name: Sticky Notes
Version: 3.6.71.0
Publisher: Microsoft Corporation
Install Time: 2019/05/14
Size: 36.35 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.71.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MicrosoftStickyNotes_3.6.71.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Minecraft
Version: 1.11.301.0
Publisher: Microsoft Studios
Install Time: 2019/05/18
Size: 220.53 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MinecraftUWP_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.301.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MinecraftUWP_1.11.301.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: MPEG-2 ビデオ拡張機能
Version: 1.0.12831.0
Publisher: Microsoft Corporation
Install Time: 2018/10/12
Size: 1.81 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MPEG2VideoExtension_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: ペイント 3D
Version: 5.1904.8017.0
Publisher: Microsoft Corporation
Install Time: 2019/04/13
Size: 58.28 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MSPaint_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.MSPaint_5.1904.8017.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.MSPaint_5.1904.8017.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: OneNote
Version: 16001.11629.20028.0
Publisher: Microsoft Corporation
Install Time: 2019/05/10
Size: 152.38 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Office.OneNote_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.11629.20028.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Office.OneNote_16001.11629.20028.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: モバイル通信プラン
Version: 5.1902.361.0
Publisher: Microsoft Corporation
Install Time: 2019/02/28
Size: 8.54 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.OneConnect_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1902.361.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.OneConnect_5.1902.361.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: People
Version: 10.1902.633.0
Publisher: Microsoft Corporation
Install Time: 2019/04/17
Size: 26.20 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.People_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Print 3D
Version: 3.3.791.0
Publisher: Microsoft Corporation
Install Time: 2019/04/25
Size: 17.03 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Print3D_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Print3D_3.3.791.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Print3D_3.3.791.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Skype
Version: 14.44.40.0
Publisher: Skype
Install Time: 2019/05/03
Size: 101.80 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.SkypeApp_kzf8qxf38zg5c
Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\
Uninstall Command: Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c
----------------------------------------------

Software Name: Microsoft Store エクスペリエンス ホスト
Version: 11811.1001.18.0
Publisher: Microsoft Corporation
Install Time: 2019/01/31
Size: 7.61 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.StorePurchaseApp_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Microsoft Pay
Version: 2.1.18009.0
Publisher: Microsoft Corporation
Install Time: 2018/04/13
Size: 4.65 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Wallet_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Wallet_2.1.18009.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Wallet_2.1.18009.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Web メディア拡張機能
Version: 1.0.13321.0
Publisher: Microsoft Corporation
Install Time: 2019/01/24
Size: 3.28 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WebMediaExtensions_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.13321.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WebMediaExtensions_1.0.13321.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Photos.DLC.Main
Version: 2017.39121.36610.0
Publisher: Microsoft Corporation
Install Time: 2019/04/11
Size: 226.96 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos.DLC.Main_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: フォト
Version: 2019.19031.17720.0
Publisher: Microsoft Corporation
Install Time: 2019/05/07
Size: 344.49 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: ビデオ エディター
Version: 2019.19031.17720.0
Publisher: Microsoft Corporation
Install Time: 2019/05/07
Size: 344.49 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: アラーム & クロック
Version: 10.1903.1006.0
Publisher: Microsoft Corporation
Install Time: 2019/05/03
Size: 7.43 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsAlarms_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1903.1006.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WindowsAlarms_10.1903.1006.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: 電卓
Version: 10.1903.21.0
Publisher: Microsoft Corporation
Install Time: 2019/05/03
Size: 4.73 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsCalculator_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1903.21.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WindowsCalculator_10.1903.21.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: カメラ
Version: 2019.425.30.0
Publisher: Microsoft Corporation
Install Time: 2019/05/15
Size: 48.57 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsCamera_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2019.425.30.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WindowsCamera_2019.425.30.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: カレンダー
Version: 16005.11425.20190.0
Publisher: Microsoft Corporation
Install Time: 2019/04/03
Size: 227.34 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowscommunicationsapps_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\
Uninstall Command: microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: メール
Version: 16005.11425.20190.0
Publisher: Microsoft Corporation
Install Time: 2019/04/03
Size: 227.34 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowscommunicationsapps_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\
Uninstall Command: microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: メール/カレンダー アカウント
Version: 16005.11425.20190.0
Publisher: Microsoft Corporation
Install Time: 2019/04/03
Size: 227.34 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowscommunicationsapps_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\
Uninstall Command: microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: フィードバック Hub
Version: 1.1811.10862.0
Publisher: Microsoft Corporation
Install Time: 2019/04/10
Size: 37.71 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1811.10862.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WindowsFeedbackHub_1.1811.10862.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: マップ
Version: 5.1902.843.0
Publisher: Microsoft Corporation
Install Time: 2019/04/10
Size: 22.22 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsMaps_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1902.843.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WindowsMaps_5.1902.843.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: ボイス レコーダー
Version: 10.1902.633.0
Publisher: Microsoft Corporation
Install Time: 2019/03/29
Size: 5.36 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1902.633.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.WindowsSoundRecorder_10.1902.633.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Xbox Live
Version: 1.24.10001.0
Publisher: Microsoft Corporation
Install Time: 2018/12/11
Size: 11.55 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Xbox.TCUI_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.24.10001.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.Xbox.TCUI_1.24.10001.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Xbox
Version: 48.53.3001.0
Publisher: Microsoft Corporation
Install Time: 2019/05/08
Size: 52.47 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxApp_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.XboxApp_48.53.3001.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.XboxApp_48.53.3001.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Xbox Game bar
Version: 1.41.14001.0
Publisher: Microsoft Corporation
Install Time: 2019/05/18
Size: 2.70 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxGameOverlay_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.14001.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.XboxGameOverlay_1.41.14001.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Xbox gaming overlay
Version: 1.16.1012.0
Publisher: Microsoft Corporation
Install Time: 2018/10/31
Size: 4.20 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Microsoft.XboxIdentityProvider
Version: 12.52.24002.0
Publisher: Microsoft Corporation
Install Time: 2019/05/03
Size: 8.55 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.52.24002.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.XboxIdentityProvider_12.52.24002.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Xbox Game Speech Window
Version: 1.21.13002.0
Publisher: Microsoft Corporation
Install Time: 2018/09/18
Size: 751.82 KB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: Groove ミュージック
Version: 10.19031.11411.0
Publisher: Microsoft Corporation
Install Time: 2019/04/04
Size: 48.02 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneMusic_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe
----------------------------------------------

