duba.comに侵され困っています
FireFoxを使っているのですがduba.comというマルウェアに感染され困っています。
よろしくお願いいたします。


HJT

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:17:37, on 2017/05/06
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)

FIREFOX: 53.0.2 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Unica\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft internet security 2017\kxetray.exe" -autorun
O4 - HKCU\..\Run: [background_fault] "C:\Users\Unica\AppData\Local\background_fault\aswRD.exe" "C:\Users\Unica\AppData\Local\background_fault\bf.dll",background_fault_collector
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: ソフトウェアルーター設定ツール.lnk = C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BWH32S - Buffalo Inc. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kingsoft Core Service (kxescore) - Kingsoft Corporation - c:\program files (x86)\kingsoft\kingsoft internet security 2017\kxescore.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 4657 bytes


















CC

AlphaGo AlphaGo 2017/05/05 7.97 MB 1.2.3
Ample Bass P Lite II version 2.3.1 Ample Sound Technology Co., Ltd. 2017/04/30 531 MB 2.3.1
Ample Guitar M Lite II version 2.3.1 Ample Sound Technology Co., Ltd. 2017/04/30 859 MB 2.3.1
Any Audio Converter 6.1.2 Anvsoft 2017/04/29 6.1.2
ARIA Engine v1.9.1.6 Plogue Art et Technologie, Inc 2017/04/30 13.5 MB v1.9.1.6
BUFFALO AirStation倍速設定ツール(アンインストール) 2017/04/29
BUFFALO クライアントマネージャV をアンインストール Buffalo Inc. 2017/04/29 13.2 MB 1.5.3
BUFFALO ソフトウェアルーター設定ツール 2017/04/29
CCleaner Piriform 2017/05/06 5.29
eLicenser Control Steinberg Media Technologies GmbH 2017/04/29 108 MB 6.8.4.2156
Google Chrome Google Inc. 2017/05/06 58.0.3029.96
Groove Agent SE Rock Pop Toolbox Drums Steinberg Media Technologies GmbH 2017/04/29 3.30 GB 1.0.0
KINGSOFT Internet Security 2017 KINGSOFT Internet Security 2017/04/29 2016.11.1.6
Malwarebytes バージョン 3.0.6.1469 Malwarebytes 2017/05/06 154 MB 3.0.6.1469
Microsoft .NET Framework 4.6.2 Microsoft Corporation 2017/04/29 4.6.01590
Microsoft Silverlight Microsoft Corporation 2017/04/29 22.6 MB 5.1.30514.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2017/04/29 428 KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2017/04/29 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2017/04/29 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2017/04/30 11.0 MB 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2017/04/29 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2017/04/29 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2017/04/30 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2017/04/30 17.1 MB 12.0.30501.0
Moo0 ボイス録音器 1.43 2017/04/29
Moo0 窓メニュー拡張器 1.20 2017/04/29
Mozilla Firefox 53.0.2 (x86 ja) Mozilla 2017/05/06 88.1 MB 53.0.2
Mozilla Maintenance Service Mozilla 2017/05/06 257 KB 53.0.2
Plogue sforzando v1.916 Plogue 2017/04/30 44.6 MB v1.916
SoundEngine Free Coderium 2017/04/29 5.2.0.8
Steinberg Content Updater Steinberg Media Technologies GmbH 2017/04/29 2.04 MB 3.1.0
Steinberg Cubase 8 64bit Steinberg Media Technologies GmbH 2017/04/29 529 MB 8.0.0
Steinberg Download Assistant Steinberg Media Technologies GmbH 2017/04/29 194 MB 1.5.4
Steinberg Drum Loop Expansion 01 Steinberg Media Technologies GmbH 2017/04/29 428 MB 2.0.0.0
Steinberg EDM Toolbox MIDI Loops Steinberg Media Technologies GmbH 2017/04/29 574 MB 1.1.0
Steinberg Generic Lower Latency ASIO Driver 64bit Steinberg Media Technologies GmbH 2017/04/29 558 KB 1.0.11
Steinberg Groove Agent ONE Allen Morgan Signature Drums Steinberg Media Technologies GmbH 2017/04/29 0.96 GB 1.0.0
Steinberg Groove Agent ONE Content Steinberg Media Technologies GmbH 2017/04/29 142 MB 1.0.0.003
Steinberg Groove Agent ONE Vintage Beatboxes Steinberg Media Technologies GmbH 2017/04/29 38.0 MB 1.0.0.000
Steinberg Groove Agent SE 64bit Steinberg Media Technologies GmbH 2017/04/29 90.0 MB 4.1.0
Steinberg Groove Agent SE Acoustic Agent Steinberg Media Technologies GmbH 2017/04/29 808 MB 1.0.0
Steinberg Groove Agent SE Content Steinberg Media Technologies GmbH 2017/04/29 185 MB 1.2.0
Steinberg HALion 6 Steinberg Media Technologies GmbH 2017/04/29 689 MB 6.0.0
Steinberg HALion Content Steinberg Media Technologies GmbH 2017/04/29 10.4 GB 4.6.3
Steinberg HALion Library Manager Steinberg Media Technologies GmbH 2017/04/29 11.6 MB 3.0.0
Steinberg HALion Sonic 2 Content Steinberg Media Technologies GmbH 2017/04/29 355 MB 2.0.0
Steinberg HALion Sonic 3 Steinberg Media Technologies GmbH 2017/04/29 645 MB 3.0.0
Steinberg HALion Sonic SE 64bit Steinberg Media Technologies GmbH 2017/04/29 66.4 MB 2.0.2
Steinberg HALion Sonic SE Content Steinberg Media Technologies GmbH 2017/04/29 3.15 GB 2.0.0
Steinberg LoopMash Content Steinberg Media Technologies GmbH 2017/04/29 617 MB 2.0.0.000
Steinberg LoopMash Content 2 Steinberg Media Technologies GmbH 2017/04/29 558 MB 1.0.0.000
Steinberg Midi Loop Library Steinberg Media Technologies GmbH 2017/04/29 361 MB 1.0.0
Steinberg Padshop 64bit Steinberg Media Technologies GmbH 2017/04/29 433 MB 1.1.0
Steinberg Retrologue 64bit Steinberg Media Technologies GmbH 2017/04/29 81.3 MB 1.1.0
Steinberg REVerence Content 01 Steinberg Media Technologies GmbH 2017/04/29 199 MB 2.0.1.000
Steinberg Upload Manager Steinberg Media Technologies GmbH 2017/04/29 8.53 MB 1.0.1
Steinberg VST Amp Rack Content 01 Steinberg Media Technologies GmbH 2017/04/29 9.18 MB 1.0.1
Steinberg VST Bass Amp Content Steinberg Media Technologies GmbH 2017/04/29 793 KB 1.0.0
VOCALOID API Runtime (32bit) Yamaha Corporation 2017/04/29 36.3 MB 3.00.0111
VOCALOID API Runtime (64bit) Yamaha Corporation 2017/04/29 36.2 MB 3.00.0111
VOCALOID Deactivation Tool Yamaha Corporation 2017/04/29 1.42 MB 4.2.0
VOCALOID3 Voice DB (MIKU_V3_Dark) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Original) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Soft) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Solid) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Sweet) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID4 Activator Yamaha Corporation 2017/04/29 1.78 MB 4.2.0
VOCALOID4 API (32-bit) Yamaha Corporation 2017/04/29 59.5 MB 4.01.0101
VOCALOID4 API (64-bit) Yamaha Corporation 2017/04/29 59.4 MB 4.01.0101
VOCALOID4 Editor for Cubase 64-bit Yamaha Corporation 2017/04/29 96.9 MB 4.0.0
VOCALOID4 Library KAGAMINE RIN LEN V4 English Crypton Future Media, Inc. 2017/04/29 4.0.0
VOCALOID4 Library KAGAMINE RIN LEN V4X Crypton Future Media, Inc. 2017/04/29 4.0.0
  • Unica
  • 2017/05/06 (Sat) 14:31:50
2つほど確認をお願いします
こんばんは。
見るからに悪党なIDの悪代官です。
でも正体は甘党です。その証拠に脳内がスイートです(謎

まずは説明とログを見せてもらいました。

>FireFoxを使っているのですがduba.comというマルウェアに感染され困っています

はい、メインブラウザにFFを設定してお使いですね。HJTログでもそれがわかります。

少し確認しますが、FF以外のChromeやIE等のブラウザではdubaは出ませんか?
FF限定なら対処は比較的楽化もしれません。

それともうひとつ、下記のセキュリティソフトですが
>KINGSOFT Internet Security 2017 KINGSOFT Internet Security 2017/04/29 2016.11.1.6

これはご自身で必要として入れたか、そしてこれを入れた時期と異常が出始めた時期が同じかどうかを教えてください。

上記2つのお返事を聞いてから、可能であれば応急処置だけでも案内しましょう
  • 悪代官
  • 2017/05/06 (Sat) 21:56:29
Re: duba.comに侵され困っています
お返事ありがとうございます!
FF限定です OSを再インストールしようかと思っていたところなので少しホッとしました笑

作曲用のPCを構築しようと、色んなソフトを入れていたところマルウェアに感染発覚
そして思い出したようにキングソフトを入れました
しかし時既にお寿司でしたorz
なので時期としては同じということになりますね
  • Unica
  • 2017/05/07 (Sun) 01:23:43
KIS以前のセキュリティソフトについても教えてもらえますか
こんばんは。
続きの説明を見せていただきました。

>作曲用のPCを構築しようと、色んなソフトを入れていたところマルウェアに感染発覚
>そして思い出したようにキングソフトを入れました
>しかし時既にお寿司でしたorz
>なので時期としては同じということになりますね

なるほど、入れたアプリのひとつは下記ですか?
>Any Audio Converter 6.1.2 Anvsoft 2017/04/29 6.1.2
>SoundEngine Free Coderium 2017/04/29 5.2.0.8

これは性能だけなら高性能と言われますが、それ以外の面ではいろいろとよくないサイト、外部者に悪用されることが多い物です。
どこのサイトからDLしたかわかりませんが、それを入れた際に厄介なモノを同梱で仕込まれた疑いが出てきました。

そして先に確認したKingsoftですが、これもセキュリティソフトではありますがPCに明るい有識者の間ではまず使用を勧める方は稀というほど要注意な製品です。
またKingはインストールするとdubaのエントリが食い込むこともわかっています。
つまり今回のdubaはKing絡みの可能性もありますが、これはまだ断定はできません。

それよりも重要なのは、KINGSOFT Internet Security(KIS)を入れる前にどんなセキュリティソフトをお使いだったかです。
もしKISを入れる前に何もセキュリティソフトを入れてなかったとか、期限切れのセキュリティソフトをそのまま使っていたなら既にどんな深刻な感染被害受けていてもおかしくないです。

このことも重要な鍵になるので、KIS導入前に使っていたセキュリティソフトの製品名とその使用期限切れの有無も教えてください。
最悪の場合安全優先でリカバリ(初期化)不可避の可能性もあります。

とりあえず可能な範囲で解析してみましょう。

まずCCleaner(CC)を起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。

次に「スケジュールされたタスク」タブと「コンテキストメニュー」タブのログも同じ要領で保存してください。

続いて今度はCC画面の左側にある「Browser Plugin」の項目から「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。

CCの各ログをとったらCCは終了してください。

保存したCCの各タブのログをまるごと返信に貼り付けてレスで見せてください。
それと前述のセキュリティソフトの説明もお願いします。
それらを見てからまた次の対応を案内します
  • 悪代官
  • 2017/05/07 (Sun) 18:32:32
Re: duba.comに侵され困っています
返信ありがとうございます!
恥ずかしながらキングソフトを入れる前は何も入れておらず、丸裸状態でした...
そんな状態でAny Audio ConverterやらSoundEngineやら入れてましたね...
あとMoo0というフリーソフトも個人的に疑い高いかもです。非常に便利なのですがw

キングソフトを入れたタイミングはおそらくある程度のフリーソフトを入れ終えた後だったと思います


↓ログです
IEは白紙でした
--------------------Windows--------------------

有効 HKCU:Run background_fault "C:\Users\Unica\AppData\Local\background_fault\aswRD.exe" "C:\Users\Unica\AppData\Local\background_fault\bf.dll",background_fault_collector
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run kxesc Kingsoft Corporation "c:\program files (x86)\kingsoft\kingsoft internet security 2017\kxetray.exe" -autorun
有効 HKLM:Run Malwarebytes TrayApp Malwarebytes C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
有効 Startup Common クライアントマネージャV.lnk Buffalo Inc. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup Common ソフトウェアルーター設定ツール.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe



--------------------スケジュールされたタスク--------------------

有効 Task BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} C:\Program Files (x86)\baidu\update\baidujp_update.exe -Update
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task Cizutain Monitor "C:\Program Files (x86)\Phelaied\ghugther.exe" 9fa643ab-4542-4001-b641-001e92808975
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Moo0 Window Menu Plus 1.20 Moo0 C:\Program Files (x86)\Moo0\WindowMenuPlus 1.20\WindowMenuPlus.exe -startup
有効 Task RunAsStdUser Task Moo0 C:\Program Files (x86)\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe



--------------------コンテキストメニュー--------------------

有効 Directory duba_32bit Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kavmenu.dll
有効 Directory duba_64bit Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kavmenu64.dll
有効 Directory kwansvc Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll
有効 Drive duba_32bit Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kavmenu.dll
有効 Drive duba_64bit Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kavmenu64.dll
有効 Drive kwansvc Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll
有効 File duba_32bit Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kavmenu.dll
有効 File duba_64bit Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kavmenu64.dll
有効 File HardLinkMenu Hermann Schinagl C:\Program Files\LinkShellExtension\HardlinkShellExt.dll
有効 File kwansvc Kingsoft Corporation c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder HardLinkMenu Hermann Schinagl C:\Program Files\LinkShellExtension\HardlinkShellExt.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll



--------------------Internet Explorer--------------------

(なし)



--------------------Firefox--------------------

有効 Extension Application Update Service Helper 2.0 default Firefox 53.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Multi-process staged rollout 1.14 default Firefox 53.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 53.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Shield Recipe Client 1.0.0 default Firefox 53.0.2 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\features\{d1444293-88df-4442-9cd2-1210b69ded1a}\shield-recipe-client@mozilla.org.xpi
有効 Extension Web Compat 1.0 default Firefox 53.0.2 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 53.0.2 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 53.0.2 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\gmp-gmpopenh264\1.6\gmpopenh264.dll





--------------------GooGle Chrome--------------------

有効 App Gmail 8.1 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google ドライブ 14.1 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
有効 App YouTube 4.2.5 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
有効 Extension Docs 0.0.0.6 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
有効 Extension Google オフライン ドキュメント 1.4 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0
  • Unica
  • 2017/05/08 (Mon) 08:11:43
最終的にはリカバリか自力解決の2択です
レスが遅くなってすみません。
続きの説明も見せていただきました。

>恥ずかしながらキングソフトを入れる前は何も入れておらず、丸裸状態でした...
>そんな状態でAny Audio ConverterやらSoundEngineやら入れてましたね...

案の定ですね。
正直に打ち明けてくれてありがとうございます。
おかげで安全優先の案内ができます。

>あとMoo0というフリーソフトも個人的に疑い高いかもです。非常に便利なのですがw

これは本来なら危険はないアプリですが、どうもそれを配布するサイトのうち怪しいところもあるようなので、危険な改変されていたら安全とは断定できません。

では応急処置だけしますか。

先の要領でCCを起動して「スケジュールされたタスク」タブ内の下記を「無効」にしたあと続けて「エントリの削除」してください。無効化できないときはそのまま削除でもいいです。
>有効 Task BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} C:\Program Files (x86)\baidu\update\baidujp_update.exe -Update

>有効 Task Cizutain Monitor "C:\Program Files (x86)\Phelaied\ghugther.exe" 9fa643ab-4542-4001-b641-001e92808975

次に「Windows」タブ内の下記も同様に処置です。
>有効 HKCU:Run background_fault "C:\Users\Unica\AppData\Local\background_fault\aswRD.exe" "C:\Users\Unica\AppData\Local\background_fault\bf.dll",background_fault_collector

ここまでできたら一度PC再起動後、ブラウザを起動してしばらく様子見後、異常が沈静化したかどうかを含めて状態報告をレスください。

なお、上記作業の前に必要なデータのバックアップは全部済ませておいてください。
最終的にはPCのリカバリしてもらうことになりますので。

現時点までのログで見えただけでもかなり深くまで食い込まれてます。
一時的に抑え込むことはできてもそれで「解決」できるほど甘い段階じゃありません。
安全優先のうえでも一度きれいにリカバリしてからPC環境を再構築し直してもらうことになります
  • 悪代官
  • 2017/05/08 (Mon) 20:59:12
Re: duba.comに侵され困っています
こちらこそ遅い返信すみません

HKCU:Run background_fault "C:\Users\Unica\AppData\Local\background_fault\aswRD.exe" "C:\Users\Unica\AppData\Local\background_fault\bf.dll",background_fault_collector
こいつはいつのまにか消えていたようなので他の二つを消して再起動しましたが結果は変わらず、dubaが表示されました

ついでにコンテキストメニューのキングソフト発行のdubaのプログラムがあったので無効にしましたが(消してはいません)それでも結果は変わりませんでしたorz

  • Unica
  • 2017/05/10 (Wed) 08:09:42
今度は2つのツールで作業です
作業と報告、ご苦労様です。

>HKCU:Run background_fault "C:\Users\Unica\AppData\Local\background_fault\aswRD.exe" "C:\Users\Unica\AppData\Local\background_fault\bf.dll",background_fault_collector
>こいつはいつのまにか消えていたようなので他の二つを消して再起動しましたが結果は変わらず、dubaが表示されました

はい、処置できたのはいいですが、現時点ではそれができてもまだ劇的に改善することはありません。
ひとつずつ外堀を埋めながら、悪玉の動きを封じつつ本丸へ迫って討ち取るまでは手間を覚悟で作業が必要です。

ただ、先に処置したエントリが意外とすんなり無効化できたのはいいでしょう。
処置逃れで更に暴れてくる悪玉プログラムも過去にかなり見てますので、処置がうまくいったように見えても騙されないように。

では引き続きの作業しますか。
最期はリカバリするにしてもそこに至るまでに相談者さん自身の目で異常に至った経緯と原因を直視してそれを可能な限り修正することで、以後の再被害を防ぐための自衛に大きく役立ちます。

以下のアプリを準備してください。
「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html

Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/

ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。

旧バージョンの説明サイト↓
http://www.japan-secure.com/entry/blog-entry-7.html

以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。
作業終了後はPCをセーフモード状態で、GUを使ってアンインストールすればいいですが、うまくできないときはセーフモード状態でスタートメニューのMBAM項目で「アンインストール」選択しても削除可能です。

注)インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。

準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。
アップデートできたらスキャンはせず、ここでMABMは終了してください。

次にPCをセーフモードで起動してください(やり方↓)
http://www.pc-master.jp/sousa/s-safemode.html
Win8の場合は以下を参考に。
http://freesoft.tvbok.com/win8/tips-and-tools/safemode.html

ただしここでは普通のセーフモードではなく、「セーフモードとネットワーク」を選んで起動してください。

その状態で起動したら、Windows標準機能のディスククリーンアップを使ってゴミファイルの掃除してください。

クリーンアップが済んだらセーフモードのまま、ACを起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。

処置完了したらそこでPCを通常モードで再起動してください。

再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。

続いて再度セーフモードにして、今度はMBAMでスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」してください。
対象ドライブはCを含めて全ドライブを選択してください。

スキャン対象は全ドライブを選択(チェック)してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。

またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。

このあとMBAMとACのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。
  • 悪代官
  • 2017/05/10 (Wed) 20:49:04
Re: duba.comに侵され困っています
元からインストールしていたMBAMをアンインストールし旧バージョンを入れたのですが、アップデートがエラーでできません
それとアプリ自体ところどころ文字化けしているようですがそれと関係があるのでしょうか??(LanguageはJapaneseを選択しています)
  • Unica
  • 2017/05/12 (Fri) 17:44:09
Re: duba.comに侵され困っています
すみませんスクショが貼れてなかったので書きます



エラーが発生しました。Malwarebytes Anti-Malware のサポートチ
ームにエラーの詳細を報告してください。(お手数ですが以下のエラ
ーメッセージとエラーコードも報告してください)

PROGRAM_ERROR_UPDATING (0,0,Host not found)
  • Unica
  • 2017/05/12 (Fri) 17:49:35
MBAMを英語表示にしたあと日本語に戻してください
>元からインストールしていたMBAMをアンインストールし旧バージョンを入れたのですが、アップデートがエラーでできません
>それとアプリ自体ところどころ文字化けしているようですがそれと関係があるのでしょうか??(LanguageはJapaneseを選択しています)

はい、では一度MBAMを英語表示にしたあと、再度日本語表示にしてみてください。
これで文字化けは解消するはずです。
MBAM起動して「setting」タブの「general setting」でLanguageをEnglishにしたあとに再度Japanese設定です。

それとアップデートですが、上記の表示確認後に一度PC再起動後、またMBAMを起動して更新を再試行してください。

これで更新もできれば続きの作業してもらえばいいですが、まだできないときはその旨教えてください
  • 悪代官
  • 2017/05/12 (Fri) 20:26:09
Re: duba.comに侵され困っています
文字化けは治ったのですが、やはりアップデートは何度試しても同じエラーが出てできません...(泣)申し訳ないです...
  • Unica
  • 2017/05/13 (Sat) 23:59:24
アップデート設定の確認を
おはようございます。
文字化けは解消したようなのでいいですが、

>やはりアップデートは何度試しても同じエラーが出てできません...