Software Name: 映画 & テレビ
Version: 10.19031.11411.0
Publisher: Microsoft Corporation
Install Time: 2019/04/04
Size: 50.44 MB
Registry Key: HKEY_USERS\S-1-5-21-1820434542-3641797410-228512082-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.ZuneVideo_8wekyb3d8bbwe
Path: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\
Uninstall Command: Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe
----------------------------------------------


以上です。
それではお疲れのところ申し訳ありませんが、宜しくお願い致します。
  • green
  • 2019/07/28 (Sun) 21:09:08
今度はhostsを調べます
作業と報告、ご苦労様です。

IUのログを見せてもらいましたがここは大丈夫そうですね。

では次はhostsの確認しますか。
Windows正規のhostsファイル改ざんされていないかを調べます。
ここを改ざんされると意図しない別サイトに誘導されるなどセキュリティ上も危険になりますが、この攻撃手法も近年増加しています。

HJT起動して「Open the Misc Tools section」→「Open hosts file manager」と開くと次の画面でウインドウ内にhostsファイルの内容が表示されます。

そこで「open in notepad」を押すとhostsファイルがメモ帳で表示されます。

その内容を丸ごとコピーしてレスで見せてください。
  • 悪代官
  • 2019/07/29 (Mon) 08:24:38
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ご指定のログですが、これでよろしいでしょうか。


127.0.0.1 localhost
::1 localhost


以上です。
それでは宜しくお願い致します。
  • green
  • 2019/07/29 (Mon) 18:05:57
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ちょっと本題から逸れるのですがすみません、土曜か日曜にデバイスドライバのエラーが出ているのを発見、
それが DAEMON Tools Lite (多分)だったので使っていないからいいかと放置していたのを
昨日試しに起動させたところ新バージョンの告知が有ったので更新、その後デバイスドライバエラーが
無くなったのでよし、と思ったのですが。

もともとそれは Sim City 4 をディスクレス起動させるためだけに入れていたもので、しかも
Win10では旧版SC4は起動しないとか何とかという話を聞いたのでSteamで安売りしていたSC4を
購入して試そう、と思ったまま放置していたことを今日思い出しました。

つまりデーモンは入れておいても今後おそらく使わないと思われるので、更新せずに削除しておけばよかったと
いまさら思ったのですが、とりあえず削除しても良いでしょうか?
余計な話で申し訳ありません。
  • green
  • 2019/07/30 (Tue) 18:37:19
仮想ドライブは常に問題と危険抱えます
今夜もレスが遅くなってすみません。

hostsファイルのほうは現在改変はないようなのでそこはいいです。

DAEMON Toolsについてですが、これは先のMBAMスキャン時に見つかってましたね。
自分もすっかり見落としてましたが、これは自分としては使用は非推奨です。
市販のディスク版ゲームやメディアを仮想ドライブ化することでディスクがなくても使用可能にできる性質から、著作権保護に反する使い方するユーザーが昔から絶えないのが問題視されるからです。
一度仮想化してしまえばあとはディスクを転売しても継続使用できてしまいますね。

それ以上に厄介なのは、DAEMON Toolsの不正版がネット上のあちこちでDL可能なことです。
公式とは無縁の別サイトで配布されたDAEMON Toolsを入手して使ったところ、危険なマルウェアを仕込まれた改変版で、PCが深刻な感染受けてしまったという被害もあります。

製品名は挙げませんが他にも正しく使えば高性能で便利ながら不正な使い方も可能なアプリの改変版をそうとは知らずにDLしてしまった方もいます。
偽サイトは本来の正規サイトに極力似せてくるのが常套手段なので、サイトの画面や構成、そしてURLも似せたものを公開して被害者を誘います。