ではちょっと設定確認をお願いします。

MBAM起動して「設定」タブ画面で「プロキシサーバーを使用してアップデートをダウンロードする」にチェックが入ってないか見てください。(添付画像参照)
ここにチェック入ってればそこを外してからアップデートの再試行です。
これでアップデートできればいいですが、できないときはまた教えてください。

それと現在使っているセキュリティソフトでMBAMをブロックしていないかも確認してください。
そちらでMBAMのブロックしていればMBAMがネット接続できなくても当然になるので
  • 悪代官
  • 2017/05/14 (Sun) 08:11:30
Re: duba.comに侵され困っています
なんとかアプデできました。。。

ログはこんな感じですね
# AdwCleaner v6.045 - ログファイルの作成日 14/05/2017 作成時間 09:45:22
# Malwarebytesによる 28/03/2017 の更新日
# データベース : 2017-05-13.1 [ローカル]
# オペレーティングシステム : Windows 7 Ultimate Service Pack 1 (X64)
# ユーザー名 : Unica - UNICA-PC
# 実行場所 : C:\Users\Unica\Desktop\AdwCleaner.exe
# モード:スキャン
# サポート : https://www.malwarebytes.com/support



***** [ サービス ] *****

悪意あるサービスを検出しませんでした。


***** [ フォルダ ] *****

検出済みフォルダ: C:\Users\Public\Documents\Guid
検出済みフォルダ: C:\Users\Unica\AppData\Roaming\Firefox
検出済みフォルダ: C:\Users\Unica\AppData\Local\Firefox


***** [ ファイル ] *****

検出済みファイル: C:\Windows\SysNative\log\iSafeKrnlCall.log
検出済みファイル: C:\Users\Public\Documents\temp.dat
検出済みファイル: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****

悪意あるDLLsファイルを検出しませんでした。


***** [ WMI ] *****

悪意あるキーを検出しませんでした。


***** [ ショートカット ] *****

改ざん済みショートカットを検出しませんでした。


***** [ スケジュール済みタスク ] *****

悪意あるタスクを検出しませんでした。


***** [ レジストリ ] *****

検出済みキー: HKU\S-1-5-21-169672659-908977464-1841875494-1000\Software\VDI
検出済みキー: HKCU\Software\VDI
検出済みキー: HKLM\SOFTWARE\ScreenShot
検出済みキー: [x64] HKCU\Software\VDI
検出済みキー: [x64] HKLM\SOFTWARE\InterSect Alliance
検出済みキー: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
検出済みキー: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
検出済み値: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
検出済み値: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]


***** [ Webブラウザ ] *****

悪意あるFirefoxベースの要素を検出しませんでした。
悪意あるChromiumベースの要素を検出しませんでした。

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2328 バイト] - [14/05/2017 09:45:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2405 バイト] ##########







Malwarebytes Anti-Malware (試用) 1.75.0.1300
www.malwarebytes.org

定義バージョン: v2017.05.13.08

Windows 7 Service Pack 1 x64 NTFS (セーフモード/ネットワーク)
Internet Explorer 11.0.9600.18665
Unica :: UNICA-PC [管理者]

リアルタイム保護: 無効

2017/05/14 10:04:33
mbam-log-2017-05-14 (10-04-33).txt

スキャンタイプ: フルスキャン (C:\|D:\|E:\|F:\|)
有効なスキャン領域: メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン  | ヒューリスティック/Shuriken エンジンを使用してスキャン  | 不審なプログラム (PUP) | 不審な変更 (PUM)
無効なスキャン領域: ピア・ツー・ピアプログラム(P2P)
スキャンしたアイテム数: 370084
経過時間: 28 分, 3 秒

メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)

メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリキーの検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリ値の検出: 0
(悪意のあるアイテムは検出されていません。)

レジストリデータ項目の検出: 0
(悪意のあるアイテムは検出されていません。)

フォルダの検出: 0
(悪意のあるアイテムは検出されていません。)

ファイルの検出: 0
(悪意のあるアイテムは検出されていません。)

(終)


なんもひっかからなかったようなんですが、、、
やはりdubaは表れます
  • Unica
  • 2017/05/15 (Mon) 23:51:25
ACではいくつか見つかってますね
レスが遅くなってすみません。
さっきまで風呂入ってました(←うちの風呂には由美○おるはいません

>なんもひっかからなかったようなんですが、、、
>やはりdubaは表れます

はい、両ログも見せてもらいましたが、MBAMは検出なかったもののACではいくつか見つかってますね。
それもisafeやsearching.comといったうざいモノのレジストリです。
それらはAC上から隔離処置していればいいです。

処置後もまだ異常続いているようですね。これもある程度予想してましたが今回はいつもよりしぶといですね。
では引き続きの解析作業をお願いします。
次に解析がヤマになる可能性が高いですが、気負わなくていいですからマイペースで作業してください。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。
ただし、Windows10をお使いの場合は本体ファイルをそのまま削除すればいいです。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで1万文字以内に分割して、複数回に分けてレス送信してください。
1万文字を越えた投稿はfc2の文字数制限で途切れてしまうためです。
http://www1.odn.ne.jp/megukuma/count.htm

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
  • 悪代官
  • 2017/05/17 (Wed) 20:35:03
Re: duba.comに侵され困っています
横から済みません。
私も、FireFoxを使っているのですが[KINGSOFT Internet Security 2017]を入れた為に、スタートページが[duba.com]に変更されて悩まされました。
結局のところ、[KINGSOFT Internet Security 2017]をアンインストールしたら解消されました。
私の場合とは違うかもしれませんがご参考まで。
  • poteto
  • 2017/05/19 (Fri) 15:35:44
Kingもそこまであからさまになってましたか
potetoさん、こんばんは。
貴重な情報ありがとうございます。

>私も、FireFoxを使っているのですが[KINGSOFT Internet Security 2017]を入れた為に、スタートページが[duba.com]に変更されて悩まされました。
>結局のところ、[KINGSOFT Internet Security 2017]をアンインストールしたら解消されました。

なるほど、予想はしてましたが案の定と言うかKingが絡んでいましたか。
それにしてもそこまであからさまにKingがトリガーになってましたか。

いくら一応セキュリティソフトを名乗ってはいますがこれは検出保護力以外の面でとにかく悪評が多すぎるのが厄介です。

Unicaさん、今回の事態については可能ならKingをアンインストールしたうえで他社製のセキュリティソフトに入れ替えも検討しておいてください。
よければ他社製の有料のセキュリティソフトの体験版でもいいですから、それも入れ替えするなら入れ替え後にまたHJTログとインストール情報ログも取り直して、それらも状態報告とともにレスください
  • 悪代官
  • 2017/05/19 (Fri) 20:38:43
Re: duba.comに侵され困っています
了解です
ちなみにおすすめの無料セキュリティソフトはありますか?
----------------------------------------------------------
以下ログ

OTL logfile created on: 2017/05/20 0:01:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Unica\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18665)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.97 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.10% Memory free
7.93 Gb Paging File | 6.40 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362.93 Gb Total Space | 159.69 Gb Free Space | 44.00% Space Free | Partition Type: NTFS
Drive D: | 931.39 Gb Total Space | 864.22 Gb Free Space | 92.79% Space Free | Partition Type: NTFS
Drive F: | 29.97 Gb Total Space | 26.78 Gb Free Space | 89.38% Space Free | Partition Type: NTFS