不正版のDAEMON Toolsが各社のセキュリティソフトで検出されることは珍しくないですが、検出されないからと言って不正版でないと断定もできません。
それだけ巧妙な改変もされます。

で、DAEMON Tools使用をご自身から伝えてくださったので自分も安全な対処を案内します。

一度PC初期化の上でDAEMON Toolsも以後は非使用、また仮想ドライブ化したディスクのうち現在もお持ちでない製品は完全破棄推奨です。
著作権上違法性を追求されないうえではどうしてもこの対処になります。

旧OSでリリースされたゲームディスクでも互換モードを使えばWindows10でも使えるという製品は多いですが、使えなければそれはシステム要件に対応した環境しかサポートされないわけなので下手に裏ワザ使ってプレイしてもバグや不具合の危険抱えることになりますね。
この手の裏技や回避手段等は自分も対処の案内はできませんのでご了承ください。

蛇足ながら、大昔(と言っても20年位前ですか)には感染させたPCの光学ドライブを開閉させて止まらなくするマルウェアもありました。
出所と作成者の狙いは不明ながら一説には不正コピーのゲームやメディアCD、DVDが氾濫したためそのユーザーを標的にしたとの推察もありました。
現在はその挙動のマルウェアは聞かなくなりましたが、どこかで生き残っていてもおかしくないことは注意しておくに越したことはありませんね
  • 悪代官
  • 2019/07/30 (Tue) 21:46:20
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ディスクレス起動できれば楽だ程度の考えで使用していたデーモンですが、そこまで危険なものだと思っていませんでした。
以後その考えを改めます。

なお仮想化したのはSC4だけで、結果仮想ドライブもそれ専用でした。バックアップは常に抱えていないと
不安な性分ですので、ソフト自体も依然手元に健在です。(DOS時代のソフトすらまだ持っています、ハードと共に。)

前記の通りデーモン自体も不要なので、これを機にアンインストールしておきます。
詳しいご説明、ありがとうございました。
  • green
  • 2019/07/30 (Tue) 22:48:01
Re: C:ドライブのルートに asc_rdflag というファイルが出現
PC初期化が終わりました。
以下に現時点でのHJT・CCのログを記します。


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:35:31, on 2019/08/03
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
D:\Program Files (x86)\IPMsg\ipmsg.exe
D:\Program Files (x86)\Mfa176\MFA.exe
D:\Program Files (x86)\NicoNamaAlert\NicoNamaAlert.exe
D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
D:\Program Files (x86)\tvclock111\TVClock.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
D:\Users\green\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: CyberLink Product - 2018/09/08 15:15:25 (CLKMSVC10_99E320F5) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.87\elevation_service.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICEsound Service (ICEsoundService) - Unknown owner - C:\WINDOWS\system32\ICEsoundService64.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 7397 bytes