Computer Name: UNICA-PC | User Name: Unica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2017/05/17 21:56:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Unica\Desktop\OTL.exe
PRC - [2017/04/29 17:15:24 | 001,771,888 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\kingsoft\kingsoft internet security 2017\kxetray.exe
PRC - [2017/04/29 16:54:55 | 002,258,624 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\kingsoft\kingsoft internet security 2017\kusbgd.exe
PRC - [2017/04/29 16:54:55 | 000,326,376 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\kingsoft\kingsoft internet security 2017\kxescore.exe
PRC - [2016/12/14 01:05:00 | 000,394,144 | ---- | M] (KORG Inc.) -- C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2015/07/14 15:14:24 | 000,212,952 | ---- | M] (Buffalo Inc.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
PRC - [2015/07/06 14:55:42 | 000,139,568 | ---- | M] (Buffalo Inc.) -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
PRC - [2013/10/20 04:40:20 | 001,679,360 | ---- | M] (Moo0) -- C:\Program Files (x86)\Moo0\WindowMenuPlus 1.20\WindowMenuPlus.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/07/01 09:39:26 | 003,629,128 | ---- | M] () -- C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/07/14 22:00:50 | 000,055,160 | ---- | M] () -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32SPS.dll
MOD - [2011/07/01 09:39:26 | 003,629,128 | ---- | M] () -- C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -- (InstallerService)
SRV:[b]64bit:[/b] - [2017/04/16 17:37:33 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2016/08/23 01:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2017/05/09 21:49:13 | 000,271,864 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/05/05 10:20:48 | 000,173,512 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/04/29 16:54:55 | 000,326,376 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft internet security 2017\kxescore.exe -- (kxescore)
SRV - [2016/07/14 14:43:42 | 000,107,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2015/07/06 14:55:42 | 000,139,568 | ---- | M] (Buffalo Inc.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2017/05/15 23:52:44 | 000,309,840 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl)
DRV:[b]64bit:[/b] - [2017/04/29 17:06:35 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (KAVBootC)
DRV:[b]64bit:[/b] - [2017/04/29 16:54:55 | 000,070,744 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ksapi64.sys -- (ksapi64)
DRV:[b]64bit:[/b] - [2016/12/14 01:15:00 | 000,034,184 | ---- | M] (KORG INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:[b]64bit:[/b] - [2015/06/12 02:15:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2015/03/12 17:22:16 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/12/15 04:22:09 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:[b]64bit:[/b] - [2011/06/20 19:54:28 | 001,590,784 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ucgnm2x.sys -- (ucgnm2x)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/20 11:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:[b]64bit:[/b] - [2009/06/11 05:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2017/04/29 17:16:25 | 000,018,296 | ---- | M] (Kingsoft Corporation) [Kernel | Disabled | Running] -- c:\Program Files (x86)\kingsoft\kingsoft internet security 2017\kusbquery64.sys -- (KUsbGuard)
DRV - [2017/04/29 17:10:44 | 000,190,792 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\kingsoft\kingsoft internet security 2017\security\kxescan\kdhacker64.sys -- (KDHacker)
DRV - [2017/04/29 16:54:56 | 000,109,880 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\kingsoft\kingsoft internet security 2017\security\ksnetm\kisnetm64.sys -- (kisnetm)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 62 FB 2A B2 C0 D2 01 [binary data]
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 46 3E 51 18 22 C6 D2 01 [binary data]
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE14
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.2
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2017/05/06 09:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Unica\AppData\Roaming\mozilla\Extensions
[2017/05/06 14:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Unica\AppData\Roaming\mozilla\Firefox\Profiles\znl8pikd.default\extensions
[2017/05/06 14:21:32 | 000,044,954 | ---- | M] () (No name found) -- C:\Users\Unica\AppData\Roaming\mozilla\firefox\profiles\znl8pikd.default\features\{d1444293-88df-4442-9cd2-1210b69ded1a}\shield-recipe-client@mozilla.org.xpi
[2017/05/06 13:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft internet security 2017\kxetray.exe (Kingsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-169672659-908977464-1841875494-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: synchronousmachinegrouppolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: synchronoususergrouppolicy = 0
O7 - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nolowdiskspacechecks = 1
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{701E5780-941C-4E51-BE0E-5399CBC546F0}: DhcpNameServer = 192.168.3.1
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {373CE130-2BBD-11E7-B925-64006A5CFC23} - C:\Users\Unica\AppData\Roaming\Arumuentdruwught\Zozentghvuse.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {63DF5C4B-E3BF-3346-A033-C57B22F44C9E} - .NET Framework
ActiveX:[b]64bit:[/b] {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {63DF5C4B-E3BF-3346-A033-C57B22F44C9E} - .NET Framework
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017/05/17 21:56:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Unica\Desktop\OTL.exe
[2017/05/12 15:26:07 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Malwarebytes
[2017/05/12 15:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2017/05/12 15:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/05/12 15:25:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/05/12 15:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2017/05/11 03:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KORG
[2017/05/11 03:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KORG
[2017/05/11 03:42:11 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Downloaded Installations
[2017/05/10 21:37:53 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2017/05/10 21:37:51 | 005,547,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017/05/10 21:37:51 | 002,065,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2017/05/10 21:37:49 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017/05/10 21:37:49 | 003,945,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017/05/10 21:37:49 | 002,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2017/05/10 21:37:49 | 001,483,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2017/05/10 21:37:49 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2017/05/10 21:37:49 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2017/05/10 21:37:48 | 002,057,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2017/05/10 21:37:48 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2017/05/10 21:37:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2017/05/10 21:37:47 | 000,806,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2017/05/10 21:37:47 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2017/05/10 21:37:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2017/05/10 21:37:47 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2017/05/10 21:37:46 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2017/05/10 21:37:46 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2017/05/10 21:37:46 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2017/05/10 21:37:46 | 000,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2017/05/10 21:37:46 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2017/05/10 21:37:45 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2017/05/10 21:37:45 | 000,706,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2017/05/10 21:37:45 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2017/05/10 21:37:45 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2017/05/10 21:37:45 | 000,377,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2017/05/10 21:37:45 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2017/05/10 21:37:45 | 000,287,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2017/05/10 21:37:45 | 000,265,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2017/05/10 21:37:45 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2017/05/10 21:37:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleres.dll
[2017/05/10 21:37:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleres.dll
[2017/05/10 21:37:44 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2017/05/10 21:37:44 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2017/05/10 21:37:44 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2017/05/10 21:37:44 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2017/05/10 21:37:44 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2017/05/10 21:37:44 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2017/05/10 21:37:44 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2017/05/10 21:37:44 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2017/05/10 21:37:44 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2017/05/10 21:37:44 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2017/05/10 21:37:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2017/05/10 21:37:44 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2017/05/10 21:37:44 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017/05/10 21:37:44 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2017/05/10 21:37:44 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2017/05/10 21:37:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\plasrv.exe
[2017/05/10 21:37:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comcat.dll
[2017/05/10 21:37:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comcat.dll
[2017/05/10 21:37:43 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2017/05/10 21:37:43 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2017/05/10 21:37:43 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2017/05/10 21:37:43 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2017/05/10 21:37:43 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2017/05/10 21:37:43 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2017/05/10 21:37:43 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2017/05/10 21:37:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2017/05/10 21:37:43 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2017/05/10 21:37:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2017/05/10 21:37:43 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2017/05/10 21:37:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2017/05/10 21:37:43 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2017/05/10 21:37:43 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2017/05/10 21:37:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2017/05/10 21:37:43 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2017/05/10 21:37:43 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2017/05/10 21:37:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2017/05/10 21:37:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2017/05/10 21:37:43 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2017/05/10 21:37:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2017/05/10 21:37:43 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2017/05/10 21:37:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2017/05/10 21:37:43 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2017/05/10 21:37:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2017/05/10 21:37:42 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2017/05/10 21:37:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2017/05/10 21:37:42 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2017/05/10 21:37:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2017/05/10 21:37:42 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2017/05/10 21:37:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2017/05/10 21:37:42 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2017/05/10 21:37:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2017/05/10 21:37:42 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2017/05/10 21:37:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2017/05/10 21:37:42 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2017/05/10 21:37:42 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2017/05/10 21:37:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2017/05/10 21:37:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2017/05/10 21:37:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2017/05/10 21:37:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2017/05/10 21:37:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2017/05/10 21:37:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2017/05/10 21:37:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017/05/10 21:37:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2017/05/10 21:37:42 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2017/05/10 21:37:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2017/05/10 21:37:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2017/05/10 21:37:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2017/05/10 21:37:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2017/05/10 21:37:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2017/05/10 21:37:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2017/05/10 21:37:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2017/05/10 21:37:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017/05/10 21:37:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017/05/10 21:37:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017/05/10 21:37:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2017/05/10 21:37:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017/05/10 21:37:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2017/05/10 21:37:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2017/05/10 21:37:41 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2017/05/10 21:37:41 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2017/05/10 21:37:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2017/05/10 21:37:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2017/05/10 21:37:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2017/05/10 21:37:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2017/05/10 21:37:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017/05/10 21:37:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2017/05/10 21:37:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017/05/10 21:37:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017/05/10 21:37:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017/05/10 21:37:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017/05/10 21:37:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017/05/10 21:37:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2017/05/10 21:37:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017/05/10 21:37:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017/05/10 21:37:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2017/05/10 21:37:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2017/05/10 21:30:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/05/09 19:57:42 | 000,000,000 | ---D | C] -- C:\Users\Unica\Desktop\完成した楽曲
[2017/05/09 00:20:45 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\soundengine.jp
[2017/05/08 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Security
[2017/05/08 20:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2017/05/08 20:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2017/05/08 20:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2017/05/08 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2017/05/08 19:53:37 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Macromedia
[2017/05/08 19:53:37 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Macromedia
[2017/05/08 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2017/05/08 19:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\TrueKey
[2017/05/08 19:52:44 | 000,803,320 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/05/08 19:52:44 | 000,144,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/05/08 19:52:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2017/05/08 19:52:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2017/05/08 19:51:49 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Adobe
[2017/05/07 12:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plogue
[2017/05/07 12:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST2
[2017/05/07 09:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Viena
[2017/05/07 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\VOCALOIDApi4
[2017/05/07 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\VOCALOIDApi
[2017/05/07 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\VOCALOID4 Editor for Cubase
[2017/05/07 09:27:01 | 000,000,000 | ---D | C] -- C:\Users\Unica\Desktop\効果音 未加工
[2017/05/07 09:26:43 | 000,000,000 | ---D | C] -- C:\Users\Unica\Desktop\効果音
[2017/05/07 09:08:20 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\kcleaner
[2017/05/07 08:30:54 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension
[2017/05/07 08:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link Shell Extension
[2017/05/07 08:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\LinkShellExtension
[2017/05/07 01:33:48 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALion 6
[2017/05/07 01:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Syncrosoft
[2017/05/06 17:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\kxescore
[2017/05/06 14:35:17 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Daichi
[2017/05/06 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\VOCALOID4 Editor for Cubase
[2017/05/06 14:34:21 | 000,000,000 | -H-D | C] -- C:\Users\Unica\AppData\Local\{ABBDEAEF-5AED-4c34-A22D-057A13C52D1E}
[2017/05/06 14:34:20 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\VOCALOID4 Editor for Cubase
[2017/05/06 14:33:35 | 000,000,000 | ---D | C] -- C:\Users\Unica\Documents\VST3 Presets
[2017/05/06 14:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/05/06 14:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2017/05/06 14:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2017/05/06 13:57:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Unica\Desktop\HijackThis.exe
[2017/05/06 13:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2017/05/06 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2017/05/06 13:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\kdesk
[2017/05/06 10:09:21 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Adobe
[2017/05/06 09:55:01 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2017/05/06 09:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2017/05/06 09:27:13 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Programs
[2017/05/06 09:16:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2017/05/05 02:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MIO
[2017/05/05 01:08:42 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Google
[2017/05/03 20:57:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2017/05/03 16:46:10 | 000,000,000 | ---D | C] -- C:\Windows\psgo
[2017/05/03 16:35:59 | 000,000,000 | ---D | C] -- C:\Insist
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2017/04/30 19:32:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2017/04/30 19:32:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2017/04/30 19:32:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2017/04/30 19:32:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2017/04/30 19:31:31 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2017/04/30 19:31:28 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2017/04/30 19:31:28 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2017/04/30 14:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ample Sound
[2017/04/30 14:03:15 | 000,000,000 | ---D | C] -- C:\Users\Unica\Documents\Ample Sound
[2017/04/30 14:03:04 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Ample Sound
[2017/04/30 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Avid
[2017/04/30 14:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ample Sound
[2017/04/30 13:42:18 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Plogue
[2017/04/30 13:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Plogue
[2017/04/30 13:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2017/04/30 13:36:56 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Plogue Art et Technologie, Inc
[2017/04/30 12:27:07 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2017/04/30 12:27:07 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2017/04/30 12:27:07 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2017/04/30 12:20:22 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2017/04/30 12:16:15 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2017/04/30 12:16:12 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2017/04/30 12:16:12 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2017/04/30 12:02:17 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2017/04/30 12:02:07 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2017/04/30 12:02:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2017/04/30 11:44:05 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2017/04/30 11:44:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2017/04/30 00:34:33 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2017/04/30 00:30:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2017/04/30 00:30:24 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2017/04/30 00:30:24 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2017/04/30 00:30:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2017/04/30 00:30:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2017/04/30 00:30:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2017/04/30 00:30:24 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2017/04/30 00:30:24 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2017/04/30 00:30:24 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2017/04/30 00:30:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2017/04/30 00:30:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2017/04/30 00:30:24 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2017/04/30 00:30:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2017/04/30 00:30:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2017/04/30 00:30:24 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2017/04/30 00:30:24 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2017/04/30 00:30:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2017/04/30 00:30:24 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2017/04/30 00:30:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2017/04/30 00:30:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2017/04/30 00:30:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2017/04/30 00:30:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2017/04/30 00:30:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2017/04/30 00:30:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2017/04/30 00:30:24 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2017/04/30 00:30:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2017/04/30 00:30:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2017/04/30 00:30:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2017/04/30 00:30:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2017/04/30 00:30:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2017/04/30 00:30:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2017/04/30 00:30:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2017/04/30 00:30:24 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2017/04/30 00:30:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2017/04/30 00:30:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2017/04/30 00:28:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2017/04/30 00:28:48 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2017/04/30 00:28:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2017/04/30 00:28:48 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2017/04/30 00:28:48 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2017/04/30 00:28:48 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2017/04/30 00:28:48 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2017/04/30 00:28:48 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2017/04/30 00:28:48 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2017/04/30 00:28:48 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2017/04/30 00:28:48 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/04/30 00:28:48 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/04/30 00:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/04/30 00:28:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/04/30 00:23:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2017/04/30 00:13:18 | 000,000,000 | ---D | C] -- C:\Users\Unica\Documents\Steinberg
[2017/04/29 22:38:29 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2017/04/29 22:38:29 | 000,646,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2017/04/29 22:38:29 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2017/04/29 22:38:29 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2017/04/29 22:38:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\centel.dll
[2017/04/29 22:38:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2017/04/29 22:38:29 | 000,084,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2017/04/29 22:38:28 | 001,609,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2017/04/29 22:38:28 | 001,285,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2017/04/29 22:38:28 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2017/04/29 22:36:50 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2017/04/29 22:36:50 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2017/04/29 22:36:50 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2017/04/29 22:36:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2017/04/29 22:36:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2017/04/29 22:36:50 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2017/04/29 18:06:57 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2017/04/29 18:06:57 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2017/04/29 17:25:23 | 001,634,816 | ---- | C] (TODO: <Company name>) -- C:\Users\Unica\AppData\Local\Zunstock.exe
[2017/04/29 17:24:48 | 000,018,296 | ---- | C] (Kingsoft Corp
  • Unica
  • 2017/05/20 (Sat) 00:28:50
Re: duba.comに侵され困っています
[2017/04/29 17:24:48 | 000,018,296 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery64.sys
[2017/04/29 17:24:47 | 000,014,200 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery.sys
[2017/04/29 17:24:25 | 000,190,792 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys
[2017/04/29 17:24:25 | 000,146,248 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys
[2017/04/29 17:24:23 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Profiles
[2017/04/29 17:24:22 | 000,036,560 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys
[2017/04/29 17:24:22 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys
[2017/04/29 17:24:18 | 000,052,824 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bootsafe64.sys
[2017/04/29 17:24:18 | 000,051,800 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bootsafe.sys
[2017/04/29 17:22:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tools
[2017/04/29 17:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundEngine Free
[2017/04/29 17:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundEngine Free
[2017/04/29 17:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2017/04/29 17:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2017/04/29 17:05:43 | 000,000,000 | ---D | C] -- C:\logs
[2017/04/29 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0
[2017/04/29 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moo0
[2017/04/29 16:55:31 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\kingsoft
[2017/04/29 16:55:25 | 000,309,840 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl_del.sys
[2017/04/29 16:55:25 | 000,309,840 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2017/04/29 16:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2017/04/29 16:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KINGSOFT Internet Security 2017
[2017/04/29 16:54:56 | 000,289,408 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys
[2017/04/29 16:54:56 | 000,114,488 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisnetmxp.sys
[2017/04/29 16:54:56 | 000,113,464 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisnetm.sys
[2017/04/29 16:54:56 | 000,109,880 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisnetm64.sys
[2017/04/29 16:54:56 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys
[2017/04/29 16:54:55 | 000,114,264 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys
[2017/04/29 16:54:55 | 000,070,744 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi64.sys
[2017/04/29 16:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kingsoft
[2017/04/29 16:52:59 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Anvsoft
[2017/04/29 16:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvsoft
[2017/04/29 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\eLicenser
[2017/04/29 16:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2017/04/29 16:42:11 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2017/04/29 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\SynthFont
[2017/04/29 16:11:33 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Mozilla
[2017/04/29 16:11:33 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Mozilla
[2017/04/29 15:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg
[2017/04/29 15:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg HALion Library Manager
[2017/04/29 15:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg HALion Sonic
[2017/04/29 15:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2017/04/29 11:20:41 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2017/04/29 11:20:41 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2017/04/29 11:20:41 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2017/04/29 11:20:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2017/04/29 11:15:58 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2017/04/29 11:15:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2017/04/29 11:11:36 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basesrv.dll
[2017/04/29 11:11:05 | 000,451,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2017/04/29 11:11:05 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2017/04/29 11:11:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tbs.dll
[2017/04/29 11:11:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tbs.dll
[2017/04/29 11:10:53 | 002,543,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2017/04/29 11:10:44 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2017/04/29 11:10:43 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2017/04/29 11:10:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2017/04/29 11:10:43 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2017/04/29 11:10:43 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2017/04/29 11:10:43 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2017/04/29 11:10:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2017/04/29 11:10:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2017/04/29 11:10:43 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2017/04/29 11:10:43 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2017/04/29 11:10:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2017/04/29 11:10:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2017/04/29 11:10:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2017/04/29 11:10:43 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2017/04/29 11:09:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2017/04/29 11:09:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2017/04/29 11:09:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2017/04/29 11:09:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2017/04/29 11:09:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2017/04/29 11:09:39 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cewmdm.dll
[2017/04/29 11:09:39 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cewmdm.dll
[2017/04/29 11:09:38 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2017/04/29 11:09:28 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2017/04/29 11:09:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll
[2017/04/29 11:09:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll
[2017/04/29 11:09:14 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2017/04/29 11:09:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2017/04/29 11:08:56 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2017/04/29 11:08:56 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2017/04/29 11:08:54 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2017/04/29 11:08:54 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2017/04/29 11:08:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2017/04/29 11:08:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2017/04/29 11:08:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2017/04/29 11:08:54 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2017/04/29 11:08:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2017/04/29 11:08:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2017/04/29 11:08:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2017/04/29 11:08:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2017/04/29 11:08:37 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2017/04/29 11:08:37 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2017/04/29 11:08:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2017/04/29 11:08:28 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2017/04/29 11:08:28 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2017/04/29 11:08:28 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2017/04/29 11:08:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2017/04/29 11:07:45 | 003,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2017/04/29 11:07:45 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2017/04/29 11:07:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2017/04/29 11:07:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2017/04/29 11:07:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2017/04/29 11:07:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2017/04/29 11:07:13 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe
[2017/04/29 11:07:13 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2017/04/29 11:07:13 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2017/04/29 11:07:13 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2017/04/29 11:07:12 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2017/04/29 11:07:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe
[2017/04/29 11:07:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2017/04/29 11:07:12 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe
[2017/04/29 11:07:12 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2017/04/29 11:07:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe
[2017/04/29 11:07:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe
[2017/04/29 11:06:42 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2017/04/29 11:06:26 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2017/04/29 11:06:26 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2017/04/29 11:06:26 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2017/04/29 11:06:26 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2017/04/29 11:06:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.exe
[2017/04/29 11:06:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.exe
[2017/04/29 11:06:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnpinst.exe
[2017/04/29 11:06:26 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetppui.dll
[2017/04/29 11:06:25 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2017/04/29 11:06:25 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2017/04/29 11:06:24 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2017/04/29 11:06:24 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2017/04/29 11:06:24 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2017/04/29 11:06:24 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2017/04/29 11:06:24 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2017/04/29 11:06:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2017/04/29 11:06:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2017/04/29 11:06:24 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2017/04/29 11:06:24 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2017/04/29 11:06:24 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2017/04/29 11:06:24 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2017/04/29 11:05:35 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2017/04/29 11:05:35 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2017/04/29 11:05:34 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2017/04/29 11:05:33 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2017/04/29 11:05:33 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2017/04/29 11:05:33 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2017/04/29 11:05:33 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2017/04/29 11:05:32 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2017/04/29 11:05:32 | 003,165,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2017/04/29 11:05:32 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2017/04/29 11:05:32 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2017/04/29 11:05:32 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2017/04/29 11:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2017/04/29 11:05:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2017/04/29 11:05:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll
[2017/04/29 11:05:32 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2017/04/29 11:05:31 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2017/04/29 11:05:31 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2017/04/29 11:05:31 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2017/04/29 11:05:31 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2017/04/29 11:05:31 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2017/04/29 11:05:31 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2017/04/29 11:05:31 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2017/04/29 11:05:31 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2017/04/29 11:05:31 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2017/04/29 11:05:31 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2017/04/29 11:05:31 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2017/04/29 11:05:31 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2017/04/29 11:05:31 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2017/04/29 11:05:31 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2017/04/29 11:05:31 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2017/04/29 11:05:31 | 000,011,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2017/04/29 11:05:30 | 003,209,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2017/04/29 11:05:30 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2017/04/29 11:05:30 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2017/04/29 11:05:30 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2017/04/29 11:05:30 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2017/04/29 11:05:30 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2017/04/29 11:05:30 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2017/04/29 11:05:30 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2017/04/29 11:05:30 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2017/04/29 11:05:30 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2017/04/29 11:05:30 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2017/04/29 11:05:30 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2017/04/29 11:05:30 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2017/04/29 11:05:29 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2017/04/29 11:05:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2017/04/29 11:05:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2017/04/29 11:05:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2017/04/29 11:05:28 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2017/04/29 11:05:28 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2017/04/29 11:05:26 | 003,244,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2017/04/29 11:05:26 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2017/04/29 11:05:24 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2017/04/29 11:05:23 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2017/04/29 11:05:21 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2017/04/29 11:05:20 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2017/04/29 11:05:19 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2017/04/29 11:05:19 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2017/04/29 11:05:19 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2017/04/29 11:05:18 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2017/04/29 11:05:18 | 000,733,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2017/04/29 11:05:17 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2017/04/29 11:05:17 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2017/04/29 11:05:17 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2017/04/29 11:05:16 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2017/04/29 11:05:16 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2017/04/29 11:05:16 | 000,632,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2017/04/29 11:05:16 | 000,382,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2017/04/29 11:05:15 | 000,803,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2017/04/29 11:05:15 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2017/04/29 11:05:14 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2017/04/29 11:05:14 | 000,633,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2017/04/29 11:05:14 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2017/04/29 11:05:14 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2017/04/29 11:05:14 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2017/04/29 11:05:14 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2017/04/29 11:05:14 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2017/04/29 11:05:13 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2017/04/29 11:05:12 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2017/04/29 11:05:12 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2017/04/29 11:05:11 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2017/04/29 11:05:10 | 000,546,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2017/04/29 11:05:10 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2017/04/29 11:05:10 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2017/04/29 11:05:10 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2017/04/29 11:05:09 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2017/04/29 11:05:08 | 001,574,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2017/04/29 11:05:08 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2017/04/29 11:05:08 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2017/04/29 11:05:08 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2017/04/29 11:05:08 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2017/04/29 11:05:08 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2017/04/29 11:05:08 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2017/04/29 11:05:07 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2017/04/29 11:05:07 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2017/04/29 11:05:07 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2017/04/29 11:05:06 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2017/04/29 11:05:06 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2017/04/29 11:05:06 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2017/04/29 11:05:06 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2017/04/29 11:05:05 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2017/04/29 11:05:05 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2017/04/29 11:05:05 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2017/04/29 11:05:05 | 000,114,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2017/04/29 11:05:04 | 012,574,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2017/04/29 11:05:04 | 012,574,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2017/04/29 11:05:03 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2017/04/29 11:05:02 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2017/04/29 11:05:02 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tintlgnt.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quick.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qintlgnt.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\phon.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cintlgnt.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chajei.ime
[2017/04/29 11:05:02 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pintlgnt.ime
[2017/04/29 11:05:02 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2017/04/29 11:05:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2017/04/29 11:05:01 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2017/04/29 11:05:01 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2017/04/29 11:05:01 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2017/04/29 11:05:01 | 000,249,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2017/04/29 11:05:01 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsmsext.dll
[2017/04/29 11:05:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2017/04/29 11:05:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsmsext.dll
[2017/04/29 11:05:00 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icm32.dll
[2017/04/29 11:05:00 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2017/04/29 11:04:59 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2017/04/29 11:04:59 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2017/04/29 11:04:59 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2017/04/29 11:04:59 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2017/04/29 11:04:58 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hlink.dll
[2017/04/29 11:04:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2017/04/29 11:04:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2017/04/29 11:04:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2017/04/29 11:04:57 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmjpegdec.dll
[2017/04/29 11:04:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmjpegdec.dll
[2017/04/29 11:04:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2017/04/29 11:04:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2017/04/29 11:04:56 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2017/04/29 11:04:56 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2017/04/29 11:04:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2017/04/29 11:04:56 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2017/04/29 11:04:56 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2017/04/29 11:04:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2017/04/29 11:04:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2017/04/29 11:04:55 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2017/04/29 11:04:55 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2017/04/29 11:04:55 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2017/04/29 11:04:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2017/04/29 11:04:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2017/04/29 11:04:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2017/04/29 11:04:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2017/04/29 11:04:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2017/04/29 11:04:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2017/04/29 11:04:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe
[2017/04/29 11:04:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2017/04/29 11:04:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2017/04/29 11:04:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2017/04/29 11:04:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2017/04/29 11:04:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2017/04/29 11:04:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2017/04/29 11:04:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2017/04/29 11:04:53 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\INETRES.dll
[2017/04/29 11:04:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2017/04/29 11:04:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2017/04/29 11:04:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2017/04/29 11:04:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2017/04/29 11:04:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2017/04/29 11:04:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2017/04/29 11:04:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2017/04/29 11:04:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2017/04/29 11:04:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2017/04/29 11:04:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2017/04/29 11:04:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2017/04/29 11:03:44 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2017/04/29 11:03:43 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2017/04/29 11:02:22 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2017/04/29 11:02:22 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2017/04/29 11:02:22 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2017/04/29 11:02:22 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2017/04/29 11:02:22 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2017/04/29 11:02:22 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2017/04/29 11:01:23 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2017/04/29 11:01:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2017/04/29 11:01:21 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2017/04/29 11:01:20 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2017/04/29 11:01:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmapi.dll
[2017/04/29 11:01:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2017/04/29 10:59:21 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2017/04/29 10:59:21 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2017/04/29 10:59:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2017/04/29 10:57:59 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2017/04/29 10:57:59 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2017/04/29 10:57:50 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2017/04/29 10:57:50 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2017/04/29 10:57:47 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2017/04/29 10:55:20 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2017/04/29 10:55:20 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2017/04/29 10:55:20 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2017/04/29 10:55:20 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2017/04/29 10:55:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2017/04/29 10:55:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2017/04/29 10:55:12 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2017/04/29 10:54:53 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2017/04/29 10:54:52 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2017/04/29 10:54:52 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2017/04/29 10:54:52 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2017/04/29 10:54:52 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2017/04/29 10:54:52 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2017/04/29 10:54:52 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2017/04/29 10:54:52 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2017/04/29 10:54:52 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2017/04/29 10:54:52 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2017/04/29 10:54:52 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2017/04/29 10:54:52 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2017/04/29 10:54:52 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2017/04/29 10:54:51 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2017/04/29 10:54:51 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2017/04/29 10:54:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2017/04/29 10:54:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2017/04/29 10:54:32 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2017/04/29 10:54:32 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2017/04/29 10:54:27 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2017/04/29 10:54:21 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2017/04/29 10:54:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2017/04/29 10:53:14 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2017/04/29 10:53:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2017/04/29 10:53:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2017/04/29 10:53:13 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2017/04/29 10:53:13 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2017/04/29 10:53:12 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2017/04/29 10:53:12 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2017/04/29 10:53:10 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2017/04/29 10:53:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2017/04/29 10:53:02 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2017/04/29 10:53:01 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2017/04/29 10:53:01 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2017/04/29 10:53:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2017/04/29 10:53:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2017/04/29 10:52:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2017/04/29 10:52:43 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2017/04/29 10:52:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2017/04/29 10:52:39 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2017/04/29 10:52:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2017/04/29 10:52:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2017/04/29 10:52:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2017/04/29 10:51:19 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2017/04/29 10:51:19 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2017/04/29 10:50:57 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2017/04/29 10:50:57 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2017/04/29 10:50:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2017/04/29 10:50:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2017/04/29 10:50:54 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2017/04/29 10:50:29 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2017/04/29 10:50:29 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2017/04/29 10:48:14 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2017/04/29 10:48:13 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2017/04/29 10:48:13 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2017/04/29 10:48:13 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2017/04/29 10:48:10 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2017/04/29 10:48:10 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2017/04/29 10:47:52 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2017/04/29 10:47:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2017/04/29 10:47:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2017/04/29 10:47:29 | 001,112,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2017/04/29 10:47:28 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2017/04/29 10:47:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2017/04/29 10:46:33 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2017/04/29 10:46:06 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2017/04/29 10:46:06 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2017/04/29 10:46:06 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2017/04/29 10:46:06 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2017/04/29 10:46:06 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2017/04/29 10:46:06 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2017/04/29 10:46:06 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2017/04/29 10:46:06 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2017/04/29 10:46:06 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2017/04/29 10:46:06 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2017/04/29 10:46:06 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2017/04/29 10:46:06 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2017/04/29 10:46:06 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2017/04/29 10:46:06 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2017/04/29 10:46:06 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2017/04/29 10:46:06 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2017/04/29 10:46:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2017/04/29 10:46:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2017/04/29 10:46:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2017/04/29 10:46:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2017/04/29 10:46:06 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2017/04/29 10:46:06 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2017/04/29 10:46:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2017/04/29 10:46:05 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2017/04/29 10:46:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2017/04/29 10:46:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2017/04/29 10:46:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2017/04/29 10:46:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2017/04/29 10:46:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2017/04/29 10:46:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2017/04/29 10:46:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2017/04/29 10:46:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2017/04/29 10:45:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2017/04/29 10:45:37 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2017/04/29 10:45:37 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2017/04/29 10:45:37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2017/04/29 10:45:21 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2017/04/29 10:45:21 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2017/04/29 10:43:21 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2017/04/29 10:43:20 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2017/04/29 10:43:20 | 001,307,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2017/04/29 10:43:20 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2017/04/29 10:43:20 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2017/04/29 10:43:20 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2017/04/29 10:43:19 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2017/04/29 10:43:18 | 001,153,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2017/04/29 10:43:18 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2017/04/29 10:43:18 | 000,829,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2017/04/29 10:43:18 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2017/04/29 10:43:18 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2017/04/29 10:43:18 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2017/04/29 10:43:17 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2017/04/29 10:43:17 | 000,815,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2017/04/29 10:43:16 | 001,955,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2017/04/29 10:43:16 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2017/04/29 10:43:14 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2017/04/29 10:43:14 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2017/04/29 10:43:13 | 000,740,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2017/04/29 10:43:12 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2017/04/29 10:43:12 | 001,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2017/04/29 10:43:12 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2017/04/29 10:43:11 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2017/04/29 10:43:11 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2017/04/29 10:43:11 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2017/04/29 10:43:11 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2017/04/29 10:43:10 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2017/04/29 10:43:10 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2017/04/29 10:43:10 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2017/04/29 10:43:10 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2017/04/29 10:43:10 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2017/04/29 10:43:10 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2017/04/29 10:43:10 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2017/04/29 10:43:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2017/04/29 10:43:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2017/04/29 10:43:10 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2017/04/29 10:43:09 | 001,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2017/04/29 10:43:09 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2017/04/29 10:43:09 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2017/04/29 10:43:09 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2017/04/29 10:43:09 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2017/04/29 10:43:09 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2017/04/29 10:43:08 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2017/04/29 10:43:08 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2017/04/29 10:43:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2017/04/29 10:43:08 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2017/04/29 10:43:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2017/04/29 10:43:08 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2017/04/29 10:43:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2017/04/29 10:43:08 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2017/04/29 10:43:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2017/04/29 10:43:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksuser.dll
[2017/04/29 10:43:00 | 000,069,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2017/04/29 10:42:27 | 003,229,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2017/04/29 10:42:27 | 001,867,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2017/04/29 10:42:26 | 002,972,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2017/04/29 10:42:26 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2017/04/29 10:42:21 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2017/04/29 10:42:21 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2017/04/29 10:42:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2017/04/29 10:42:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2017/04/29 10:42:16 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2017/04/29 10:42:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2017/04/29 10:42:13 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2017/04/29 10:42:12 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2017/04/29 10:42:12 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2017/04/29 10:42:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2017/04/29 10:41:48 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2017/04/29 10:41:48 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2017/04/29 10:41:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2017/04/29 10:41:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2017/04/29 10:41:42 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2017/04/29 10:41:42 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2017/04/29 10:41:41 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2017/04/29 10:41:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2017/04/29 10:41:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netbtugc.exe
[2017/04/29 10:41:39 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2017/04/29 10:41:38 | 000,591,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2017/04/29 10:41:38 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\polstore.dll
[2017/04/29 10:41:38 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2017/04/29 10:41:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2017/04/29 10:41:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpscript.dll
[2017/04/29 10:41:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpscript.dll
[2017/04/29 10:41:37 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winipsec.dll
[2017/04/29 10:41:37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2017/04/29 10:41:37 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2017/04/29 10:41:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2017/04/29 10:41:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpscript.exe
[2017/04/29 10:41:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpscript.exe
[2017/04/29 10:41:21 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2017/04/29 10:41:21 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2017/04/29 10:41:19 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2017/04/29 10:41:18 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2017/04/29 10:40:28 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2017/04/29 10:40:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2017/04/29 10:40:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2017/04/29 10:40:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2017/04/29 10:40:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2017/04/29 10:39:40 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2017/04/29 10:39:40 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2017/04/29 10:39:33 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2017/04/29 10:39:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2017/04/29 10:39:28 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2017/04/29 10:39:26 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2017/04/29 10:39:26 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2017/04/29 10:39:25 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2017/04/29 10:39:25 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2017/04/29 10:39:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2017/04/29 10:39:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2017/04/29 06:03:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2017/04/29 06:03:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2017/04/29 06:03:18 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2017/04/29 05:57:47 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2017/04/29 05:57:47 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2017/04/29 05:57:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2017/04/29 05:57:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2017/04/29 05:57:15 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2017/04/29 05:56:52 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2017/04/29 05:56:43 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2017/04/29 05:56:43 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2017/04/29 05:56:33 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2017/04/29 05:56:32 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2017/04/29 05:56:28 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2017/04/29 05:56:28 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2017/04/29 05:56:28 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2017/04/29 05:56:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2017/04/29 05:55:36 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2017/04/29 05:55:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2017/04/29 05:55:36 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2017/04/29 05:55:36 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2017/04/29 05:55:36 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2017/04/29 05:55:36 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2017/04/29 0
  • Unica
  • 2017/05/20 (Sat) 00:31:42
Re: duba.comに侵され困っています
[2017/04/29 05:51:12 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2017/04/29 05:51:01 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfsw32.dll
[2017/04/29 05:51:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll
[2017/04/29 05:38:23 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2017/04/29 05:38:23 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2017/04/29 05:38:23 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2017/04/29 05:38:23 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2017/04/29 04:50:12 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2017/04/29 04:50:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2017/04/29 03:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steinberg
[2017/04/29 03:22:35 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\VST3 Presets
[2017/04/29 03:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft
[2017/04/29 03:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2017/04/29 03:21:23 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\VST XMLs
[2017/04/29 03:21:23 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 8 64bit
[2017/04/29 03:21:23 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Steinberg
[2017/04/29 03:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2017/04/29 03:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
[2017/04/29 03:19:37 | 000,030,352 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysNative\drivers\synusb64.sys
[2017/04/29 03:19:35 | 005,438,976 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysNative\SYNSOACC.dll
[2017/04/29 03:19:35 | 003,875,328 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysWow64\SYNSOACC.dll
[2017/04/29 03:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\eLicenser
[2017/04/29 03:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\eLicenser
[2017/04/29 03:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eLicenser
[2017/04/29 03:07:43 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Steinberg Installation Updater
[2017/04/29 03:07:42 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Steinberg Installation Updater
[2017/04/29 03:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2017/04/29 03:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOCALOID4 Editor for Cubase 64-bit
[2017/04/29 03:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2017/04/29 02:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOIDApi4
[2017/04/29 02:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2017/04/29 02:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOCALOID Deactivation Tool
[2017/04/29 02:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOID Deactivation Tool
[2017/04/29 02:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOCALOID4
[2017/04/29 02:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOID4
[2017/04/29 02:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VOCALOID4
[2017/04/29 02:03:49 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2017/04/29 02:03:49 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2017/04/29 01:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VOCALOID3TINY
[2017/04/29 01:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiny VOCALOID3
[2017/04/29 01:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOID3
[2017/04/29 01:24:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2017/04/29 01:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOID3TINY
[2017/04/29 01:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOIDApi
[2017/04/29 01:01:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2017/04/29 00:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BUFFALO_ClientMgrV
[2017/04/29 00:30:39 | 000,218,488 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN900119.EXE
[2017/04/29 00:30:39 | 000,018,944 | ---- | C] (BUFFALO INC.) -- C:\Windows\SysNative\drivers\bufeap64.sys
[2017/04/29 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO
[2017/04/29 00:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BUFFALO
[2017/04/29 00:26:27 | 001,590,784 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\ucgnm2x.sys
[2017/04/29 00:12:46 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Diagnostics
[2017/04/29 00:07:47 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Steinberg Download Assistant
[2017/04/29 00:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2017/04/29 00:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2017/04/29 00:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg Download Assistant
[2017/04/29 00:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2017/04/28 23:50:53 | 000,000,000 | R--D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017/04/28 23:50:53 | 000,000,000 | R--D | C] -- C:\Users\Unica\Searches
[2017/04/28 23:50:53 | 000,000,000 | R--D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017/04/28 23:50:53 | 000,000,000 | -H-D | C] -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/04/28 23:50:38 | 000,000,000 | R--D | C] -- C:\Users\Unica\Contacts
[2017/04/28 23:50:36 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\VirtualStore
[2017/04/28 23:50:12 | 000,000,000 | --SD | C] -- C:\Users\Unica\AppData\Roaming\Microsoft
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Videos
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Saved Games
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Pictures
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Music
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Links
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Favorites
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Downloads
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Documents
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Desktop
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\スタート メニュー
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\AppData\Local\Temporary Internet Files
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Templates
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\SendTo
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Recent
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\PrintHood
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\NetHood
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Documents\My Videos
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Documents\My Pictures
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Documents\My Music
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\My Documents
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Local Settings
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\AppData\Local\History
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Cookies
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Application Data
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\AppData\Local\Application Data
[2017/04/28 23:50:12 | 000,000,000 | -H-D | C] -- C:\Users\Unica\AppData
[2017/04/28 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Temp
[2017/04/28 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Microsoft
[2017/04/28 23:49:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\デスクトップ
[2017/04/28 23:49:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\スタート メニュー
[2017/04/28 22:41:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2017/04/28 22:38:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017/05/20 00:01:46 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/05/20 00:01:46 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/05/19 23:47:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/05/19 23:46:58 | 3193,790,464 | -HS- | M] () -- C:\hiberfil.sys
[2017/05/17 21:56:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Unica\Desktop\OTL.exe
[2017/05/15 23:52:44 | 000,309,840 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl_del.sys
[2017/05/15 23:52:44 | 000,309,840 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2017/05/12 17:34:46 | 000,002,281 | ---- | M] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017/05/12 15:25:24 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/05/12 15:21:16 | 004,089,296 | ---- | M] () -- C:\Users\Unica\Desktop\AdwCleaner.exe
[2017/05/11 01:21:23 | 001,310,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/05/11 01:21:23 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/05/11 01:21:23 | 000,410,434 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2017/05/11 01:21:23 | 000,121,480 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2017/05/11 01:21:23 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/05/11 01:14:02 | 000,268,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/05/09 21:49:12 | 000,803,320 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/05/09 21:49:12 | 000,144,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/05/08 19:53:37 | 000,000,030 | ---- | M] () -- C:\AVScanner.ini
[2017/05/07 12:15:53 | 000,000,979 | ---- | M] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Plogue sforzando.lnk
[2017/05/07 01:34:36 | 000,002,111 | ---- | M] () -- C:\Users\Unica\Desktop\HALion 6.lnk
[2017/05/07 01:31:50 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2017/05/06 15:22:08 | 000,417,792 | ---- | M] (トキワ個別教育研究所) -- C:\Users\Unica\Desktop\DataRecovery.exe
[2017/05/06 14:21:08 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/05/06 13:57:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Unica\Desktop\HijackThis.exe
[2017/05/06 13:49:41 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/04/30 11:50:48 | 000,001,367 | ---- | M] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/04/30 00:30:30 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2017/04/30 00:30:24 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2017/04/30 00:30:24 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2017/04/30 00:30:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2017/04/30 00:30:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2017/04/30 00:30:24 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2017/04/30 00:30:24 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2017/04/30 00:30:24 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2017/04/30 00:30:24 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2017/04/30 00:30:24 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2017/04/30 00:30:24 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2017/04/30 00:30:24 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2017/04/30 00:30:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2017/04/30 00:30:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2017/04/30 00:30:24 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2017/04/30 00:30:24 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2017/04/30 00:30:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2017/04/30 00:30:24 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2017/04/30 00:30:24 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2017/04/30 00:30:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2017/04/30 00:30:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2017/04/30 00:30:24 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2017/04/30 00:30:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2017/04/30 00:30:24 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2017/04/30 00:30:24 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2017/04/30 00:30:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2017/04/30 00:30:24 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2017/04/30 00:30:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2017/04/30 00:30:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2017/04/30 00:30:24 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2017/04/30 00:30:24 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2017/04/30 00:30:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2017/04/30 00:30:24 | 000,016,303 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2017/04/30 00:30:24 | 000,016,303 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2017/04/30 00:30:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2017/04/30 00:30:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2017/04/30 00:30:24 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2017/04/30 00:28:48 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2017/04/30 00:28:48 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2017/04/30 00:28:48 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2017/04/30 00:28:48 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2017/04/30 00:28:48 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2017/04/30 00:28:48 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2017/04/30 00:28:48 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2017/04/30 00:28:48 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2017/04/30 00:28:48 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2017/04/30 00:28:48 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2017/04/30 00:28:48 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/04/30 00:28:48 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/04/30 00:28:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/04/30 00:28:48 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/04/29 17:25:29 | 007,290,368 | ---- | M] () -- C:\Users\Unica\AppData\Local\agent.dat
[2017/04/29 17:25:29 | 001,894,851 | ---- | M] () -- C:\Users\Unica\AppData\Local\Zunstock.tst
[2017/04/29 17:25:29 | 000,126,464 | ---- | M] () -- C:\Users\Unica\AppData\Local\noah.dat
[2017/04/29 17:25:29 | 000,070,800 | ---- | M] () -- C:\Users\Unica\AppData\Local\Config.xml
[2017/04/29 17:25:29 | 000,018,432 | ---- | M] () -- C:\Users\Unica\AppData\Local\Main.dat
[2017/04/29 17:25:29 | 000,005,568 | ---- | M] () -- C:\Users\Unica\AppData\Local\md.xml
[2017/04/29 17:24:07 | 000,019,008 | ---- | M] () -- C:\Users\Unica\AppData\Local\InstallationConfiguration.xml
[2017/04/29 17:23:25 | 000,140,800 | ---- | M] () -- C:\Users\Unica\AppData\Local\installer.dat
[2017/04/29 17:23:04 | 001,634,816 | ---- | M] (TODO: <Company name>) -- C:\Users\Unica\AppData\Local\Zunstock.exe
[2017/04/29 17:18:57 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\SoundEngine Free.lnk
[2017/04/29 17:16:25 | 000,018,296 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery64.sys
[2017/04/29 17:16:24 | 000,014,200 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery.sys
[2017/04/29 17:07:54 | 000,190,792 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys
[2017/04/29 17:07:52 | 000,146,248 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys
[2017/04/29 17:06:35 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys
[2017/04/29 17:06:32 | 000,036,560 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys
[2017/04/29 17:02:14 | 000,052,824 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bootsafe64.sys
[2017/04/29 17:02:13 | 000,051,800 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\bootsafe.sys
[2017/04/29 16:58:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2017/04/29 16:57:23 | 000,001,257 | ---- | M] () -- C:\Users\Unica\Desktop\Moo0 ボイス録音器 1.43.lnk
[2017/04/29 16:56:19 | 000,001,269 | ---- | M] () -- C:\Users\Unica\Desktop\Moo0 窓メニュー拡張器 1.20.lnk
[2017/04/29 16:54:57 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\KINGSOFT Internet Security 2017.lnk
[2017/04/29 16:54:56 | 000,289,408 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys
[2017/04/29 16:54:56 | 000,114,488 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisnetmxp.sys
[2017/04/29 16:54:56 | 000,113,464 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisnetm.sys
[2017/04/29 16:54:56 | 000,109,880 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisnetm64.sys
[2017/04/29 16:54:56 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys
[2017/04/29 16:54:55 | 000,114,264 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys
[2017/04/29 16:54:55 | 000,070,744 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi64.sys
[2017/04/29 16:52:59 | 000,001,215 | ---- | M] () -- C:\Users\Unica\Desktop\Any Audio Converter.lnk
[2017/04/29 16:43:42 | 001,263,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/04/29 03:22:35 | 000,002,892 | ---- | M] () -- C:\Windows\SysWow64\audcon.sys
[2017/04/29 03:22:11 | 000,002,104 | ---- | M] () -- C:\Users\Unica\Desktop\Cubase 8 64bit.lnk
[2017/04/29 00:35:35 | 000,001,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ソフトウェアルーター設定ツール.lnk
[2017/04/29 00:30:40 | 000,001,260 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\クライアントマネージャV.lnk
[2017/04/28 22:42:43 | 000,570,619 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2017/04/28 22:42:43 | 000,570,619 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2017/04/28 22:40:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2017/04/28 10:14:59 | 000,631,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2017/04/28 10:14:09 | 000,706,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2017/04/28 10:14:08 | 005,547,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017/04/28 10:11:49 | 001,732,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2017/04/28 10:10:12 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2017/04/28 10:10:12 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2017/04/28 10:10:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2017/04/28 10:10:11 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2017/04/28 10:10:10 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2017/04/28 10:10:10 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2017/04/28 10:10:10 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2017/04/28 10:10:10 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2017/04/28 10:10:09 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2017/04/28 10:10:08 | 001,212,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2017/04/28 10:10:08 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2017/04/28 10:10:08 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2017/04/28 10:10:07 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2017/04/28 10:10:04 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2017/04/28 10:10:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2017/04/28 10:10:03 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2017/04/28 10:10:02 | 001,460,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2017/04/28 10:10:02 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2017/04/28 10:10:02 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2017/04/28 10:09:59 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017/04/28 10:09:59 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2017/04/28 10:09:58 | 000,880,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2017/04/28 10:09:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2017/04/28 10:09:58 | 000,463,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2017/04/28 10:09:58 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2017/04/28 10:09:58 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2017/04/28 10:09:58 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2017/04/28 10:09:58 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017/04/28 10:09:58 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017/04/28 09:36:36 | 004,000,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017/04/28 09:36:36 | 003,945,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017/04/28 09:32:51 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2017/04/28 09:32:45 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2017/04/28 09:32:40 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2017/04/28 09:32:39 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2017/04/28 09:32:33 | 000,342,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2017/04/28 09:32:32 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2017/04/28 09:32:32 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2017/04/28 09:32:32 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017/04/28 09:32:32 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017/04/28 09:19:29 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2017/04/28 09:19:26 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2017/04/28 09:18:44 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2017/04/28 09:15:46 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2017/04/28 09:14:54 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2017/04/28 09:11:35 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2017/04/28 09:10:53 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017/04/28 09:08:07 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2017/04/28 09:08:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2017/04/28 09:08:06 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2017/04/28 09:08:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2017/04/28 09:07:13 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017/04/28 09:07:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017/04/28 09:07:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017/04/28 09:07:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2017/04/22 00:34:00 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2017/04/22 00:15:28 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017/05/12 15:25:24 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/05/12 15:21:03 | 004,089,296 | ---- | C] () -- C:\Users\Unica\Desktop\AdwCleaner.exe
[2017/05/07 12:15:53 | 000,000,979 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Plogue sforzando.lnk
[2017/05/06 14:21:08 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/05/06 14:09:51 | 000,002,281 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017/05/06 13:37:32 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/05/03 20:58:21 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2017/04/30 20:48:32 | 000,002,111 | ---- | C] () -- C:\Users\Unica\Desktop\HALion 6.lnk
[2017/04/30 11:50:48 | 000,001,367 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/04/30 00:30:24 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2017/04/30 00:30:24 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2017/04/30 00:00:41 | 000,001,004 | ---- | C] () -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2017/04/29 17:25:29 | 007,290,368 | ---- | C] () -- C:\Users\Unica\AppData\Local\agent.dat
[2017/04/29 17:25:29 | 001,894,851 | ---- | C] () -- C:\Users\Unica\AppData\Local\Zunstock.tst
[2017/04/29 17:25:29 | 000,126,464 | ---- | C] () -- C:\Users\Unica\AppData\Local\noah.dat
[2017/04/29 17:25:29 | 000,070,800 | ---- | C] () -- C:\Users\Unica\AppData\Local\Config.xml
[2017/04/29 17:25:29 | 000,018,432 | ---- | C] () -- C:\Users\Unica\AppData\Local\Main.dat
[2017/04/29 17:25:29 | 000,005,568 | ---- | C] () -- C:\Users\Unica\AppData\Local\md.xml
[2017/04/29 17:23:25 | 000,140,800 | ---- | C] () -- C:\Users\Unica\AppData\Local\installer.dat
[2017/04/29 17:23:25 | 000,019,008 | ---- | C] () -- C:\Users\Unica\AppData\Local\InstallationConfiguration.xml
[2017/04/29 17:18:57 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\SoundEngine Free.lnk
[2017/04/29 16:59:54 | 000,001,257 | ---- | C] () -- C:\Users\Unica\Desktop\Moo0 ボイス録音器 1.43.lnk
[2017/04/29 16:59:40 | 000,001,269 | ---- | C] () -- C:\Users\Unica\Desktop\Moo0 窓メニュー拡張器 1.20.lnk
[2017/04/29 16:54:57 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\KINGSOFT Internet Security 2017.lnk
[2017/04/29 16:52:59 | 000,001,215 | ---- | C] () -- C:\Users\Unica\Desktop\Any Audio Converter.lnk
[2017/04/29 16:43:42 | 001,263,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/04/29 16:11:24 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2017/04/29 11:20:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2017/04/29 10:53:10 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2017/04/29 03:22:35 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2017/04/29 03:22:11 | 000,002,104 | ---- | C] () -- C:\Users\Unica\Desktop\Cubase 8 64bit.lnk
[2017/04/29 03:20:50 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2017/04/29 03:20:50 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2017/04/29 00:35:35 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ソフトウェアルーター設定ツール.lnk
[2017/04/29 00:30:40 | 000,001,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\クライアントマネージャV.lnk
[2017/04/29 00:30:39 | 000,000,993 | ---- | C] () -- C:\Windows\UN900119.INI
[2017/04/28 23:50:12 | 000,000,290 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2017/04/28 23:50:12 | 000,000,272 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2017/04/28 22:42:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2017/04/28 22:42:00 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2017/04/28 22:40:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/08/30 00:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/08/30 00:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2017/05/05 05:14:30 | 000,000,000 | RH-D | M] -- C:\KRECYCLE
[2013/02/10 17:16:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2017/05/19 23:56:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/09/05 19:09:31 | 000,000,000 | -H-D | M] -- C:\SafeRecycle
[2012/10/14 10:56:10 | 000,000,000 | -H-D | M] -- C:\NTTSolmare\ComicCmoa\ContentsFolder
[2012/10/14 10:56:27 | 000,000,000 | -H-D | M] -- C:\NTTSolmare\ComicCmoa\ContentsFolder\Books
[2012/10/14 10:55:41 | 000,000,000 | -H-D | M] -- C:\NTTSolmare\ComicCmoa\ContentsFolder\Thumbnail
[2017/04/29 02:34:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/09/05 19:09:31 | 000,000,000 | -H-D | M] -- C:\SafeRecycle\update
[2012/09/05 19:09:31 | 000,000,000 | -H-D | M] -- C:\SafeRecycle\update\ksafe
[2017/05/05 00:52:04 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2009/07/14 12:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2017/05/12 15:25:24 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/07/14 11:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2017/04/29 01:05:21 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2017/04/28 23:50:12 | 000,000,000 | -H-D | M] -- C:\Users\Unica\AppData
[2017/05/14 00:02:10 | 000,000,000 | -H-D | M] -- C:\Users\Unica\AppData\Local\{ABBDEAEF-5AED-4c34-A22D-057A13C52D1E}
[2017/04/29 00:05:33 | 000,000,000 | -H-D | M] -- C:\Users\Unica\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2017/04/29 00:05:35 | 000,000,000 | -H-D | M] -- C:\Users\Unica\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2017/04/30 13:51:10 | 000,000,000 | -H-D | M] -- C:\Users\Unica\AppData\Local\Microsoft\Media Player\アート キャッシュ
[2017/04/28 23:51:04 | 000,000,000 | RH-D | M] -- C:\Users\Unica\AppData\Local\Microsoft\Windows\Burn\Burn
[2017/05/06 10:23:30 | 000,000,000 | -H-D | M] -- C:\Users\Unica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/04/28 01:00:07 | 000,000,000 | -H-D | M] -- C:\Users\Unica\Desktop\of course\Installer\HALion 5\Xtras
[2013/06/26 22:01:19 | 000,000,208 | -H-- | M] () -- C:\Users\Unica\Desktop\of course\Installer\HALion 5\HALion 5 for Windows\Setup.exe.config
[2017/02/06 16:09:43 | 000,000,206 | -H-- | M] () -- C:\Users\Unica\Desktop\of course\Installer\HALion 6\Setup.exe.config
[2017/03/10 20:12:03 | 000,000,000 | -H-D | M] -- C:\Users\Unica\Desktop\of course\Installer\The Grand SE 3\Xtras
[2009/07/14 13:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2009/07/14 13:45:47 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2017/04/29 01:05:45 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\アート キャッシュ