Avast Free Antivirus AVAST Software 2019/08/03 19.6.2383
CyberLink Media Suite 10 CyberLink Corp. 2019/08/03 545 MB 10.0
Google Chrome Google LLC 2019/08/03 76.0.3809.87
Groove ミュージック Microsoft Corporation 2019/08/02 10.17112.19011.0
HEVC Video Extension Microsoft Corporation 2019/08/02 1.0.2512.0
Intel(R) Management Engine Components Intel Corporation 2018/09/08 1805.12.0.1097
Microsoft Jigsaw Microsoft Studios 2019/08/02 1.2.1410.2101
Microsoft Mahjong Microsoft Studios 2019/08/02 2.4.1408.2503
Microsoft Minesweeper Microsoft Studios 2019/08/02 2.4.1408.2503
Microsoft OneDrive Microsoft Corporation 2019/08/03 131 MB 19.103.0527.0003
Microsoft Pay Microsoft Corporation 2019/08/02 2.1.18009.0
Microsoft Remote Desktop Microsoft Corporation 2019/08/02 10.1.870.0
Microsoft Solitaire Collection Microsoft Studios 2019/08/02 4.0.1301.0
Microsoft Sticky Notes Microsoft Corporation 2019/08/02 2.0.13.0
Microsoft Store Microsoft Corporation 2019/08/02 11712.1001.23.0
Microsoft Sudoku Microsoft Studios 2019/08/02 1.4.1701.2602
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2018/09/08 4.84 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2018/09/08 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2018/09/08 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2019/08/03 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 2019/08/03 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 2019/08/03 17.1 MB 12.0.21005.1
Microsoft ニュース Microsoft Corporation 2019/08/02 4.31.11905.0
Mixed Reality ビューアー Microsoft Corporation 2019/08/02 2.1803.8022.0
MPEG2 Video Extension Microsoft Corporation 2019/08/02 1.0.6.0
My Office Microsoft Corporation 2019/08/02 17.8918.5926.0
NVIDIA HD オーディオ ドライバー 1.3.36.6 NVIDIA Corporation 2018/09/08 1.3.36.6
NVIDIA PhysX システム ソフトウェア 9.17.0524 NVIDIA Corporation 2018/09/08 9.17.0524
NVIDIA Update 31.1.10.0 NVIDIA Corporation 2018/09/08 31.1.10.0
NVIDIA グラフィックス ドライバー 391.35 NVIDIA Corporation 2018/09/08 391.35
OneNote Microsoft Corporation 2019/08/02 17.8827.20991.0
Opera Stable 62.0.3331.99 Opera Software 2019/08/03 62.0.3331.99
People Microsoft Corporation 2019/08/02 10.3.10452.0
Print 3D Microsoft Corporation 2019/08/02 2.0.3621.0
Realtek Ethernet Controller Driver Realtek 2018/09/08 4.39 MB 10.23.1003.2017
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2019/08/03 6.0.1.8549
Skype Skype 2019/08/02 12.13.274.0
Spotify Spotify AB 2019/08/02 1.112.449.0
Steam Valve Corporation 2019/08/03 2.10.91.91
Web Media Extensions Microsoft Corporation 2019/08/02 1.0.3102.0
Xbox Microsoft Corporation 2019/08/02 38.38.14002.0
Xbox Game bar Microsoft Corporation 2019/08/02 1.26.6001.0
Xbox Game Speech Window Microsoft Corporation 2019/08/02 1.17.29001.0
Xbox gaming overlay Microsoft Corporation 2019/08/02 1.15.1001.0
Xbox Identity Provider Microsoft Corporation 2019/08/02 12.36.15002.0
Xbox Live Microsoft Corporation 2019/08/02 1.11.28003.0
アプリ インストーラー Microsoft Corporation 2019/08/02 1.0.12271.0
アラーム & クロック Microsoft Corporation 2019/08/02 10.1712.10611.0
カメラ Microsoft Corporation 2019/08/02 2017.1117.80.0
ストア エクスペリエンス ホスト Microsoft Corporation 2019/08/02 11712.1801.10002.0
ヒント Microsoft Corporation 2019/08/02 6.9.10602.0
フィードバック Hub Microsoft Corporation 2019/08/02 1.1712.612.0
フォト Microsoft Corporation 2019/08/02 2018.18011.15918.0
ペイント 3D Microsoft Corporation 2019/08/02 3.1803.5027.0
ボイス レコーダー Microsoft Corporation 2019/08/02 10.1712.10611.0
マップ Microsoft Corporation 2019/08/02 5.1711.10401.0
メッセージング Microsoft Corporation 2019/08/02 3.38.22001.0
メール/カレンダー Microsoft Corporation 2019/08/02 17.8827.22055.0
モバイル通信プラン Microsoft Corporation 2019/08/02 4.1801.521.0
問い合わせ Microsoft Corporation 2019/08/02 10.1706.10441.0
天気 Microsoft Corporation 2019/08/02 4.22.3254.0
映画 & テレビ Microsoft Corporation 2019/08/02 10.17112.19011.0
翻訳 Microsoft Corporation 2019/08/02 4.1.2.0
電卓 Microsoft Corporation 2019/08/02 10.1712.10601.0


以上です。
週末を待っての作業のため、遅くなりました事をお詫びいたします。
  • green
  • 2019/08/03 (Sat) 06:54:05
CCで各タブのログもお願いします
こんばんは。
連日暑い日続く中での作業ご苦労様です。
現在のログを見せていただきました。

2つのログでは今のところおかしなところは見えないようですね。

続いてCCでスタートアップとブラウザプラグインの各タブのログも取り直してからそれも見せてください。
7月21日のレスで見せてもらったログの取り直しです。

最初の投稿時には入ってなかったニコ生アラートが見えてますが、これはご自身で入れた物ですね?
必要として入れたならいいですが、知らないうちに入っていたなら削除推奨です。

CCでの続きのログを見せてもらってそこでも異常なければヤマも越えられるでしょう
  • 悪代官
  • 2019/08/04 (Sun) 20:17:00
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ログのご確認、ありがとうございました。

>最初の投稿時には入ってなかったニコ生アラートが見えてますが、これはご自身で入れた物ですね?
はい、コミュニティの生放送開始告知のため自分で入れたものです。

以下、CCの各ログとなります。


有効 HKCU:Run CCleaner Smart Cleaning Piriform Ltd "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run Adobe Photo Downloader Adobe Systems Incorporated "D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
有効 HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run CLMLServer_For_P2G8 CyberLink "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
有効 HKLM:Run CLVirtualDrive CyberLink Corp. "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run MouseDriver Pixart Imaging Inc TiltWheelMouse.exe
有効 HKLM:Run Open-Shell Start Menu Open-Shell "C:\Program Files\Open-Shell\StartMenu.exe" -autorun
有効 HKLM:Run RtkAudUService Realtek Semiconductor "C:\WINDOWS\System32\RtkAudUService64.exe" -background
有効 HKLM:Run SecurityHealth Microsoft Corporation %windir%\system32\SecurityHealthSystray.exe
有効 Startup Common SoftEther VPN Client Manager Startup.lnk D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
有効 Startup User IPMSG for Win32.lnk D:\Program Files (x86)\IPMsg\ipmsg.exe
有効 Startup User MFA.lnk D:\Program Files (x86)\Mfa176\MFA.exe
有効 Startup User NicoNamaAlert.lnk D:\Program Files (x86)\NicoNamaAlert\NicoNamaAlert.exe
有効 Startup User PROXOMITRON.lnk D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
有効 Startup User TVClock.lnk D:\Program Files (x86)\tvclock111\TVClock.exe