[color=#A23BEC]< %windir%\tasks\*.job >[/color]

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD4000AAJS-00YFA0 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST1000DX001-1NS162 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: BUFFALO USB Flash Disk USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 363.00GB
Starting Offset: 10389291008
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 135266304
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 30.00GB
Starting Offset: 1048576
Hidden sectors: 0


[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2015/10/30 02:50:29 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2016/11/10 01:33:26 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2009/07/14 10:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2017/04/28 09:10:56 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2012/07/05 07:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2017/04/13 00:32:10 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2017/04/13 00:25:04 | 000,145,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2017/04/18 00:37:31 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 12:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2011/03/03 15:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2016/05/13 02:14:48 | 000,502,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2009/07/14 10:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 13:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2011/05/24 20:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:[/b] - [2017/04/28 09:10:56 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2009/07/14 10:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2017/04/18 00:37:31 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2016/02/09 18:55:34 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2017/04/28 09:10:56 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 12:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2015/08/06 02:56:14 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 12:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/19 12:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2016/06/15 02:16:23 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:[/b] - [2016/06/15 02:16:23 | 000,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2010/11/21 12:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/11/21 12:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2016/11/10 01:02:19 | 000,128,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2016/11/10 00:55:06 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2017/03/23 00:17:28 | 002,651,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2009/07/14 10:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:[/b] - [2010/11/21 12:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >
  • Unica
  • 2017/05/20 (Sat) 00:34:42
Re: duba.comに侵され困っています
OTL Extras logfile created on: 2017/05/20 0:01:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Unica\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18665)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.97 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.10% Memory free
7.93 Gb Paging File | 6.40 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362.93 Gb Total Space | 159.69 Gb Free Space | 44.00% Space Free | Partition Type: NTFS
Drive D: | 931.39 Gb Total Space | 864.22 Gb Free Space | 92.79% Space Free | Partition Type: NTFS
Drive F: | 29.97 Gb Total Space | 26.78 Gb Free Space | 89.38% Space Free | Partition Type: NTFS

Computer Name: UNICA-PC | User Name: Unica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8E14E8-72A4-4B68-9E52-5438D3F45B3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AAE5C0B-9C98-4B40-A70C-9C9080E98E18}" = lport=51111 | protocol=17 | dir=in | name=vst connect se udp port 51111 |
"{1D1D9BAC-A6CE-4753-8B4D-65A62501BDAE}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D0FDDD3-D947-4481-ADF5-9458A298F7F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{33202764-33FC-40FC-9DA9-75B0CDBCC819}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34C022E8-741C-444D-9870-8CE197CBEDB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CFD02F4-1B14-4010-A2D2-E3BD67358A74}" = rport=137 | protocol=17 | dir=out | app=system |
"{495DE88D-ECAB-4EEC-92C6-6475E43B169D}" = lport=51113 | protocol=17 | dir=in | name=vst connect se udp port 51113 |
"{58B16C65-54B6-4AC1-9C20-C0AF11B0F117}" = lport=137 | protocol=17 | dir=in | app=system |
"{691256D9-EBFA-4C60-AC0C-F80EA2678A31}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6BD4ADB9-8B1A-4B65-B33E-1428C3A85230}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DC92328-5940-4D39-807B-46F6EFBC3419}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7478C063-C185-4911-93E6-EC903E0F30D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{83B09BA4-E86C-4188-AE82-6E0007BA42BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9327431D-3DCB-4215-8252-1F2A433E61E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96CD5ED9-9ACD-4ED3-9EE6-75AA5BAF3058}" = rport=138 | protocol=17 | dir=out | app=system |
"{9B3F591A-39E9-4C63-864E-39DBA3D5F398}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2A9E1DF-E22A-4D1D-9534-E855E0269BC8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE624CB3-9E8D-43AD-AA64-803A8CA9EF87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C4EC4AF4-D7D9-46FF-B080-DF20A614654F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA7A41CB-1075-4008-9DCA-F11F8AB39948}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{CD6CFE8F-525F-417F-8AD7-B553C1CB02B4}" = lport=138 | protocol=17 | dir=in | app=system |
"{DCDA1011-C622-4FE1-ABF2-A6D88EB5EBF0}" = rport=445 | protocol=6 | dir=out | app=system |
"{E4013ADC-5035-4ADE-8F64-6F1E22ED38AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8AC6175-9213-49E4-A479-2FEFAC7ADF86}" = lport=51112 | protocol=17 | dir=in | name=vst connect se udp port 51112 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C59B06-711A-4E21-B834-207B9E485186}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06A9D0BE-ADFF-458A-833D-1137FD2B4561}" = dir=in | app=c:\program files\steinberg\cubase 8\cubase8.exe |
"{0CF19FC8-5FE3-4FD3-A26E-6E265B5AA078}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E0DF9EA-258E-4FE8-BAF5-588168BC7A28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E749A6B-CAD0-4EA4-BBDB-5A3AA41D96CD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12E55EFB-C62C-4892-AE2C-4A0CD2EA8988}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20BEA999-D857-46A1-A0D6-C0C76E10B9B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{474712CD-8FD9-4BB4-A0F7-5F2E2CF0ABE3}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{53C27026-C708-430D-B531-6DF0E5834FF0}" = protocol=6 | dir=out | app=system |
"{6C70FF02-F01F-403A-B1E4-A4BB6F747521}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F6C76D8-FF13-4922-B359-D39A88CCB7E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C116472-54AF-40D5-9E76-26EB23A4BC53}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8EAAADDB-051C-4482-82AD-D74D10104630}" = dir=in | app=c:\program files (x86)\firefox\firefox.exe |
"{9065E19B-6721-4010-BBB4-816C021E2228}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{973A1ED6-BC56-4E1A-9F45-BF0508C7A558}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A38A6321-78EC-4F47-AEB0-8E8BC82D13D6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A52A632F-33EC-4DA9-BC9E-CEC9BD2B7BC5}" = dir=in | app=c:\program files (x86)\buffalo\softap\softap.exe |
"{AC67A631-DC81-4B8E-BF67-E4432631BE0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1F98388-6F85-4085-B4AB-9CB3B4A1211D}" = protocol=17 | dir=in | app=c:\program files (x86)\mio\loader\wdcxwd4000aajs-00yfa0_wd-wcas8381017410174.dat |
"{B76B6036-20F5-4575-A381-8233AA7BD855}" = dir=in | app=c:\program files (x86)\dayglad\application\chrome.exe |
"{BCD701E8-63E2-4343-9EC3-1DD6054069B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C08D44E0-B9FD-4585-949A-9CFC21F4F7E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0E59AA4-1434-46B8-B1AB-906330F20954}" = protocol=6 | dir=in | app=c:\program files (x86)\mio\loader\wdcxwd4000aajs-00yfa0_wd-wcas8381017410174.dat |
"{C3F9FCAA-AAEE-42C8-911E-AFBA6F2C58FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D814161E-06A6-4C2F-84B0-FEAF205DB1EA}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{EEBA8482-B1DA-40E8-9107-7CE4ACC97733}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB707A6D-9991-46F0-8CB2-1CDE7775A7AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{F2F8E3F1-3078-4AA7-951B-9A4D67E85C6A}C:\program files\steinberg\cubase 8\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 8\components\vstbridgeapp.exe |
"UDP Query User{312B6EA7-07A1-4E5B-9E8B-5922277320AB}C:\program files\steinberg\cubase 8\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 8\components\vstbridgeapp.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1014___is1" = Plogue sforzando v1.916
"{16D5A798-10BE-4FF3-BB71-54C012CD0D7D}" = Steinberg Generic Lower Latency ASIO Driver 64bit
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4D65ECE6-131D-4B5F-8470-2750D3161619}" = Steinberg Retrologue 64bit
"{55B14661-3F86-4974-9097-D7508EC63D97}" = Steinberg HALion Library Manager
"{63DF5C4B-E3BF-3346-A033-C57B22F44C9E}" = Microsoft .NET Framework 4.6.2
"{75F15019-C0C2-4047-AA45-97B4BD313719}" = Steinberg Padshop 64bit
"{7AA3E2A4-8568-41B0-BAB6-13CDB5047DE6}" = Steinberg HALion Sonic 3
"{7C38F5DA-2BAA-46C3-BA62-7F54C5036F07}" = VOCALOID4 API (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.2
"{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506
"{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}" = Steinberg Groove Agent SE 64bit
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0B194F8-E0CE-33FE-AA11-636428A4B73D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506
"{B4A47381-CC40-4EAD-BE05-143396A70B34}" = Steinberg HALion 6
"{B99C316B-C135-43B5-8E77-2BC5E241F964}" = Steinberg HALion Sonic SE 64bit
"{BE75341F-CB65-4CC5-A3B9-55EC801C3866}" = VOCALOID4 Editor for Cubase 64-bit
"{C806BE81-01DE-4EFA-33AC-34635B3EAB4A}" = Steinberg Cubase 8 64bit
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{F67A0A05-399B-4E24-991D-5346D4895207}" = VOCALOID API Runtime (64bit)
"ARIA Engine_is1" = ARIA Engine v1.9.1.6
"CCleaner" = CCleaner
"HardlinkShellExt" = Link Shell Extension
"MozillaMaintenanceService" = Mozilla Maintenance Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{23BAFE62-0AF0-4D71-98C2-47286139DC45}" = Steinberg Content Updater
"{23daf363-3020-4059-b3ae-dc4ad39fed19}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506
"{26ACA0DD-7C66-40D7-B992-CC27CA024F2A}_is1" = Ample Bass P Lite II version 2.3.1
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{548F88E8-79D2-441F-B87B-E71754257651}_is1" = Ample Guitar M Lite II version 2.3.1
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{611A7035-0172-4B9B-8BB6-5046F6867D8A}" = Steinberg Groove Agent ONE Allen Morgan Signature Drums
"{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79C66045-7A13-4B67-882F-E84341206490}" = VOCALOID4 Library KAGAMINE RIN LEN V4 English
"{7FAD0A52-EAA8-4197-BC9D-30E08EC879A5}" = Steinberg HALion Content
"{7FEE568C-E3E3-460B-BEDA-BE4CCC5A194A}" = VOCALOID4 Activator
"{8612790F-E870-4934-8EC2-E1465160B9E6}" = VOCALOID4 API (32-bit)
"{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}" = Steinberg Upload Manager
"{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2
"{89DE2651-6DD9-4C15-AC94-8348362D456C}" = Steinberg Midi Loop Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9B2EA8-9A30-4347-95E9-10E919C4F32E}" = Steinberg EDM Toolbox MIDI Loops
"{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDB618D-4F02-4CAD-B743-89677FE7ADE9}" = AlphaGo
"{A07054A3-FBA3-45A0-9C6E-51F8FBE7C7D0}" = VOCALOID API Runtime (32bit)
"{A2FC1750-B90F-4948-9D6E-DDDA155C6EC8}" = Steinberg VST Bass Amp Content
"{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACA0523C-3BC2-414D-9129-F60933777B96}" = VOCALOID4 Library KAGAMINE RIN LEN V4X
"{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}" = Steinberg Groove Agent SE Content
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C28C630B-3D18-4815-94D9-554D121016D6}" = VOCALOID Deactivation Tool
"{C50D4628-6064-443C-B154-5A5B780874C2}" = Steinberg HALion Sonic 2 Content
"{C7B06DB0-64A6-436E-B473-0E0EECC5E174}" = KORG USB-MIDI Driver Tools for Windows
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{DB8F1B25-F7FA-4408-9FC1-55A0C861BB38}" = VOCALOID3 Voice DB (MIKU_V3_Solid)
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DD5A29F8-EF1C-43E5-B76E-8913D446B2BA}" = VOCALOID3 Voice DB (MIKU_V3_Sweet)
"{E6049779-021E-40FD-8C4C-C2A21F9417B5}" = Steinberg HALion 6 Content
"{E9BFA009-DD72-4F2A-84CB-6DF46472B563}" = Groove Agent SE Rock Pop Toolbox Drums
"{EDFDAEFA-C531-4885-875E-3BC709C2EEEA}" = VOCALOID3 Voice DB (MIKU_V3_Soft)
"{F34EA13C-F078-4003-AE21-43EAB2680EC5}" = Steinberg Groove Agent SE Acoustic Agent
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FB115161-3000-40B5-B1D8-1436CF082FF1}" = VOCALOID3 Voice DB (MIKU_V3_Original)
"{FE32BBD6-0C2A-470A-91C7-62F2310273F0}" = VOCALOID3 Voice DB (MIKU_V3_Dark)
"Adobe Flash Player NPAPI" = Adobe Flash Player 25 NPAPI
"Any Audio Converter" = Any Audio Converter 6.1.2
"BUFFALO SoftAP" = BUFFALO ソフトウェアルーター設定ツール
"eLicenser Control" = eLicenser Control
"Google Chrome" = Google Chrome
"KINGSOFT Internet Security" = KINGSOFT Internet Security 2017
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware バージョン 1.75.0.1300
"Moo0 VoiceRecorder" = Moo0 ボイス録音器 1.43
"Moo0 WindowMenuPlus" = Moo0 窓メニュー拡張器 1.20
"Mozilla Firefox 53.0.2 (x86 ja)" = Mozilla Firefox 53.0.2 (x86 ja)
"SoundEngine Free" = SoundEngine Free
"Steinberg Download Assistant" = Steinberg Download Assistant
"UN900119" = BUFFALO クライアントマネージャV
"UN900119_is1" = BUFFALO クライアントマネージャV をアンインストール
"UN900120" = BUFFALO AirStation倍速設定ツール(アンインストール)

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2017/05/19 10:57:53 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\kislive.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:53 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\klblevelup.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:53 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\kmininews.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:53 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\ksctexec.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:54 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\ksysprescan.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:54 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\ktoolupdatetip.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:54 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\kutctrl.dll"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:54 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\kxetray.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:54 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\newuplive.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

Error - 2017/05/19 10:57:54 | Computer Name = Unica-PC | Source = SideBySide | ID = 16842785
Description = "c:\program files (x86)\kingsoft\kingsoft internet security 2017\ktool_update\kdownload\kav\newuplivepop.exe"
のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
が見つかりませんでした。 詳細な診断を行うには sxstrace.exe を実行してください。

[ System Events ]
Error - 2017/05/13 21:32:59 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7001
Description = Computer Browser サービスは、次のエラーが原因で開始できなかった Server サービスに依存しています: %%1068

Error - 2017/05/13 21:35:03 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7001
Description = Computer Browser サービスは、次のエラーが原因で開始できなかった Server サービスに依存しています: %%1068

Error - 2017/05/13 21:35:03 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7001
Description = Computer Browser サービスは、次のエラーが原因で開始できなかった Server サービスに依存しています: %%1068

Error - 2017/05/13 21:35:03 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7001
Description = Computer Browser サービスは、次のエラーが原因で開始できなかった Server サービスに依存しています: %%1068

Error - 2017/05/13 21:39:45 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7000
Description = Service Installer TrueKey サービスを、次のエラーが原因で開始できませんでした: %%2

Error - 2017/05/15 9:07:24 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7000
Description = Service Installer TrueKey サービスを、次のエラーが原因で開始できませんでした: %%2

Error - 2017/05/15 22:43:28 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7000
Description = Service Installer TrueKey サービスを、次のエラーが原因で開始できませんでした: %%2

Error - 2017/05/16 9:26:55 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7000
Description = Service Installer TrueKey サービスを、次のエラーが原因で開始できませんでした: %%2

Error - 2017/05/17 0:40:34 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7000
Description = Service Installer TrueKey サービスを、次のエラーが原因で開始できませんでした: %%2

Error - 2017/05/19 10:47:08 | Computer Name = Unica-PC | Source = Service Control Manager | ID = 7000
Description = Service Installer TrueKey サービスを、次のエラーが原因で開始できませんでした: %%2


< End of report >

以上です
解決に助力してくださることを感謝しております
  • Unica
  • 2017/05/20 (Sat) 00:36:38
OTLで少し掃除しましょう
作業と報告、ご苦労様です。
OTLスキャンログを見せてもらいました。

>ちなみにおすすめの無料セキュリティソフトはありますか?

この掲示板に相談に来られる方には、基本的には自分からは大手ベンダー製の有償版のセキュリティソフトをお勧めしています。
というのも、無償版セキュリティソフトは共通してベンダーからのサポートはありませんから、感染やトラブルに遭った際はユーザー自身の自力解決が求められるからです。
自力解決できるような方ならここのようなサイトに相談に来ることもないでしょう。

ただ、有償セキュリティソフトならどれでもいいわけでもありません。
例えば販売価格が一般の相場より激安とか、一度購入すれば毎年の更新料が不要で以後は無料更新可能とかいった製品はその理由をよく考えてください。

普通のセキュリティソフトなら毎日の定義更新だけでもベンダーは日々のたゆまぬ解析と研究によるサポートを提供しています。
自分から見ればセキュリティソフトはその基本性能よりもベンダーによる更新とサポートのほうが重要とも考えています。

激安製品に多いのは、製品の開発しているのは自社ではなく海外の専門ベンダー開発のセキュリティソフトを自社ブランドでOEM販売していることが多い事です。

ここがいざというときに問題で、OEM版セキュリティソフトのユーザーが感染やトラブルに遭って、その販売メーカー(代理店)にサポートを要請した場合でも、代理店ではサポートできる範囲は多くないということです。

いくらOEM契約している代理店に対しても、専門ベンダーは自社製のセキュリティソフトの根幹となる重要な技術をすべて教えることはないでしょう。
そしてOEM製品全般に共通しますが、OEM製品使用環境で発生したトラブルに対しては元の開発ベンダーのサポートは一切受けられません。
この場合はOEM製品を販売している代理店が責任もって対応する義務も負います。
このような事情から、販売価格が安くても以後のサポートが十分期待できない製品はお勧めしません。

一例を挙げると、もう10年以上前ですが海外の有名なセキュリティソフトのM社が日本国内の某代理店と契約して自社のセキュリティソフトを日本で販売開始したことがありました。
しかしこの時製品自体は性能悪くなかったものの、代理店がサポートと言えるサポートを満足にできないばかりか最初からサポートする意思があるのか怪しい対応を連発し、怒った日本のユーザーからの批判を受けて開発元のM社もその代理店との契約を終了し、以後は自社で日本国内販売開始したいきさつがありました。
その代理店については今でもサポートの能力姿勢に対して好意的な評価はほとんど見えず、PCに明るい有識者ほど避けられています。

セキュリティソフトを選ぶ際には開発元と販売元が同じ社の製品から選ぶのが無難です。


予算的な事情を含めて当面は無償版セキュリティソフトを使いたいなら、アンチウイルスについてはavastとaviraの2つから選ぶのが一般的ですね。
ファイアウォールはComodoが現状ほぼ唯一の日本語使用可能な無償版製品ですが、Comodoはavastと競合してエラー吐く事例があるので、使うなら設定と機能をしっかり把握してうまく使いこなすことが求められます。

さてそれでは本題の作業の続きです。
OTLスキャンで見つかったものを今度はOTLから掃除にかかります。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 62 FB 2A B2 C0 D2 01 [binary data]
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 46 3E 51 18 22 C6 D2 01 [binary data]
IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
[2017/04/29 16:52:59 | 000,001,215 | ---- | C] () -- C:\Users\Unica\Desktop\Any Audio Converter.lnk

:Files
C:\Users\Unica\Desktop\Any Audio Converter.lnk

:reg

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
  • 悪代官
  • 2017/05/20 (Sat) 21:56:56
Re: duba.comに侵され困っています
kingを消してavastを入れたところ、dubaは消えました!

以下ログです
OTL logfile created on: 2017/05/22 22:11:13 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Unica\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18665)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

3.97 Gb Total Physical Memory | 3.09 Gb Available Physical Memory | 78.02% Memory free
7.93 Gb Paging File | 7.08 Gb Available in Paging File | 89.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362.93 Gb Total Space | 153.47 Gb Free Space | 42.29% Space Free | Partition Type: NTFS
Drive D: | 931.39 Gb Total Space | 649.16 Gb Free Space | 69.70% Space Free | Partition Type: NTFS
Drive F: | 29.97 Gb Total Space | 26.78 Gb Free Space | 89.38% Space Free | Partition Type: NTFS

Computer Name: UNICA-PC | User Name: Unica | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2017/05/17 21:56:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Unica\Desktop\OTL.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -- (InstallerService)
SRV:[b]64bit:[/b] - [2017/05/22 21:42:11 | 000,263,304 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2017/05/22 21:41:56 | 007,346,208 | ---- | M] (AVAST Software s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe -- (aswbIDSAgent)
SRV:[b]64bit:[/b] - [2017/05/17 06:01:28 | 000,048,944 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DbxSvc.exe -- (DbxSvc)
SRV:[b]64bit:[/b] - [2017/04/16 17:37:33 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2016/08/23 01:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 10:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2017/05/20 16:01:44 | 000,173,512 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/05/20 01:39:44 | 000,143,144 | ---- | M] (Dropbox, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
SRV - [2017/05/20 01:39:44 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
SRV - [2017/05/09 21:49:13 | 000,271,864 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/07/14 14:43:42 | 000,107,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2015/07/06 14:55:42 | 000,139,568 | ---- | M] (Buffalo Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe -- (BWH32S)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2017/05/22 21:44:52 | 000,032,600 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:[b]64bit:[/b] - [2017/05/22 21:43:07 | 000,158,880 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2017/05/22 21:42:29 | 000,569,192 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2017/05/22 21:42:29 | 000,339,696 | ---- | M] (AVAST Software) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2017/05/22 21:42:29 | 000,128,648 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2017/05/22 21:42:29 | 000,075,704 | ---- | M] (AVAST Software) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2017/05/22 21:42:28 | 000,101,152 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2017/05/22 21:42:28 | 000,038,296 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2017/05/22 21:41:58 | 001,007,160 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2017/05/22 21:41:53 | 000,334,576 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswbloga.sys -- (aswblog)
DRV:[b]64bit:[/b] - [2017/05/22 21:41:53 | 000,190,256 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswbidsha.sys -- (aswbidsh)
DRV:[b]64bit:[/b] - [2017/05/22 21:41:53 | 000,049,016 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswbuniva.sys -- (aswbuniv)
DRV:[b]64bit:[/b] - [2017/05/22 21:41:52 | 000,311,808 | ---- | M] (AVAST Software s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys -- (aswbidsdriver)
DRV:[b]64bit:[/b] - [2016/12/14 01:15:00 | 000,034,184 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:[b]64bit:[/b] - [2015/06/12 02:15:53 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2015/03/12 17:22:16 | 000,018,944 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bufeap64.sys -- (Bufeap)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/12/15 04:22:09 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:[b]64bit:[/b] - [2011/06/20 19:54:28 | 001,590,784 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ucgnm2x.sys -- (ucgnm2x)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 12:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 12:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/20 11:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:[b]64bit:[/b] - [2009/06/11 05:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 62 FB 2A B2 C0 D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 46 3E 51 18 22 C6 D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE14
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "JP"
FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.3
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2017/05/06 09:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Unica\AppData\Roaming\mozilla\Extensions
[2017/05/06 14:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Unica\AppData\Roaming\mozilla\Firefox\Profiles\znl8pikd.default\extensions
[2017/05/21 14:52:20 | 000,044,954 | ---- | M] () (No name found) -- C:\Users\Unica\AppData\Roaming\mozilla\firefox\profiles\znl8pikd.default\features\{de1c7e9c-cf0d-433e-8124-fa5a493797e1}\shield-recipe-client@mozilla.org.xpi
[2017/05/20 16:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:[/b] - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft internet security 2017\kxetray.exe" -autorun File not found
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKLM..\RunOnce: [KAV7NEEDREBOOT] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{701E5780-941C-4E51-BE0E-5399CBC546F0}: DhcpNameServer = 192.168.3.1
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {373CE130-2BBD-11E7-B925-64006A5CFC23} - C:\Users\Unica\AppData\Roaming\Arumuentdruwught\Zozentghvuse.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[CREATERESTOREPOINT]
Unable to start System Restore Service. Error code 1084