有効 Task CCleanerSkipUAC Piriform Ltd "D:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
有効 Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
有効 Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
有効 Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
有効 Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
有効 Task OneDrive Standalone Update Task-S-1-5-21-1820434542-3641797410-228512082-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
有効 Task Opera scheduled Autoupdate 1564780050 Opera Software C:\Users\green\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
有効 Task PDVDServ12 Task CyberLink Corp. C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe

有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory ファイルの所有権
有効 Drive CLVDShellExt Cyberlink C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File 00asw AVAST Software C:\Program Files\AVAST Software\Avast\ashShell.dll
有効 File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShell.dll
有効 File CLVDShellExt Cyberlink C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll
有効 Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShell.dll
有効 Folder StartMenuExt Open-Shell C:\WINDOWS\system32\StartMenuHelper64.dll

有効 Extension Classic IE Settings Open-Shell C:\Program Files\Open-Shell\ClassicIE_32.exe
有効 Helper ClassicIEBHO Class Open-Shell C:\Program Files\Open-Shell\ClassicIEDLL_32.dll
有効 Helper ClassicIEBHO Class Open-Shell C:\Program Files\Open-Shell\ClassicIEDLL_64.dll
有効 Helper ExplorerBHO Class Open-Shell C:\Program Files\Open-Shell\ClassicExplorer32.dll
有効 Helper ExplorerBHO Class Open-Shell C:\Program Files\Open-Shell\ClassicExplorer64.dll
有効 Toolbar Classic Explorer Bar Open-Shell C:\Program Files\Open-Shell\ClassicExplorer32.dll
有効 Toolbar Classic Explorer Bar Open-Shell C:\Program Files\Open-Shell\ClassicExplorer64.dll

有効 App Gmail 8.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0
有効 App Google ドライブ 14.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0
有効 App YouTube 4.2.8 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Avast Online Security 19.2.289 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\19.2.289_0
有効 Extension Google オフライン ドキュメント 1.7 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1
有効 Extension スプレッドシート 1.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0
有効 Extension スライド 0.10 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0
有効 Extension ドキュメント 0.10 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0


以上です。

なお初期化以降、順次環境の立て直しを進めております。
環境変化のための追加のログ取得などの必要がありましたら、お手数ですがお知らせください。
それでは宜しくお願い致します。
  • green
  • 2019/08/04 (Sun) 22:10:30
動作の負荷を軽減しますか
こんばんは。
続きのCCログも見せてもらいました。
取り立てて怪しいところはなさそうですね。

CCでスケジュールタブのうち、下記は無効化しておくといいでしょう。
>有効 Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe

>有効 Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe

>有効 Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe

>有効 Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe

>有効 Task PDVDServ12 Task CyberLink Corp. C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe

これらは悪玉ではありませんが動いているとそれだけPC動作に負荷かかるエントリなので、必要ならそのままでもいいですがそうでなければ無効化でいいです。
無効化してもそれらのアプリは手動で起動すれば普通に使えます。

それとCCも常駐を無効化しておきましょう。
CC起動して「オプション」から「スマートクリーニング」タブを開いてください。
次の画面で「スマートクリーニング」欄にチェックが入っていればそこを外して無効化です。
チェックされてなければそのままで。

次に「ツール」からまたスケジュールタブの下記を無効化です。
>有効 Task CCleanerSkipUAC Piriform Ltd "D:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

CCはしばらく前のバージョンから常駐保護機能がデフォルトで入っているのですが、これが有効のままだと妙に負荷かかってPC動作重くすることも多いので、よほどPCスペックに余裕あってCC設定も把握して使いこなせる方以外は無効化しておくのが楽です。

ここまでできたら状態を様子見して、異常なくなっていればそのまま様子見を兼ねてPC環境の固め直しをどうぞ。

1週間ほどたって環境安定して異常もなくなっていればその時点で状態報告をください。
異常なければその時点で片付いたと思っていいはずですが、何か異常出たら1週間たたなくてもいいのでレスください。
  • 悪代官
  • 2019/08/05 (Mon) 20:53:46
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ログのご確認とご指導、ありがとうございます。

ご指示の通り各タスクの無効化をいたしました。
この状態で様子見をさせていただきます。

それでは後日、すぐにではなくちゃんと一週間ほど経った頃に
お返事できればと願っております。(フラグ?)
もうしばらくの間、宜しくお願い致します。
  • green
  • 2019/08/05 (Mon) 21:27:45
Re: C:ドライブのルートに asc_rdflag というファイルが出現
少し早いですが、状態報告です。

とりあえず通常通りの使用(ブラウジングとゲーム)をしていましたが、特に以上は見られません。
念の為に asc_rdflag が存在しないかも確認しましたが、私が見る範囲ではそれもありません。

こういった状態ですが、如何なものでしょうか。宜しくお願い致します。
  • green
  • 2019/08/10 (Sat) 19:47:00
最後の解析しますか
こんばんは。
その後は異常は出てないようですね。
問題のファイルも復活してないようですし、ヤマは越えたと見ていいでしょう。

念の為HJTログとインストール情報、それとCCでの各タブのログをまた取り直して、それらを見せてもらえますか。
様子見の間に新たなモノが入り込んでないかを確認します。
表面上では異常見えなくてもログを調べるとよくないモノが入っていることもあるので、念押しの意味で調べましょう
  • 悪代官
  • 2019/08/11 (Sun) 20:14:00
Re: C:ドライブのルートに asc_rdflag というファイルが出現
ご指定のログを取りましたので、以下に示します。


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:27:28, on 2019/08/11
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)


Boot mode: Normal

Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
D:\Program Files (x86)\IPMsg\ipmsg.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
D:\Program Files (x86)\Mfa176\MFA.exe
C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
D:\Program Files (x86)\NicoNamaAlert\NicoNamaAlert.exe
D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
D:\Program Files (x86)\tvclock111\TVClock.exe
D:\Users\green\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Open-Shell\ClassicExplorer32.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Open-Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [Google Japanese Input Prelauncher] "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIYJ.EXE /EPT "EPLTarget\P0000000000000000" /M "PX-105 Series"
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Open-Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Open-Shell\ClassicIE_32.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: CyberLink Product - 2018/09/08 15:15:25 (CLKMSVC10_99E320F5) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_6648c - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\elevation_service.exe
O23 - Service: Google Japanese Input Cache Service (GoogleIMEJaCacheService) - Google Inc. - C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICEsound Service (ICEsoundService) - Unknown owner - C:\WINDOWS\system32\ICEsoundService64.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: SonicStage Back-End Service2 - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeService2.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9966 bytes