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017/05/22 21:45:03 | 000,032,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2017/05/22 21:43:41 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\AVAST Software
[2017/05/22 21:43:40 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\CEF
[2017/05/22 21:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2017/05/22 21:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2017/05/22 21:42:49 | 000,339,696 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2017/05/22 21:42:49 | 000,158,880 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2017/05/22 21:42:49 | 000,158,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys.149545698707102
[2017/05/22 21:42:48 | 000,569,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2017/05/22 21:42:48 | 000,128,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2017/05/22 21:42:48 | 000,101,152 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2017/05/22 21:42:48 | 000,075,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2017/05/22 21:42:48 | 000,038,296 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2017/05/22 21:42:47 | 001,007,160 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2017/05/22 21:42:47 | 000,334,576 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2017/05/22 21:42:47 | 000,190,256 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2017/05/22 21:42:47 | 000,049,016 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2017/05/22 21:42:46 | 000,311,808 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2017/05/22 21:42:34 | 000,400,456 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017/05/22 21:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2017/05/22 21:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2017/05/22 21:37:42 | 006,919,904 | ---- | C] (AVAST Software) -- C:\Users\Unica\Desktop\avast_free_antivirus_setup_online.exe
[2017/05/22 21:37:42 | 006,919,904 | ---- | C] (AVAST Software) -- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
[2017/05/22 01:24:10 | 000,000,000 | ---D | C] -- C:\Users\Unica\Desktop\KIT 1 ERASERFASE CLASSIC DRUM MACHINE PACK
[2017/05/20 21:30:39 | 000,000,000 | ---D | C] -- C:\Users\Unica\Desktop\効果音 未加工
[2017/05/20 21:30:39 | 000,000,000 | ---D | C] -- C:\Users\Unica\Desktop\効果音
[2017/05/20 21:30:39 | 000,000,000 | ---D | C] -- C:\Users\Unica\Desktop\完成した楽曲
[2017/05/20 16:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2017/05/20 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\Unica\Documents\Any Audio Converter
[2017/05/20 01:58:14 | 000,000,000 | R--D | C] -- C:\Users\Unica\Dropbox
[2017/05/20 01:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2017/05/20 01:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2017/05/20 01:39:44 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Dropbox
[2017/05/20 01:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Dropbox
[2017/05/20 01:11:10 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Dropbox
[2017/05/17 21:56:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Unica\Desktop\OTL.exe
[2017/05/17 06:01:28 | 000,048,944 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\DbxSvc.exe
[2017/05/12 15:26:07 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Malwarebytes
[2017/05/12 15:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2017/05/12 15:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/05/12 15:25:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/05/12 15:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2017/05/11 03:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KORG
[2017/05/11 03:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KORG
[2017/05/11 03:42:11 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Downloaded Installations
[2017/05/10 21:37:53 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2017/05/10 21:37:51 | 005,547,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017/05/10 21:37:51 | 002,065,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2017/05/10 21:37:49 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017/05/10 21:37:49 | 003,945,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017/05/10 21:37:49 | 002,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2017/05/10 21:37:49 | 001,483,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2017/05/10 21:37:49 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2017/05/10 21:37:49 | 000,876,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2017/05/10 21:37:48 | 002,057,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2017/05/10 21:37:48 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2017/05/10 21:37:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2017/05/10 21:37:47 | 000,806,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2017/05/10 21:37:47 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2017/05/10 21:37:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2017/05/10 21:37:47 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2017/05/10 21:37:46 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2017/05/10 21:37:46 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2017/05/10 21:37:46 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2017/05/10 21:37:46 | 000,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2017/05/10 21:37:46 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2017/05/10 21:37:45 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2017/05/10 21:37:45 | 000,706,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2017/05/10 21:37:45 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2017/05/10 21:37:45 | 000,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2017/05/10 21:37:45 | 000,377,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2017/05/10 21:37:45 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2017/05/10 21:37:45 | 000,287,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2017/05/10 21:37:45 | 000,265,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2017/05/10 21:37:45 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2017/05/10 21:37:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleres.dll
[2017/05/10 21:37:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleres.dll
[2017/05/10 21:37:44 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2017/05/10 21:37:44 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2017/05/10 21:37:44 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2017/05/10 21:37:44 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2017/05/10 21:37:44 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2017/05/10 21:37:44 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2017/05/10 21:37:44 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2017/05/10 21:37:44 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2017/05/10 21:37:44 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2017/05/10 21:37:44 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2017/05/10 21:37:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2017/05/10 21:37:44 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2017/05/10 21:37:44 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017/05/10 21:37:44 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2017/05/10 21:37:44 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2017/05/10 21:37:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\plasrv.exe
[2017/05/10 21:37:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comcat.dll
[2017/05/10 21:37:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comcat.dll
[2017/05/10 21:37:43 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2017/05/10 21:37:43 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2017/05/10 21:37:43 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2017/05/10 21:37:43 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2017/05/10 21:37:43 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2017/05/10 21:37:43 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2017/05/10 21:37:43 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2017/05/10 21:37:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2017/05/10 21:37:43 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2017/05/10 21:37:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2017/05/10 21:37:43 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2017/05/10 21:37:43 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2017/05/10 21:37:43 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2017/05/10 21:37:43 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2017/05/10 21:37:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2017/05/10 21:37:43 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2017/05/10 21:37:43 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2017/05/10 21:37:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2017/05/10 21:37:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2017/05/10 21:37:43 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2017/05/10 21:37:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2017/05/10 21:37:43 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2017/05/10 21:37:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2017/05/10 21:37:43 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2017/05/10 21:37:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2017/05/10 21:37:42 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2017/05/10 21:37:42 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2017/05/10 21:37:42 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2017/05/10 21:37:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2017/05/10 21:37:42 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2017/05/10 21:37:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2017/05/10 21:37:42 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2017/05/10 21:37:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2017/05/10 21:37:42 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2017/05/10 21:37:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2017/05/10 21:37:42 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2017/05/10 21:37:42 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2017/05/10 21:37:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2017/05/10 21:37:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2017/05/10 21:37:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2017/05/10 21:37:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2017/05/10 21:37:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2017/05/10 21:37:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2017/05/10 21:37:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017/05/10 21:37:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2017/05/10 21:37:42 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2017/05/10 21:37:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2017/05/10 21:37:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2017/05/10 21:37:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2017/05/10 21:37:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2017/05/10 21:37:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2017/05/10 21:37:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2017/05/10 21:37:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2017/05/10 21:37:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017/05/10 21:37:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017/05/10 21:37:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017/05/10 21:37:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2017/05/10 21:37:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017/05/10 21:37:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017/05/10 21:37:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017/05/10 21:37:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2017/05/10 21:37:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2017/05/10 21:37:41 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2017/05/10 21:37:41 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2017/05/10 21:37:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2017/05/10 21:37:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2017/05/10 21:37:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2017/05/10 21:37:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2017/05/10 21:37:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017/05/10 21:37:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2017/05/10 21:37:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017/05/10 21:37:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017/05/10 21:37:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017/05/10 21:37:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017/05/10 21:37:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017/05/10 21:37:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2017/05/10 21:37:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017/05/10 21:37:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017/05/10 21:37:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2017/05/10 21:37:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2017/05/10 21:30:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/05/09 00:20:45 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\soundengine.jp
[2017/05/08 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Security
[2017/05/08 20:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2017/05/08 20:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2017/05/08 20:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2017/05/08 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2017/05/08 19:53:37 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Macromedia
[2017/05/08 19:53:37 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Macromedia
[2017/05/08 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2017/05/08 19:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\TrueKey
[2017/05/08 19:52:44 | 000,803,320 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/05/08 19:52:44 | 000,144,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/05/08 19:52:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2017/05/08 19:52:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2017/05/08 19:51:49 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Adobe
[2017/05/07 12:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plogue
[2017/05/07 12:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST2
[2017/05/07 09:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Viena
[2017/05/07 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\VOCALOIDApi4
[2017/05/07 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\VOCALOIDApi
[2017/05/07 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\VOCALOID4 Editor for Cubase
[2017/05/07 09:08:20 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\kcleaner
[2017/05/07 08:30:54 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension
[2017/05/07 08:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link Shell Extension
[2017/05/07 08:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\LinkShellExtension
[2017/05/07 01:33:48 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALion 6
[2017/05/07 01:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Syncrosoft
[2017/05/06 17:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\kxescore
[2017/05/06 14:35:17 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Daichi
[2017/05/06 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\VOCALOID4 Editor for Cubase
[2017/05/06 14:34:21 | 000,000,000 | -H-D | C] -- C:\Users\Unica\AppData\Local\{ABBDEAEF-5AED-4c34-A22D-057A13C52D1E}
[2017/05/06 14:34:20 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\VOCALOID4 Editor for Cubase
[2017/05/06 14:33:35 | 000,000,000 | ---D | C] -- C:\Users\Unica\Documents\VST3 Presets
[2017/05/06 14:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/05/06 14:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2017/05/06 14:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2017/05/06 13:57:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Unica\Desktop\HijackThis.exe
[2017/05/06 13:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2017/05/06 13:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\kdesk
[2017/05/06 10:09:21 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Adobe
[2017/05/06 09:55:01 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2017/05/06 09:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2017/05/06 09:27:13 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Programs
[2017/05/06 09:16:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2017/05/05 02:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MIO
[2017/05/05 01:08:42 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Google
[2017/05/03 20:57:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2017/05/03 16:46:10 | 000,000,000 | ---D | C] -- C:\Windows\psgo
[2017/05/03 16:35:59 | 000,000,000 | ---D | C] -- C:\Insist
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2017/04/30 19:32:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2017/04/30 19:32:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2017/04/30 19:32:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2017/04/30 19:32:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2017/04/30 19:32:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2017/04/30 19:31:31 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2017/04/30 19:31:28 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2017/04/30 19:31:28 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2017/04/30 14:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ample Sound
[2017/04/30 14:03:15 | 000,000,000 | ---D | C] -- C:\Users\Unica\Documents\Ample Sound
[2017/04/30 14:03:04 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Ample Sound
[2017/04/30 14:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Avid
[2017/04/30 14:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ample Sound
[2017/04/30 13:42:18 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Plogue
[2017/04/30 13:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Plogue
[2017/04/30 13:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2017/04/30 13:36:56 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Plogue Art et Technologie, Inc
[2017/04/30 12:27:07 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2017/04/30 12:27:07 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2017/04/30 12:27:07 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2017/04/30 12:20:22 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2017/04/30 12:16:15 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2017/04/30 12:16:12 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2017/04/30 12:16:12 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2017/04/30 12:02:17 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2017/04/30 12:02:07 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2017/04/30 12:02:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2017/04/30 11:44:05 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2017/04/30 11:44:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2017/04/30 00:34:33 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2017/04/30 00:30:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2017/04/30 00:30:24 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2017/04/30 00:30:24 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2017/04/30 00:30:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2017/04/30 00:30:24 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2017/04/30 00:30:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2017/04/30 00:30:24 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2017/04/30 00:30:24 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2017/04/30 00:30:24 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2017/04/30 00:30:24 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2017/04/30 00:30:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2017/04/30 00:30:24 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2017/04/30 00:30:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2017/04/30 00:30:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2017/04/30 00:30:24 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2017/04/30 00:30:24 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2017/04/30 00:30:24 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2017/04/30 00:30:24 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2017/04/30 00:30:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2017/04/30 00:30:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2017/04/30 00:30:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2017/04/30 00:30:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2017/04/30 00:30:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2017/04/30 00:30:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2017/04/30 00:30:24 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2017/04/30 00:30:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2017/04/30 00:30:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2017/04/30 00:30:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2017/04/30 00:30:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2017/04/30 00:30:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2017/04/30 00:30:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2017/04/30 00:30:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2017/04/30 00:30:24 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2017/04/30 00:30:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2017/04/30 00:30:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2017/04/30 00:28:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2017/04/30 00:28:48 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2017/04/30 00:28:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2017/04/30 00:28:48 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2017/04/30 00:28:48 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2017/04/30 00:28:48 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2017/04/30 00:28:48 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2017/04/30 00:28:48 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2017/04/30 00:28:48 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2017/04/30 00:28:48 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2017/04/30 00:28:48 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/04/30 00:28:48 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/04/30 00:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/04/30 00:28:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/04/30 00:23:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2017/04/30 00:13:18 | 000,000,000 | ---D | C] -- C:\Users\Unica\Documents\Steinberg
[2017/04/29 22:38:29 | 001,239,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2017/04/29 22:38:29 | 000,646,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2017/04/29 22:38:29 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2017/04/29 22:38:29 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2017/04/29 22:38:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\centel.dll
[2017/04/29 22:38:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2017/04/29 22:38:29 | 000,084,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2017/04/29 22:38:28 | 001,609,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2017/04/29 22:38:28 | 001,285,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2017/04/29 22:38:28 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2017/04/29 22:36:50 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2017/04/29 22:36:50 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2017/04/29 22:36:50 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2017/04/29 22:36:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2017/04/29 22:36:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2017/04/29 22:36:50 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2017/04/29 18:06:57 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2017/04/29 18:06:57 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2017/04/29 17:25:23 | 001,634,816 | ---- | C] (TODO: <Company name>) -- C:\Users\Unica\AppData\Local\Zunstock.exe
[2017/04/29 17:24:23 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Profiles
[2017/04/29 17:22:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tools
[2017/04/29 17:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundEngine Free
[2017/04/29 17:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundEngine Free
[2017/04/29 17:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2017/04/29 17:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2017/04/29 17:05:43 | 000,000,000 | ---D | C] -- C:\logs
[2017/04/29 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0
[2017/04/29 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moo0
[2017/04/29 16:55:31 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\kingsoft
[2017/04/29 16:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2017/04/29 16:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kingsoft
[2017/04/29 16:52:59 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Anvsoft
[2017/04/29 16:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvsoft
[2017/04/29 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\eLicenser
[2017/04/29 16:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2017/04/29 16:42:11 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2017/04/29 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\SynthFont
[2017/04/29 16:11:33 | 000,000,000 | ---D | C] -- C:\Users
  • Unica
  • 2017/05/22 (Mon) 23:09:56
Re: duba.comに侵され困っています
[2017/04/29 16:11:33 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Mozilla
[2017/04/29 16:11:33 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Mozilla
[2017/04/29 15:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg
[2017/04/29 15:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg HALion Library Manager
[2017/04/29 15:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg HALion Sonic
[2017/04/29 15:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid
[2017/04/29 11:20:41 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2017/04/29 11:20:41 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2017/04/29 11:20:41 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2017/04/29 11:20:40 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2017/04/29 11:15:58 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2017/04/29 11:15:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2017/04/29 11:11:36 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basesrv.dll
[2017/04/29 11:11:05 | 000,451,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2017/04/29 11:11:05 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2017/04/29 11:11:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tbs.dll
[2017/04/29 11:11:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tbs.dll
[2017/04/29 11:10:53 | 002,543,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2017/04/29 11:10:44 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2017/04/29 11:10:43 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2017/04/29 11:10:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2017/04/29 11:10:43 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2017/04/29 11:10:43 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2017/04/29 11:10:43 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2017/04/29 11:10:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2017/04/29 11:10:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2017/04/29 11:10:43 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2017/04/29 11:10:43 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2017/04/29 11:10:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2017/04/29 11:10:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2017/04/29 11:10:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2017/04/29 11:10:43 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2017/04/29 11:09:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2017/04/29 11:09:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2017/04/29 11:09:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2017/04/29 11:09:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2017/04/29 11:09:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2017/04/29 11:09:39 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cewmdm.dll
[2017/04/29 11:09:39 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cewmdm.dll
[2017/04/29 11:09:38 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2017/04/29 11:09:28 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2017/04/29 11:09:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll
[2017/04/29 11:09:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll
[2017/04/29 11:09:14 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2017/04/29 11:09:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2017/04/29 11:08:56 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2017/04/29 11:08:56 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2017/04/29 11:08:54 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2017/04/29 11:08:54 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2017/04/29 11:08:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2017/04/29 11:08:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2017/04/29 11:08:54 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2017/04/29 11:08:54 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2017/04/29 11:08:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2017/04/29 11:08:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2017/04/29 11:08:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2017/04/29 11:08:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2017/04/29 11:08:37 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2017/04/29 11:08:37 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2017/04/29 11:08:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2017/04/29 11:08:28 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2017/04/29 11:08:28 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2017/04/29 11:08:28 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2017/04/29 11:08:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2017/04/29 11:07:45 | 003,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2017/04/29 11:07:45 | 003,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2017/04/29 11:07:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2017/04/29 11:07:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2017/04/29 11:07:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2017/04/29 11:07:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2017/04/29 11:07:13 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tracerpt.exe
[2017/04/29 11:07:13 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2017/04/29 11:07:13 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sechost.dll
[2017/04/29 11:07:13 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2017/04/29 11:07:12 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2017/04/29 11:07:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\typeperf.exe
[2017/04/29 11:07:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\relog.exe
[2017/04/29 11:07:12 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe
[2017/04/29 11:07:12 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2017/04/29 11:07:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskperf.exe
[2017/04/29 11:07:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe
[2017/04/29 11:06:42 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2017/04/29 11:06:26 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2017/04/29 11:06:26 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2017/04/29 11:06:26 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2017/04/29 11:06:26 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2017/04/29 11:06:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.exe
[2017/04/29 11:06:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.exe
[2017/04/29 11:06:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnpinst.exe
[2017/04/29 11:06:26 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetppui.dll
[2017/04/29 11:06:25 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2017/04/29 11:06:25 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2017/04/29 11:06:24 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2017/04/29 11:06:24 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2017/04/29 11:06:24 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2017/04/29 11:06:24 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2017/04/29 11:06:24 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2017/04/29 11:06:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2017/04/29 11:06:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2017/04/29 11:06:24 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2017/04/29 11:06:24 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2017/04/29 11:06:24 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2017/04/29 11:06:24 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2017/04/29 11:05:35 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2017/04/29 11:05:35 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2017/04/29 11:05:34 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2017/04/29 11:05:33 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2017/04/29 11:05:33 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2017/04/29 11:05:33 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2017/04/29 11:05:33 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2017/04/29 11:05:32 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2017/04/29 11:05:32 | 003,165,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2017/04/29 11:05:32 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2017/04/29 11:05:32 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2017/04/29 11:05:32 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2017/04/29 11:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2017/04/29 11:05:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2017/04/29 11:05:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll
[2017/04/29 11:05:32 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2017/04/29 11:05:31 | 000,994,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2017/04/29 11:05:31 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll
[2017/04/29 11:05:31 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
[2017/04/29 11:05:31 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll
[2017/04/29 11:05:31 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
[2017/04/29 11:05:31 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll
[2017/04/29 11:05:31 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
[2017/04/29 11:05:31 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll
[2017/04/29 11:05:31 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
[2017/04/29 11:05:31 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll
[2017/04/29 11:05:31 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
[2017/04/29 11:05:31 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll
[2017/04/29 11:05:31 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
[2017/04/29 11:05:31 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll
[2017/04/29 11:05:31 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
[2017/04/29 11:05:31 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
[2017/04/29 11:05:31 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll
[2017/04/29 11:05:31 | 000,011,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll
[2017/04/29 11:05:30 | 003,209,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2017/04/29 11:05:30 | 000,922,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2017/04/29 11:05:30 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
[2017/04/29 11:05:30 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll
[2017/04/29 11:05:30 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
[2017/04/29 11:05:30 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
[2017/04/29 11:05:30 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll
[2017/04/29 11:05:30 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
[2017/04/29 11:05:30 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll
[2017/04/29 11:05:30 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
[2017/04/29 11:05:30 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
[2017/04/29 11:05:30 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll
[2017/04/29 11:05:30 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
[2017/04/29 11:05:29 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2017/04/29 11:05:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2017/04/29 11:05:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2017/04/29 11:05:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2017/04/29 11:05:28 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2017/04/29 11:05:28 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2017/04/29 11:05:26 | 003,244,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2017/04/29 11:05:26 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2017/04/29 11:05:24 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2017/04/29 11:05:23 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2017/04/29 11:05:21 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2017/04/29 11:05:20 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2017/04/29 11:05:19 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2017/04/29 11:05:19 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2017/04/29 11:05:19 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2017/04/29 11:05:18 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2017/04/29 11:05:18 | 000,733,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2017/04/29 11:05:17 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2017/04/29 11:05:17 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2017/04/29 11:05:17 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2017/04/29 11:05:16 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2017/04/29 11:05:16 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2017/04/29 11:05:16 | 000,632,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2017/04/29 11:05:16 | 000,382,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2017/04/29 11:05:15 | 000,803,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2017/04/29 11:05:15 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2017/04/29 11:05:14 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2017/04/29 11:05:14 | 000,633,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2017/04/29 11:05:14 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2017/04/29 11:05:14 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2017/04/29 11:05:14 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2017/04/29 11:05:14 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2017/04/29 11:05:14 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2017/04/29 11:05:13 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2017/04/29 11:05:12 | 001,009,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2017/04/29 11:05:12 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2017/04/29 11:05:11 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2017/04/29 11:05:10 | 000,546,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2017/04/29 11:05:10 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2017/04/29 11:05:10 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2017/04/29 11:05:10 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2017/04/29 11:05:09 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2017/04/29 11:05:08 | 001,574,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2017/04/29 11:05:08 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2017/04/29 11:05:08 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2017/04/29 11:05:08 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2017/04/29 11:05:08 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2017/04/29 11:05:08 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2017/04/29 11:05:08 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2017/04/29 11:05:07 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2017/04/29 11:05:07 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2017/04/29 11:05:07 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2017/04/29 11:05:06 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2017/04/29 11:05:06 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2017/04/29 11:05:06 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2017/04/29 11:05:06 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2017/04/29 11:05:05 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2017/04/29 11:05:05 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2017/04/29 11:05:05 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2017/04/29 11:05:05 | 000,114,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2017/04/29 11:05:04 | 012,574,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2017/04/29 11:05:04 | 012,574,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2017/04/29 11:05:03 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2017/04/29 11:05:02 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2017/04/29 11:05:02 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tintlgnt.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quick.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qintlgnt.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\phon.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cintlgnt.ime
[2017/04/29 11:05:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chajei.ime
[2017/04/29 11:05:02 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pintlgnt.ime
[2017/04/29 11:05:02 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2017/04/29 11:05:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2017/04/29 11:05:01 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2017/04/29 11:05:01 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2017/04/29 11:05:01 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2017/04/29 11:05:01 | 000,249,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2017/04/29 11:05:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2017/04/29 11:05:01 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsmsext.dll
[2017/04/29 11:05:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2017/04/29 11:05:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsmsext.dll
[2017/04/29 11:05:00 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icm32.dll
[2017/04/29 11:05:00 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2017/04/29 11:04:59 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2017/04/29 11:04:59 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2017/04/29 11:04:59 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2017/04/29 11:04:59 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2017/04/29 11:04:58 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hlink.dll
[2017/04/29 11:04:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2017/04/29 11:04:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2017/04/29 11:04:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2017/04/29 11:04:57 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmjpegdec.dll
[2017/04/29 11:04:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmjpegdec.dll
[2017/04/29 11:04:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2017/04/29 11:04:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2017/04/29 11:04:56 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2017/04/29 11:04:56 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2017/04/29 11:04:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2017/04/29 11:04:56 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2017/04/29 11:04:56 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2017/04/29 11:04:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2017/04/29 11:04:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2017/04/29 11:04:55 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2017/04/29 11:04:55 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2017/04/29 11:04:55 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2017/04/29 11:04:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2017/04/29 11:04:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2017/04/29 11:04:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2017/04/29 11:04:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2017/04/29 11:04:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2017/04/29 11:04:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2017/04/29 11:04:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe
[2017/04/29 11:04:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2017/04/29 11:04:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2017/04/29 11:04:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2017/04/29 11:04:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2017/04/29 11:04:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2017/04/29 11:04:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2017/04/29 11:04:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2017/04/29 11:04:53 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\INETRES.dll
[2017/04/29 11:04:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2017/04/29 11:04:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2017/04/29 11:04:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2017/04/29 11:04:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2017/04/29 11:04:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2017/04/29 11:04:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2017/04/29 11:04:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2017/04/29 11:04:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2017/04/29 11:04:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2017/04/29 11:04:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2017/04/29 11:04:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2017/04/29 11:03:44 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2017/04/29 11:03:43 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2017/04/29 11:02:22 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2017/04/29 11:02:22 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2017/04/29 11:02:22 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2017/04/29 11:02:22 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2017/04/29 11:02:22 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2017/04/29 11:02:22 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2017/04/29 11:01:23 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2017/04/29 11:01:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2017/04/29 11:01:21 | 001,632,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2017/04/29 11:01:20 | 001,372,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2017/04/29 11:01:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmapi.dll
[2017/04/29 11:01:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2017/04/29 10:59:21 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2017/04/29 10:59:21 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2017/04/29 10:59:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2017/04/29 10:57:59 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2017/04/29 10:57:59 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2017/04/29 10:57:50 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2017/04/29 10:57:50 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2017/04/29 10:57:47 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2017/04/29 10:55:20 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2017/04/29 10:55:20 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2017/04/29 10:55:20 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2017/04/29 10:55:20 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2017/04/29 10:55:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2017/04/29 10:55:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2017/04/29 10:55:12 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2017/04/29 10:54:53 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2017/04/29 10:54:52 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2017/04/29 10:54:52 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2017/04/29 10:54:52 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2017/04/29 10:54:52 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2017/04/29 10:54:52 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2017/04/29 10:54:52 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2017/04/29 10:54:52 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2017/04/29 10:54:52 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2017/04/29 10:54:52 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2017/04/29 10:54:52 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2017/04/29 10:54:52 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2017/04/29 10:54:52 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2017/04/29 10:54:51 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2017/04/29 10:54:51 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2017/04/29 10:54:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2017/04/29 10:54:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2017/04/29 10:54:32 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2017/04/29 10:54:32 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2017/04/29 10:54:27 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2017/04/29 10:54:21 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2017/04/29 10:54:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2017/04/29 10:53:14 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2017/04/29 10:53:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2017/04/29 10:53:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2017/04/29 10:53:13 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2017/04/29 10:53:13 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2017/04/29 10:53:12 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2017/04/29 10:53:12 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2017/04/29 10:53:10 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2017/04/29 10:53:10 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2017/04/29 10:53:02 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2017/04/29 10:53:01 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2017/04/29 10:53:01 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2017/04/29 10:53:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2017/04/29 10:53:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2017/04/29 10:52:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2017/04/29 10:52:43 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2017/04/29 10:52:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2017/04/29 10:52:39 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2017/04/29 10:52:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2017/04/29 10:52:33 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2017/04/29 10:52:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2017/04/29 10:51:19 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2017/04/29 10:51:19 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2017/04/29 10:50:57 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2017/04/29 10:50:57 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2017/04/29 10:50:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2017/04/29 10:50:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2017/04/29 10:50:54 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2017/04/29 10:50:29 | 000,879,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2017/04/29 10:50:29 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2017/04/29 10:48:14 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2017/04/29 10:48:13 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2017/04/29 10:48:13 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2017/04/29 10:48:13 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2017/04/29 10:48:10 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2017/04/29 10:48:10 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2017/04/29 10:47:52 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2017/04/29 10:47:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2017/04/29 10:47:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2017/04/29 10:47:29 | 001,112,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2017/04/29 10:47:28 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2017/04/29 10:47:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2017/04/29 10:46:33 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2017/04/29 10:46:06 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2017/04/29 10:46:06 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2017/04/29 10:46:06 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2017/04/29 10:46:06 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2017/04/29 10:46:06 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2017/04/29 10:46:06 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2017/04/29 10:46:06 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2017/04/29 10:46:06 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2017/04/29 10:46:06 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2017/04/29 10:46:06 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2017/04/29 10:46:06 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2017/04/29 10:46:06 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2017/04/29 10:46:06 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2017/04/29 10:46:06 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2017/04/29 10:46:06 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2017/04/29 10:46:06 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2017/04/29 10:46:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2017/04/29 10:46:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2017/04/29 10:46:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2017/04/29 10:46:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2017/04/29 10:46:06 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2017/04/29 10:46:06 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2017/04/29 10:46:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2017/04/29 10:46:05 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2017/04/29 10:46:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2017/04/29 10:46:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2017/04/29 10:46:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2017/04/29 10:46:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2017/04/29 10:46:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2017/04/29 10:46:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2017/04/29 10:46:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2017/04/29 10:46:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2017/04/29 10:45:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2017/04/29 10:45:37 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2017/04/29 10:45:37 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2017/04/29 10:45:37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2017/04/29 10:45:21 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2017/04/29 10:45:21 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2017/04/29 10:43:21 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2017/04/29 10:43:20 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2017/04/29 10:43:20 | 001,307,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2017/04/29 10:43:20 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2017/04/29 10:43:20 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2017/04/29 10:43:20 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2017/04/29 10:43:19 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2017/04/29 10:43:18 | 001,153,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2017/04/29 10:43:18 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2017/04/29 10:43:18 | 000,829,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2017/04/29 10:43:18 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2017/04/29 10:43:18 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2017/04/29 10:43:18 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2017/04/29 10:43:17 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2017/04/29 10:43:17 | 000,815,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2017/04/29 10:43:16 | 001,955,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2017/04/29 10:43:16 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2017/04/29 10:43:14 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2017/04/29 10:43:14 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2017/04/29 10:43:13 | 000,740,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2017/04/29 10:43:12 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2017/04/29 10:43:12 | 001,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2017/04/29 10:43:12 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2017/04/29 10:43:11 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2017/04/29 10:43:11 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2017/04/29 10:43:11 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2017/04/29 10:43:11 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2017/04/29 10:43:10 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2017/04/29 10:43:10 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2017/04/29 10:43:10 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2017/04/29 10:43:10 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2017/04/29 10:43:10 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2017/04/29 10:43:10 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2017/04/29 10:43:10 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2017/04/29 10:43:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2017/04/29 10:43:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2017/04/29 10:43:10 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2017/04/29 10:43:09 | 001,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2017/04/29 10:43:09 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2017/04/29 10:43:09 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2017/04/29 10:43:09 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2017/04/29 10:43:09 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2017/04/29 10:43:09 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2017/04/29 10:43:08 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2017/04/29 10:43:08 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2017/04/29 10:43:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2017/04/29 10:43:08 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2017/04/29 10:43:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2017/04/29 10:43:08 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2017/04/29 10:43:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2017/04/29 10:43:08 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2017/04/29 10:43:07 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2017/04/29 10:43:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksuser.dll
[2017/04/29 10:43:00 | 000,069,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2017/04/29 10:42:27 | 003,229,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2017/04/29 10:42:27 | 001,867,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2017/04/29 10:42:26 | 002,972,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2017/04/29 10:42:26 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2017/04/29 10:42:21 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2017/04/29 10:42:21 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2017/04/29 10:42:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2017/04/29 10:42:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2017/04/29 10:42:16 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2017/04/29 10:42:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2017/04/29 10:42:13 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2017/04/29 10:42:12 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2017/04/29 10:42:12 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2017/04/29 10:42:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2017/04/29 10:41:48 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2017/04/29 10:41:48 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2017/04/29 10:41:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2017/04/29 10:41:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2017/04/29 10:41:42 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2017/04/29 10:41:42 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2017/04/29 10:41:41 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2017/04/29 10:41:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2017/04/29 10:41:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netbtugc.exe
[2017/04/29 10:41:39 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2017/04/29 10:41:38 | 000,591,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2017/04/29 10:41:38 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\polstore.dll
[2017/04/29 10:41:38 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2017/04/29 10:41:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2017/04/29 10:41:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpscript.dll
[2017/04/29 10:41:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpscript.dll
[2017/04/29 10:41:37 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winipsec.dll
[2017/04/29 10:41:37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2017/04/29 10:41:37 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2017/04/29 10:41:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2017/04/29 10:41:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpscript.exe
[2017/04/29 10:41:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpscript.exe
[2017/04/29 10:41:21 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2017/04/29 10:41:21 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2017/04/29 10:41:19 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2017/04/29 10:41:18 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2017/04/29 10:40:28 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2017/04/29 10:40:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2017/04/29 10:40:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2017/04/29 10:40:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2017/04/29 10:40:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2017/04/29 10:39:40 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2017/04/29 10:39:40 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2017/04/29 10:39:33 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2017/04/29 10:39:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2017/04/29 10:39:28 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2017/04/29 10:39:26 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2017/04/29 10:39:26 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2017/04/29 10:39:25 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2017/04/29 10:39:25 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2017/04/29 10:39:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2017/04/29 10:39:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2017/04/29 06:03:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2017/04/29 06:03:18 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2017/04/29 06:03:18 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2017/04/29 05:57:47 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2017/04/29 05:57:47 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2017/04/29 05:57:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2017/04/29 05:57:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2017/04/29 05:57:15 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2017/04/29 05:56:52 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2017/04/29 05:56:43 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2017/04/29 05:56:43 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2017/04/29 05:56:33 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2017/04/29 05:56:32 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2017/04/29 05:56:28 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2017/04/29 05:56:28 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2017/04/29 05:56:28 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2017/04/29 05:56:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2017/04/29 05:55:36 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2017/04/29 05:55:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2017/04/29 05:55:36 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2017/04/29 05:55:36 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2017/04/29 05:55:36 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2017/04/29 05:55:36 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2017/04/29 05:51:12 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2017/04/29 05:51:01 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfsw32.dll
[2017/04/29 05:51:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll
[2017/04/29 05:38:23 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2017/04/29 05:38:23 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2017/04/29 05:38:23 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2017/04/29 05:38:23 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2017/04/29 04:50:12 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2017/04/29 04:50:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2017/04/29 03:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steinberg
[2017/04/29 03:22:35 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\VST3 Presets
[2017/04/29 03:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Syncrosoft
[2017/04/29 03:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
[2017/04/29 03:21:23 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\VST XMLs
[2017/04/29 03:21:23 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 8 64bit
[2017/04/29 03:21:23 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Steinberg
[2017/04/29 03:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2017/04/29 03:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
[2017/04/29 03:19:37 | 000,030,352 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysNative\drivers\synusb64.sys
[2017/04/29 03:19:35 | 005,438,976 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysNative\SYNSOACC.dll
[2017/04/29 03:19:35 | 003,875,328 | ---- | C] (Steinberg Media Technologies GmbH) -- C:\Windows\SysWow64\SYNSOACC.dll
[2017/04/29 03:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\eLicenser
[2017/04/29 03:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\eLicenser
[2017/04/29 03:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eLicenser
[2017/04/29 03:07:43 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Roaming\Steinberg Installation Updater
[2017/04/29 03:07:42 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Steinberg Installation Updater
[2017/04/29 03:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2017/04/29 03:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOCALOID4 Editor for Cubase 64-bit
[2017/04/29 03:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2017/04/29 02:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOIDApi4
[2017/04/29 02:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2017/04/29 02:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOCALOID Deactivation Tool
[2017/04/29 02:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOID Deactivation Tool
[2017/04/29 02:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOCALOID4
[2017/04/29 02:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOID4
[2017/04/29 02:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VOCALOID4
[2017/04/29 02:03:49 | 001,031,680 | ---- | C] (Microsoft C
  • Unica
  • 2017/05/22 (Mon) 23:11:42
Re: duba.comに侵され困っています
[2017/04/29 02:03:49 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2017/04/29 02:03:49 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2017/04/29 01:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VOCALOID3TINY
[2017/04/29 01:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiny VOCALOID3
[2017/04/29 01:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOID3
[2017/04/29 01:24:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2017/04/29 01:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOID3TINY
[2017/04/29 01:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VOCALOIDApi
[2017/04/29 01:01:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2017/04/29 00:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BUFFALO_ClientMgrV
[2017/04/29 00:30:39 | 000,218,488 | ---- | C] (BUFFALO INC.) -- C:\Windows\UN900119.EXE
[2017/04/29 00:30:39 | 000,018,944 | ---- | C] (BUFFALO INC.) -- C:\Windows\SysNative\drivers\bufeap64.sys
[2017/04/29 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO
[2017/04/29 00:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BUFFALO
[2017/04/29 00:26:27 | 001,590,784 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\ucgnm2x.sys
[2017/04/29 00:12:46 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Diagnostics
[2017/04/29 00:07:47 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Steinberg Download Assistant
[2017/04/29 00:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2017/04/29 00:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2017/04/29 00:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg Download Assistant
[2017/04/29 00:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2017/04/28 23:50:53 | 000,000,000 | R--D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017/04/28 23:50:53 | 000,000,000 | R--D | C] -- C:\Users\Unica\Searches
[2017/04/28 23:50:53 | 000,000,000 | R--D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017/04/28 23:50:53 | 000,000,000 | -H-D | C] -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2017/04/28 23:50:38 | 000,000,000 | R--D | C] -- C:\Users\Unica\Contacts
[2017/04/28 23:50:36 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\VirtualStore
[2017/04/28 23:50:12 | 000,000,000 | --SD | C] -- C:\Users\Unica\AppData\Roaming\Microsoft
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Videos
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Saved Games
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Pictures
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Music
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Links
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Favorites
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Downloads
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Documents
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\Desktop
[2017/04/28 23:50:12 | 000,000,000 | R--D | C] -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\スタート メニュー
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\AppData\Local\Temporary Internet Files
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Templates
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\SendTo
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Recent
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\PrintHood
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\NetHood
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Documents\My Videos
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Documents\My Pictures
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Documents\My Music
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\My Documents
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Local Settings
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\AppData\Local\History
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Cookies
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\Application Data
[2017/04/28 23:50:12 | 000,000,000 | -HSD | C] -- C:\Users\Unica\AppData\Local\Application Data
[2017/04/28 23:50:12 | 000,000,000 | -H-D | C] -- C:\Users\Unica\AppData
[2017/04/28 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Temp
[2017/04/28 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\Unica\AppData\Local\Microsoft
[2017/04/28 23:49:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\デスクトップ
[2017/04/28 23:49:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\スタート メニュー
[2017/04/28 22:41:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2017/04/28 22:38:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017/05/22 22:09:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/05/22 22:09:41 | 3193,790,464 | -HS- | M] () -- C:\hiberfil.sys
[2017/05/22 21:46:09 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[2017/05/22 21:44:52 | 000,032,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2017/05/22 21:44:46 | 000,000,684 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
[2017/05/22 21:43:15 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2017/05/22 21:43:07 | 000,158,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2017/05/22 21:42:29 | 000,569,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2017/05/22 21:42:29 | 000,339,696 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2017/05/22 21:42:29 | 000,158,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys.149545698707102
[2017/05/22 21:42:29 | 000,128,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2017/05/22 21:42:29 | 000,075,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2017/05/22 21:42:28 | 000,400,456 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2017/05/22 21:42:28 | 000,101,152 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2017/05/22 21:42:28 | 000,038,296 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2017/05/22 21:41:58 | 001,007,160 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2017/05/22 21:41:53 | 000,334,576 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbloga.sys
[2017/05/22 21:41:53 | 000,190,256 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsha.sys
[2017/05/22 21:41:53 | 000,049,016 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbuniva.sys
[2017/05/22 21:41:52 | 000,311,808 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
[2017/05/22 21:41:26 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/05/22 21:41:26 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/05/22 21:37:49 | 006,919,904 | ---- | M] (AVAST Software) -- C:\Users\Unica\Desktop\avast_free_antivirus_setup_online.exe
[2017/05/22 21:37:49 | 006,919,904 | ---- | M] (AVAST Software) -- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
[2017/05/22 21:33:48 | 000,000,680 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
[2017/05/22 00:26:51 | 131,690,243 | ---- | M] () -- C:\Users\Unica\Desktop\KIT 1 ERASERFASE CLASSIC DRUM MACHINE PACK.zip
[2017/05/20 01:58:14 | 000,001,242 | ---- | M] () -- C:\Users\Unica\Desktop\Dropbox.lnk
[2017/05/17 21:56:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Unica\Desktop\OTL.exe
[2017/05/17 06:01:28 | 000,048,944 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\DbxSvc.exe
[2017/05/12 17:34:46 | 000,002,281 | ---- | M] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017/05/12 15:25:24 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/05/12 15:21:16 | 004,089,296 | ---- | M] () -- C:\Users\Unica\Desktop\AdwCleaner.exe
[2017/05/11 01:21:23 | 001,310,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/05/11 01:21:23 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/05/11 01:21:23 | 000,410,434 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2017/05/11 01:21:23 | 000,121,480 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2017/05/11 01:21:23 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/05/11 01:14:02 | 000,268,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/05/09 21:49:12 | 000,803,320 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017/05/09 21:49:12 | 000,144,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017/05/08 19:53:37 | 000,000,030 | ---- | M] () -- C:\AVScanner.ini
[2017/05/07 12:15:53 | 000,000,979 | ---- | M] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Plogue sforzando.lnk
[2017/05/07 01:34:36 | 000,002,111 | ---- | M] () -- C:\Users\Unica\Desktop\HALion 6.lnk
[2017/05/07 01:31:50 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2017/05/06 15:22:08 | 000,417,792 | ---- | M] (トキワ個別教育研究所) -- C:\Users\Unica\Desktop\DataRecovery.exe
[2017/05/06 14:21:08 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/05/06 13:57:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Unica\Desktop\HijackThis.exe
[2017/05/06 13:49:41 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/04/30 11:50:48 | 000,001,367 | ---- | M] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/04/30 00:30:30 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2017/04/30 00:30:24 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2017/04/30 00:30:24 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2017/04/30 00:30:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2017/04/30 00:30:24 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2017/04/30 00:30:24 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2017/04/30 00:30:24 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2017/04/30 00:30:24 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2017/04/30 00:30:24 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2017/04/30 00:30:24 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2017/04/30 00:30:24 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2017/04/30 00:30:24 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2017/04/30 00:30:24 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2017/04/30 00:30:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2017/04/30 00:30:24 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2017/04/30 00:30:24 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2017/04/30 00:30:24 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2017/04/30 00:30:24 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2017/04/30 00:30:24 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2017/04/30 00:30:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2017/04/30 00:30:24 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2017/04/30 00:30:24 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2017/04/30 00:30:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2017/04/30 00:30:24 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2017/04/30 00:30:24 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2017/04/30 00:30:24 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2017/04/30 00:30:24 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2017/04/30 00:30:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2017/04/30 00:30:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2017/04/30 00:30:24 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2017/04/30 00:30:24 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2017/04/30 00:30:24 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2017/04/30 00:30:24 | 000,016,303 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2017/04/30 00:30:24 | 000,016,303 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2017/04/30 00:30:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2017/04/30 00:30:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2017/04/30 00:30:24 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2017/04/30 00:28:48 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2017/04/30 00:28:48 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2017/04/30 00:28:48 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2017/04/30 00:28:48 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2017/04/30 00:28:48 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2017/04/30 00:28:48 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2017/04/30 00:28:48 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2017/04/30 00:28:48 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2017/04/30 00:28:48 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2017/04/30 00:28:48 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2017/04/30 00:28:48 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/04/30 00:28:48 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/04/30 00:28:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2017/04/30 00:28:48 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/04/30 00:28:48 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2017/04/29 17:25:29 | 007,290,368 | ---- | M] () -- C:\Users\Unica\AppData\Local\agent.dat
[2017/04/29 17:25:29 | 001,894,851 | ---- | M] () -- C:\Users\Unica\AppData\Local\Zunstock.tst
[2017/04/29 17:25:29 | 000,126,464 | ---- | M] () -- C:\Users\Unica\AppData\Local\noah.dat
[2017/04/29 17:25:29 | 000,070,800 | ---- | M] () -- C:\Users\Unica\AppData\Local\Config.xml
[2017/04/29 17:25:29 | 000,018,432 | ---- | M] () -- C:\Users\Unica\AppData\Local\Main.dat
[2017/04/29 17:25:29 | 000,005,568 | ---- | M] () -- C:\Users\Unica\AppData\Local\md.xml
[2017/04/29 17:24:07 | 000,019,008 | ---- | M] () -- C:\Users\Unica\AppData\Local\InstallationConfiguration.xml
[2017/04/29 17:23:25 | 000,140,800 | ---- | M] () -- C:\Users\Unica\AppData\Local\installer.dat
[2017/04/29 17:23:04 | 001,634,816 | ---- | M] (TODO: <Company name>) -- C:\Users\Unica\AppData\Local\Zunstock.exe
[2017/04/29 17:18:57 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\SoundEngine Free.lnk
[2017/04/29 16:58:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2017/04/29 16:57:23 | 000,001,257 | ---- | M] () -- C:\Users\Unica\Desktop\Moo0 ボイス録音器 1.43.lnk
[2017/04/29 16:56:19 | 000,001,269 | ---- | M] () -- C:\Users\Unica\Desktop\Moo0 窓メニュー拡張器 1.20.lnk
[2017/04/29 16:52:59 | 000,001,215 | ---- | M] () -- C:\Users\Unica\Desktop\Any Audio Converter.lnk
[2017/04/29 16:43:42 | 001,263,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/04/29 03:22:35 | 000,002,892 | ---- | M] () -- C:\Windows\SysWow64\audcon.sys
[2017/04/29 03:22:11 | 000,002,104 | ---- | M] () -- C:\Users\Unica\Desktop\Cubase 8 64bit.lnk
[2017/04/29 00:35:35 | 000,001,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ソフトウェアルーター設定ツール.lnk
[2017/04/29 00:30:40 | 000,001,260 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\クライアントマネージャV.lnk
[2017/04/28 22:42:43 | 000,570,619 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2017/04/28 22:42:43 | 000,570,619 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2017/04/28 22:40:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2017/04/28 10:14:59 | 000,631,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2017/04/28 10:14:09 | 000,706,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2017/04/28 10:14:08 | 005,547,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017/04/28 10:11:49 | 001,732,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2017/04/28 10:10:12 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2017/04/28 10:10:12 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2017/04/28 10:10:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2017/04/28 10:10:11 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2017/04/28 10:10:10 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2017/04/28 10:10:10 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2017/04/28 10:10:10 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2017/04/28 10:10:10 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2017/04/28 10:10:09 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2017/04/28 10:10:08 | 001,212,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2017/04/28 10:10:08 | 000,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2017/04/28 10:10:08 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2017/04/28 10:10:07 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2017/04/28 10:10:04 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2017/04/28 10:10:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2017/04/28 10:10:03 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2017/04/28 10:10:02 | 001,460,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2017/04/28 10:10:02 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2017/04/28 10:10:02 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2017/04/28 10:09:59 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017/04/28 10:09:59 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2017/04/28 10:09:58 | 000,880,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2017/04/28 10:09:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2017/04/28 10:09:58 | 000,463,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2017/04/28 10:09:58 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2017/04/28 10:09:58 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2017/04/28 10:09:58 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2017/04/28 10:09:58 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017/04/28 10:09:58 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017/04/28 10:09:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017/04/28 10:09:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017/04/28 09:36:36 | 004,000,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017/04/28 09:36:36 | 003,945,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017/04/28 09:32:51 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2017/04/28 09:32:45 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2017/04/28 09:32:40 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2017/04/28 09:32:39 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2017/04/28 09:32:33 | 000,342,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2017/04/28 09:32:32 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2017/04/28 09:32:32 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2017/04/28 09:32:32 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017/04/28 09:32:32 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017/04/28 09:32:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017/04/28 09:32:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017/04/28 09:19:29 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2017/04/28 09:19:26 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2017/04/28 09:18:44 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2017/04/28 09:15:46 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2017/04/28 09:14:54 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2017/04/28 09:11:35 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2017/04/28 09:10:53 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017/04/28 09:08:07 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2017/04/28 09:08:06 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2017/04/28 09:08:06 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2017/04/28 09:08:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2017/04/28 09:07:13 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017/04/28 09:07:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017/04/28 09:07:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017/04/28 09:07:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017/05/22 21:46:10 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[2017/05/22 21:46:10 | 000,001,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[2017/05/22 21:43:15 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2017/05/22 00:25:53 | 131,690,243 | ---- | C] () -- C:\Users\Unica\Desktop\KIT 1 ERASERFASE CLASSIC DRUM MACHINE PACK.zip
[2017/05/20 01:58:14 | 000,001,242 | ---- | C] () -- C:\Users\Unica\Desktop\Dropbox.lnk
[2017/05/20 01:39:49 | 000,000,684 | ---- | C] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
[2017/05/20 01:39:48 | 000,000,680 | ---- | C] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
[2017/05/12 15:25:24 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2017/05/12 15:21:03 | 004,089,296 | ---- | C] () -- C:\Users\Unica\Desktop\AdwCleaner.exe
[2017/05/07 12:15:53 | 000,000,979 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Plogue sforzando.lnk
[2017/05/06 14:21:08 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/05/06 14:09:51 | 000,002,281 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017/05/06 13:37:32 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/05/03 20:58:21 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2017/04/30 20:48:32 | 000,002,111 | ---- | C] () -- C:\Users\Unica\Desktop\HALion 6.lnk
[2017/04/30 11:50:48 | 000,001,367 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2017/04/30 00:30:24 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2017/04/30 00:30:24 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2017/04/30 00:00:41 | 000,001,004 | ---- | C] () -- C:\Users\Unica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2017/04/29 17:25:29 | 007,290,368 | ---- | C] () -- C:\Users\Unica\AppData\Local\agent.dat
[2017/04/29 17:25:29 | 001,894,851 | ---- | C] () -- C:\Users\Unica\AppData\Local\Zunstock.tst
[2017/04/29 17:25:29 | 000,126,464 | ---- | C] () -- C:\Users\Unica\AppData\Local\noah.dat
[2017/04/29 17:25:29 | 000,070,800 | ---- | C] () -- C:\Users\Unica\AppData\Local\Config.xml
[2017/04/29 17:25:29 | 000,018,432 | ---- | C] () -- C:\Users\Unica\AppData\Local\Main.dat
[2017/04/29 17:25:29 | 000,005,568 | ---- | C] () -- C:\Users\Unica\AppData\Local\md.xml
[2017/04/29 17:23:25 | 000,140,800 | ---- | C] () -- C:\Users\Unica\AppData\Local\installer.dat
[2017/04/29 17:23:25 | 000,019,008 | ---- | C] () -- C:\Users\Unica\AppData\Local\InstallationConfiguration.xml
[2017/04/29 17:18:57 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\SoundEngine Free.lnk
[2017/04/29 16:59:54 | 000,001,257 | ---- | C] () -- C:\Users\Unica\Desktop\Moo0 ボイス録音器 1.43.lnk
[2017/04/29 16:59:40 | 000,001,269 | ---- | C] () -- C:\Users\Unica\Desktop\Moo0 窓メニュー拡張器 1.20.lnk
[2017/04/29 16:52:59 | 000,001,215 | ---- | C] () -- C:\Users\Unica\Desktop\Any Audio Converter.lnk
[2017/04/29 16:43:42 | 001,263,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2017/04/29 16:11:24 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2017/04/29 11:20:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2017/04/29 10:53:10 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2017/04/29 03:22:35 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2017/04/29 03:22:11 | 000,002,104 | ---- | C] () -- C:\Users\Unica\Desktop\Cubase 8 64bit.lnk
[2017/04/29 03:20:50 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2017/04/29 03:20:50 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2017/04/29 00:35:35 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ソフトウェアルーター設定ツール.lnk
[2017/04/29 00:30:40 | 000,001,260 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\クライアントマネージャV.lnk
[2017/04/29 00:30:39 | 000,000,993 | ---- | C] () -- C:\Windows\UN900119.INI
[2017/04/28 23:50:12 | 000,000,290 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2017/04/28 23:50:12 | 000,000,272 | ---- | C] () -- C:\Users\Unica\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2017/04/28 22:42:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2017/04/28 22:42:00 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2017/04/28 22:40:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/08/30 00:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/08/30 00:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 12:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< :OTL >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ja >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 62 FB 2A B2 C0 D2 01 [binary data] >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 46 3E 51 18 22 C6 D2 01 [binary data] >[/color]