3D ビューアー Microsoft Corporation 2019/08/03 5.1902.20012.0
Adobe Photoshop Elements 5.0 Adobe Systems Inc. 2019/08/03 5.0
Avast Free Antivirus AVAST Software 2019/08/03 19.6.2383
Cities: Skylines Colossal Order Ltd. 2019/08/04
CyberLink Media Suite 10 CyberLink Corp. 2019/08/03 545 MB 10.0
EPSON Scan Seiko Epson Corporation 2019/08/07
Epson Software Updater Seiko Epson Corporation 2019/08/08 8.73 MB 4.5.0
Google Chrome Google LLC 2019/08/08 76.0.3809.100
Google 日本語入力 Google Inc. 2019/08/03 80.6 MB 2.25.3700.0
Groove ミュージック Microsoft Corporation 2019/08/03 10.18111.17311.0
HEIF 画像拡張機能 Microsoft Corporation 2019/08/03 1.0.13472.0
HEVC Video Extension Microsoft Corporation 2019/08/02 1.0.2512.0
Intel(R) Management Engine Components Intel Corporation 2018/09/08 1805.12.0.1097
Live5ch 2019/08/03
Microsoft Jigsaw Microsoft Studios 2019/08/02 1.2.1410.2101
Microsoft Mahjong Microsoft Studios 2019/08/02 2.4.1408.2503
Microsoft Minesweeper Microsoft Studios 2019/08/02 2.4.1408.2503
Microsoft OneDrive Microsoft Corporation 2019/08/10 133 MB 19.123.0624.0005
Microsoft Pay Microsoft Corporation 2019/08/03 2.4.18324.0
Microsoft Remote Desktop Microsoft Corporation 2019/08/02 10.1.870.0
Microsoft Solitaire Collection Microsoft Studios 2019/08/03 4.2.11280.0
Microsoft Sticky Notes Microsoft Corporation 2019/08/03 3.1.53.0
Microsoft Store Microsoft Corporation 2019/08/03 11811.1001.18.0
Microsoft Store エクスペリエンス ホスト Microsoft Corporation 2019/08/03 11811.1001.18.0
Microsoft Sudoku Microsoft Studios 2019/08/02 1.4.1701.2602
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2018/09/08 4.84 MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 2018/09/08 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2018/09/08 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2019/08/03 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2019/08/03 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2019/08/03 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Corporation 2019/08/03 20.5 MB 12.0.21005.1
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Corporation 2019/08/03 17.1 MB 12.0.21005.1
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 Microsoft Corporation 2019/08/04 23.5 MB 14.0.24215.1
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 Microsoft Corporation 2019/08/04 19.5 MB 14.0.24215.1
Microsoft ニュース Microsoft Corporation 2019/08/02 4.31.11905.0
Mixed Reality ポータル Microsoft Corporation 2019/08/03 2000.19010.1151.0
MPEG2 Video Extension Microsoft Corporation 2019/08/02 1.0.6.0
NVIDIA PhysX システム ソフトウェア 9.17.0524 NVIDIA Corporation 2018/09/08 9.17.0524
NVIDIA Update 31.1.10.0 NVIDIA Corporation 2018/09/08 31.1.10.0
Office Microsoft Corporation 2019/08/03 18.1901.1141.0
OneNote Microsoft Corporation 2019/08/03 16001.11126.20076.0
Open-Shell The Open-Shell Team 2019/08/03 13.1 MB 4.4.131
Opera Stable 62.0.3331.116 Opera Software 2019/08/11 62.0.3331.116
Opera Stable 62.0.3331.116 Opera Software 2019/08/10 62.0.3331.116
People Microsoft Corporation 2019/08/03 10.1812.10232.0
Print 3D Microsoft Corporation 2019/08/03 3.3.311.0
Realtek Audio Console Realtek Semiconductor Corp 2019/08/03 1.2.159.0
Realtek Ethernet Controller Driver Realtek 2018/09/08 4.39 MB 10.23.1003.2017
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2019/08/03 6.0.1.8549
Sony Media Library Earth 9.3.01 Sony Corporation 2019/08/06 50.5 MB 9.3.01.03100
Steam Valve Corporation 2019/08/03 2.10.91.91
Update for Windows 10 for x64-based Systems (KB4023057) Microsoft Corporation 2019/08/03 1.42 MB 2.61.0.0
VP9 ビデオ拡張機能 Microsoft Corporation 2019/08/03 1.0.13333.0
Web メディア拡張機能 Microsoft Corporation 2019/08/03 1.0.13321.0
Webp 画像拡張機能 Microsoft Corporation 2019/08/03 1.0.12821.0
Windows 10 更新アシスタント Microsoft Corporation 2019/08/03 5.00 MB 1.4.9200.22807
x-アプリ 6.0.04 Sony Corporation 2019/08/06 93.0 MB 10.0.04
Xbox Microsoft Corporation 2019/08/03 48.48.7001.0
Xbox Game bar Microsoft Corporation 2019/08/03 1.32.17005.0
Xbox Game Speech Window Microsoft Corporation 2019/08/02 1.17.29001.0
Xbox Identity Provider Microsoft Corporation 2019/08/03 12.50.6001.0
Xbox Live Microsoft Corporation 2019/08/03 1.23.28002.0
アプリ インストーラー Microsoft Corporation 2019/08/03 1.0.30251.0
アラーム & クロック Microsoft Corporation 2019/08/03 10.1812.10043.0
カメラ Microsoft Corporation 2019/08/03 2018.826.78.0
ゲーム バー Microsoft Corporation 2019/08/03 2.26.14003.0
スマホ同期アプリ Microsoft Corporation 2019/08/03 0.0.13313.0
ヒント Microsoft Corporation 2019/08/03 7.3.20251.0
フィードバック Hub Microsoft Corporation 2019/08/03 1.1811.10571.0
フォト Microsoft Corporation 2019/08/03 2019.18114.19418.0
ペイント 3D Microsoft Corporation 2019/08/03 5.1902.13017.0
ボイス レコーダー Microsoft Corporation 2019/08/03 10.1812.10043.0
マップ Microsoft Corporation 2019/08/03 5.1812.10071.0
メッセージング Microsoft Corporation 2019/08/03 4.1901.10241.0
メール/カレンダー Microsoft Corporation 2019/08/03 16005.11029.20108.0
モバイル通信プラン Microsoft Corporation 2019/08/03 5.1902.361.0
切り取り & スケッチ Microsoft Corporation 2019/08/03 10.1811.3471.0
問い合わせ Microsoft Corporation 2019/08/03 10.1706.13331.0
天気 Microsoft Corporation 2019/08/03 4.25.20211.0
日本語 ローカル エクスペリエンス パック Microsoft Corporation 2019/08/02 17134.36.51.0
映画 & テレビ Microsoft Corporation 2019/08/03 10.18111.17311.0
翻訳 Microsoft Corporation 2019/08/02 4.1.2.0
電卓 Microsoft Corporation 2019/08/03 10.1812.10048.0


有効 HKCU:Run EPLTarget\P0000000000000000
有効 HKLM:Run Adobe Photo Downloader Adobe Systems Incorporated "D:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
有効 HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run CLMLServer_For_P2G8 CyberLink "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
有効 HKLM:Run CLVirtualDrive CyberLink Corp. "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
有効 HKLM:Run Google Japanese Input Prelauncher Google Inc. "C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
有効 HKLM:Run MouseDriver Pixart Imaging Inc TiltWheelMouse.exe
有効 HKLM:Run Open-Shell Start Menu Open-Shell "C:\Program Files\Open-Shell\StartMenu.exe" -autorun
有効 HKLM:Run RtkAudUService Realtek Semiconductor "C:\WINDOWS\System32\RtkAudUService64.exe" -background
有効 HKLM:Run SecurityHealth Microsoft Corporation %windir%\system32\SecurityHealthSystray.exe
有効 Startup Common SoftEther VPN Client Manager Startup.lnk D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
有効 Startup User IPMSG for Win32.lnk D:\Program Files (x86)\IPMsg\ipmsg.exe
有効 Startup User MFA.lnk D:\Program Files (x86)\Mfa176\MFA.exe
有効 Startup User NicoNamaAlert.lnk D:\Program Files (x86)\NicoNamaAlert\NicoNamaAlert.exe
有効 Startup User PROXOMITRON.lnk D:\Program Files (x86)\Proxomitron Naoko-4\PROXOMITRON.EXE
有効 Startup User TVClock.lnk D:\Program Files (x86)\tvclock111\TVClock.exe


無効 Task CCleanerSkipUAC Piriform Ltd "D:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task EPSON GT-X980 Update SEIKO EPSON CORPORATION C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe /EXE_S:"EPSON GT-X980","ES00FE.DAT" /F:"Update"
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
無効 Task NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
無効 Task NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
無効 Task NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
無効 Task NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
有効 Task OneDrive Standalone Update Task v2 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
有効 Task OneDrive Standalone Update Task-S-1-5-21-1820434542-3641797410-228512082-1001 Microsoft Corporation %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
有効 Task Opera scheduled Autoupdate 1502748092 Opera Software D:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
有効 Task Opera scheduled Autoupdate 1564780050 Opera Software C:\Users\green\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
無効 Task PDVDServ12 Task CyberLink Corp. C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe


有効 Directory PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory ファイルの所有権
有効 Drive CLVDShellExt Cyberlink C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll
有効 Drive PowerShell ウィンドウをここに開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File 00asw AVAST Software C:\Program Files\AVAST Software\Avast\ashShell.dll
有効 File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShell.dll
有効 File CLVDShellExt Cyberlink C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll
有効 Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShell.dll
有効 Folder StartMenuExt Open-Shell C:\WINDOWS\system32\StartMenuHelper64.dll


有効 Extension Classic IE Settings Open-Shell C:\Program Files\Open-Shell\ClassicIE_32.exe
有効 Helper ClassicIEBHO Class Open-Shell C:\Program Files\Open-Shell\ClassicIEDLL_32.dll
有効 Helper ClassicIEBHO Class Open-Shell C:\Program Files\Open-Shell\ClassicIEDLL_64.dll
有効 Helper ExplorerBHO Class Open-Shell C:\Program Files\Open-Shell\ClassicExplorer32.dll
有効 Helper ExplorerBHO Class Open-Shell C:\Program Files\Open-Shell\ClassicExplorer64.dll
有効 Toolbar Classic Explorer Bar Open-Shell C:\Program Files\Open-Shell\ClassicExplorer32.dll
有効 Toolbar Classic Explorer Bar Open-Shell C:\Program Files\Open-Shell\ClassicExplorer64.dll


有効 App Gmail 8.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0
有効 App Google ドライブ 14.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0
有効 App YouTube 4.2.8 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Avast Online Security 19.2.289 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\19.2.289_0
有効 Extension Google オフライン ドキュメント 1.7 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1
有効 Extension スプレッドシート 1.2 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0
有効 Extension スライド 0.10 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0
有効 Extension ドキュメント 0.10 ユーザー 1 C:\Users\green\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0


以上です。
それでは宜しくお願い致します。
  • green
  • 2019/08/11 (Sun) 21:42:56
なんとか片付きましたか
またレスが遅くなってすみません。
現在の各ログも見せてもらいました。

ログでもおかしなところはなさそうですね。
nvidiaもタスケで無効化してるようだし、動作も安定しているならそこもいいです。

では初期化成功で問題も片付いたということで「解決」でいいでしょう。
作業に使った各ツールは準備時の説明に沿って片付けていいです。

問題は片付いても以後の再被害を防ぐための自衛はここからが始まりです。

ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。

次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。

また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。

そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。

asc_rdflagの素性と出所がはっきりしなかったのはひっかかりますが、あれ以上時間かけて調べているとその間にも被害拡げかねないので安全策で初期化が無難でしょう。

感染してから慌てて解決を図るより、感染を防ぐ自衛を固めておくほうがはるかに簡単で効果も大です。
基本的な自衛をしておくだけで感染や攻撃の大半は防げます。
防げないのはユーザー自身が簡単な注意を見落としたり、信頼できないサイトやファイルを「このくらいなら大丈夫だろう」と甘く見て手を出した時がほとんどです。

最初からあれもこれも頭に詰めこまず、わかる範囲からひとつずつでも消化していくのが役立ちます。

慣れない作業を長期間頑張ってくれてお疲れ様でした。
以後は安全で快適なPCライフを
  • 悪代官
  • 2019/08/12 (Mon) 20:52:00
Re: C:ドライブのルートに asc_rdflag というファイルが出現
所要で外出しておりましたので返事が遅れました、申し訳ございません。

>では初期化成功で問題も片付いたということで「解決」でいいでしょう。
ありがとうございます。ようやく肩の荷が下りた感じですが、ご注意の通り今後も
今まで以上に注意を払って行きたく存じます。

ここまで長期に渡ってご指導・解析していただきまして本当に助かりました。
重ねて感謝致します。ありがとうございました。
  • green
  • 2019/08/14 (Wed) 23:57:21

返信フォーム






プレビュー (投稿前に内容を確認)