[color=#A23BEC]< IE - HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error. >[/color]
Invalid Switch: browserpolicy = Reg Error: Value error.

[color=#A23BEC]< [2017/04/29 16:52:59 | 000,001,215 | ---- | C] () -- C:\Users\Unica\Desktop\Any Audio Converter.lnk >[/color]
Invalid Switch: 29 16:52:59 | 000,001,215 | ---- | C] () -- C:\Users\Unica\Desktop\Any Audio Converter.lnk

[color=#A23BEC]< >[/color]

[color=#A23BEC]< :Files >[/color]

[color=#A23BEC]< C:\Users\Unica\Desktop\Any Audio Converter.lnk >[/color]
[2017/04/29 16:52:59 | 000,001,215 | ---- | M] () -- C:\Users\Unica\Desktop\Any Audio Converter.lnk

[color=#A23BEC]< >[/color]

[color=#A23BEC]< :reg >[/color]

[color=#A23BEC]< >[/color]

[color=#A23BEC]< :Commands >[/color]

[color=#A23BEC]< [purity] >[/color]

[color=#A23BEC]< [resethosts] >[/color]

[color=#A23BEC]< [emptytemp] >[/color]

[color=#A23BEC]< [reboot] >[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2017/05/20 22:36:09 | 031,177,988 | ---- | M] ()(C:\Users\Unica\Desktop\鯏???B????.wav) -- C:\Users\Unica\Desktop\鯏
  • Unica
  • 2017/05/22 (Mon) 23:13:09
Re: duba.comに侵され困っています
[2017/05/20 22:36:09 | 031,177,988 | ---- | M] ()(C:\Users\Unica\Desktop\鯏???B????.wav) -- C:\Users\Unica\Desktop\鯏
  • Unica
  • 2017/05/22 (Mon) 23:14:43
OTLの手順をうっかり間違えましたか
こんばんは。

>kingを消してavastを入れたところ、dubaは消えました!

はい、いよいよKingによるトラブルの疑いが固まりましたね。
以後はavastでセキュリティを固めるならその方向でどうぞ。

作業後のログを見せてもらいましたが、ちょっとログが違ってますね。
その内容だとおそらくOTLでの作業時に「Run fix」ではなく「Run scan」ボタンを押してしまったかと思います。

お手数ですが再度OTLでfix作業をお願いします。
先のスクリプトをOTL画面に貼り付けて「Run fix」です。

これで処置ができたらそのあとのOTLログとともに状態報告をレスください。

自分の説明がまずくてごめんなさい。

しまった、こいつはうっかりだぁ!(←それポジション違う
  • 悪代官
  • 2017/05/23 (Tue) 20:07:05
Re: duba.comに侵され困っています
こんばんは~

毎度眠い目でぽけーっと眺めているので気づきませんでしたすみませんw

状況報告としては特にないですね悪代官様万歳!
座椅子使うな正座しろと整体師に言われたのでPCがだるいことくらいですね

以下ログ
All processes killed
========== OTL ==========
HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-169672659-908977464-1841875494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully!
C:\Users\Unica\Desktop\Any Audio Converter.lnk moved successfully.
========== FILES ==========
File\Folder C:\Users\Unica\Desktop\Any Audio Converter.lnk not found.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default

User: Default User

User: Public

User: Unica
->Temp folder emptied: 1773568 bytes
->Temporary Internet Files folder emptied: 5243148 bytes
->FireFox cache emptied: 379091753 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1529856 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10103 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 58525348 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 426.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 05242017_000754

Files\Folders moved on Reboot...
C:\Users\Unica\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Unica\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • Unica
  • 2017/05/24 (Wed) 00:26:44
PC操作は楽な姿勢でどうぞ
レスが遅くなってすみません。

>状況報告としては特にないですね悪代官様万歳!

PC上で異常が沈静化したのは何よりです。

>座椅子使うな正座しろと整体師に言われたのでPCがだるいことくらいですね

整体にかかっておられましたか。
体にも目にも負担かからない姿勢でPC操作もしてください。

処置後のOTLログも見せてもらいました。
今度は処置もできてますね。
対象エントリもみなsuccessfully(処置成功)になってます。
OTLは準備時の説明に沿って片付けてください。

ではここで全体の見直ししましょう。
お手数ですがまたHJTログと、CCでインストール情報と各タブのログを取り直して、それらをレスください。
なにか取りこぼしか、処置後に別口の感染ないかも含めて全体を洗い直します
  • 悪代官
  • 2017/05/25 (Thu) 20:02:58
Re: duba.comに侵され困っています
ラストスパートですね!
長かったですねwありがとうございました!

-----HJT-----
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:20:24, on 2017/05/25
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)

FIREFOX: 53.0.3 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Unica\Desktop\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft internet security 2017\kxetray.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: ソフトウェアルーター設定ツール.lnk = C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BWH32S - Buffalo Inc. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: Dropbox アップデート サービス (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox アップデート サービス (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6119 bytes




-----CCインストール情報-----
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 2017/05/25 5.55 MB 25.0.0.171
AlphaGo AlphaGo 2017/05/05 7.97 MB 1.2.3
Ample Bass P Lite II version 2.3.1 Ample Sound Technology Co., Ltd. 2017/04/30 531 MB 2.3.1
Ample Guitar M Lite II version 2.3.1 Ample Sound Technology Co., Ltd. 2017/04/30 859 MB 2.3.1
Any Audio Converter 6.1.2 Anvsoft 2017/05/25 6.1.2
ARIA Engine v1.9.1.6 Plogue Art et Technologie, Inc 2017/05/07 13.5 MB v1.9.1.6
Avast Free Antivirus AVAST Software 2017/05/25 17.4.2294
BUFFALO AirStation倍速設定ツール(アンインストール) 2017/05/25
BUFFALO クライアントマネージャV をアンインストール Buffalo Inc. 2017/04/29 13.2 MB 1.5.3
BUFFALO ソフトウェアルーター設定ツール 2017/05/25
CCleaner Piriform 2017/05/06 5.29
Dropbox Dropbox, Inc. 2017/05/25 26.4.24
eLicenser Control Steinberg Media Technologies GmbH 2017/05/25 154 MB 6.10.2.18201
Google Chrome Google Inc. 2017/05/06 58.0.3029.110
Groove Agent SE Rock Pop Toolbox Drums Steinberg Media Technologies GmbH 2017/04/29 3.30 GB 1.0.0
KORG USB-MIDI Driver Tools for Windows 株式会社コルグ 2017/05/11 5.35 MB 1.15.1801
Link Shell Extension Hermann Schinagl 2017/05/07 14.6 MB 3.8.6.8
Malwarebytes Anti-Malware バージョン 1.75.0.1300 Malwarebytes Corporation 2017/05/12 19.2 MB 1.75.0.1300
Microsoft .NET Framework 4.6.2 Microsoft Corporation 2017/04/29 4.6.01590
Microsoft Silverlight Microsoft Corporation 2017/04/29 22.6 MB 5.1.30514.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2017/04/29 428 KB 8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2017/05/07 572 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2017/04/29 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2017/04/29 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2017/04/30 11.0 MB 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2017/05/25 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2017/05/25 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2017/05/25 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2017/05/25 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 Microsoft Corporation 2017/05/25 24.5 MB 14.0.23506.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 Microsoft Corporation 2017/05/25 20.7 MB 14.0.23506.0
Moo0 ボイス録音器 1.43 2017/05/25
Moo0 窓メニュー拡張器 1.20 2017/05/25
Mozilla Firefox 53.0.3 (x86 ja) Mozilla 2017/05/25 88.4 MB 53.0.3
Mozilla Maintenance Service Mozilla 2017/05/06 257 KB 53.0.2
Plogue sforzando v1.916 Plogue 2017/05/07 44.6 MB v1.916
SoundEngine Free Coderium 2017/04/29 5.2.0.8
Steinberg Content Updater Steinberg Media Technologies GmbH 2017/04/29 2.04 MB 3.1.0
Steinberg Cubase 8 64bit Steinberg Media Technologies GmbH 2017/04/29 529 MB 8.0.0
Steinberg Download Assistant Steinberg Media Technologies GmbH 2017/05/25 194 MB 1.5.4
Steinberg Drum Loop Expansion 01 Steinberg Media Technologies GmbH 2017/04/29 428 MB 2.0.0.0
Steinberg EDM Toolbox MIDI Loops Steinberg Media Technologies GmbH 2017/04/29 574 MB 1.1.0
Steinberg Generic Lower Latency ASIO Driver 64bit Steinberg Media Technologies GmbH 2017/04/29 558 KB 1.0.11
Steinberg Groove Agent ONE Allen Morgan Signature Drums Steinberg Media Technologies GmbH 2017/04/29 0.96 GB 1.0.0
Steinberg Groove Agent ONE Content Steinberg Media Technologies GmbH 2017/04/29 142 MB 1.0.0.003
Steinberg Groove Agent ONE Vintage Beatboxes Steinberg Media Technologies GmbH 2017/04/29 38.0 MB 1.0.0.000
Steinberg Groove Agent SE 64bit Steinberg Media Technologies GmbH 2017/04/29 90.0 MB 4.1.0
Steinberg Groove Agent SE Acoustic Agent Steinberg Media Technologies GmbH 2017/04/29 808 MB 1.0.0
Steinberg Groove Agent SE Content Steinberg Media Technologies GmbH 2017/04/29 185 MB 1.2.0
Steinberg HALion 6 Steinberg Media Technologies GmbH 2017/05/07 689 MB 6.0.0
Steinberg HALion Content Steinberg Media Technologies GmbH 2017/04/29 10.4 GB 4.6.3
Steinberg HALion Library Manager Steinberg Media Technologies GmbH 2017/04/29 11.6 MB 3.0.0
Steinberg HALion Sonic 2 Content Steinberg Media Technologies GmbH 2017/04/29 355 MB 2.0.0
Steinberg HALion Sonic 3 Steinberg Media Technologies GmbH 2017/04/29 645 MB 3.0.0
Steinberg HALion Sonic SE 64bit Steinberg Media Technologies GmbH 2017/04/29 66.4 MB 2.0.2
Steinberg HALion Sonic SE Content Steinberg Media Technologies GmbH 2017/04/29 3.15 GB 2.0.0
Steinberg LoopMash Content Steinberg Media Technologies GmbH 2017/04/29 617 MB 2.0.0.000
Steinberg LoopMash Content 2 Steinberg Media Technologies GmbH 2017/04/29 558 MB 1.0.0.000
Steinberg Midi Loop Library Steinberg Media Technologies GmbH 2017/04/29 361 MB 1.0.0
Steinberg Padshop 64bit Steinberg Media Technologies GmbH 2017/04/29 433 MB 1.1.0
Steinberg Retrologue 64bit Steinberg Media Technologies GmbH 2017/04/29 81.3 MB 1.1.0
Steinberg REVerence Content 01 Steinberg Media Technologies GmbH 2017/04/29 199 MB 2.0.1.000
Steinberg Upload Manager Steinberg Media Technologies GmbH 2017/04/29 8.53 MB 1.0.1
Steinberg VST Amp Rack Content 01 Steinberg Media Technologies GmbH 2017/04/29 9.18 MB 1.0.1
Steinberg VST Bass Amp Content Steinberg Media Technologies GmbH 2017/04/29 793 KB 1.0.0
VOCALOID API Runtime (32bit) Yamaha Corporation 2017/04/29 36.3 MB 3.00.0111
VOCALOID API Runtime (64bit) Yamaha Corporation 2017/04/29 36.2 MB 3.00.0111
VOCALOID Deactivation Tool Yamaha Corporation 2017/04/29 1.42 MB 4.2.0
VOCALOID3 Voice DB (MIKU_V3_Dark) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Original) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Soft) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Solid) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Sweet) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID4 Activator Yamaha Corporation 2017/04/29 1.78 MB 4.2.0
VOCALOID4 API (32-bit) Yamaha Corporation 2017/04/29 59.5 MB 4.01.0101
VOCALOID4 API (64-bit) Yamaha Corporation 2017/04/29 59.4 MB 4.01.0101
VOCALOID4 Editor for Cubase 64-bit Yamaha Corporation 2017/05/09 96.9 MB 4.3.0
VOCALOID4 Library KAGAMINE RIN LEN V4 English Crypton Future Media, Inc. 2017/04/29 4.0.0
VOCALOID4 Library KAGAMINE RIN LEN V4X Crypton Future Media, Inc. 2017/04/29 4.0.0

-----CCスタートアップ-----
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
有効 Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Moo0 Window Menu Plus 1.20 Moo0 C:\Program Files (x86)\Moo0\WindowMenuPlus 1.20\WindowMenuPlus.exe -startup
有効 Task RunAsStdUser Task Moo0 C:\Program Files (x86)\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe
有効 Task SafeZone scheduled Autoupdate 1495457167 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

-----CCスケジュールされたタスク-----
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
有効 Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Moo0 Window Menu Plus 1.20 Moo0 C:\Program Files (x86)\Moo0\WindowMenuPlus 1.20\WindowMenuPlus.exe -startup
有効 Task RunAsStdUser Task Moo0 C:\Program Files (x86)\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe
有効 Task SafeZone scheduled Autoupdate 1495457167 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

-----コンテキストメニュー-----
有効 Directory DropboxExt Dropbox, Inc. C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
有効 Directory kwansvc c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll
有効 Drive kwansvc c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll
有効 File 00asw AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File DropboxExt Dropbox, Inc. C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
有効 File HardLinkMenu Hermann Schinagl C:\Program Files\LinkShellExtension\HardlinkShellExt.dll
有効 File kwansvc c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll
有効 File MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 Folder HardLinkMenu Hermann Schinagl C:\Program Files\LinkShellExtension\HardlinkShellExt.dll
有効 Folder MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • Unica
  • 2017/05/25 (Thu) 21:29:49
洗い直しに来ました
こんばんは。
状態の洗い直しに来た「あらいぐま悪代官」です(←悪代官なら悪事から足を洗え

現在の各ログを見せてもらいました。

さすがに感染らしい痕跡は消えてますが、まだ少し問題点が残ってるのでそれを掃除しましょう。

まずHJTを起動してスキャン後、表示された中の下記をfixしてください。
>O4 - HKLM\..\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft internet security 2017\kxetray.exe" -autorun

見てわかるでしょうが、既にアンインストールしたはずのKingsoftのエントリです。
それも「有効」とあるようにまだ生きて動いている状態です。
King系は普通にアンインストールしてもこうやって完全削除を逃れてPC内に食い込むことがわかっています。
アンチウイルスソフトはavastに入れ替えたはずでしょうからKingは削除しておきましょう。

HJTを終了したら次はCCを起動して、「コンテキストメニュー」内の下記も「無効」「エントリの削除」です。
>有効 Directory kwansvc c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll

>有効 Drive kwansvc c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll

>有効 File kwansvc c:\program files (x86)\kingsoft\kingsoft internet security 2017\kwansvc64.dll

ここでもKingが生きてるでしょう。
続いてCCで「IE」タブと「Firefox」タブ、「Chrome」多アブのログもとっておいてください。
今回ブラウザのタブのログがなかったので、これも確認します。

CCを終了したらCドライブを目視で開いて下記のフォルダを探して、見つかれば手動で削除です。
c:\program files (x86)\kingsoft

探しても見つからないときはスルーでいいですが、見つかったのに削除できないときはそのことをまたレスで教えてください。

上記作業後、各ブラウザのログ3つを追加でレスください。
これも見てから取りこぼしの有無も確認します
  • あらいぐま悪代官
  • 2017/05/26 (Fri) 20:39:47
Re: duba.comに侵され困っています
アライさんだ!()

すみません忘れてましたw

IE
有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\AvaspaswWebRepIE64.dll

FF
有効 Extension Application Update Service Helper 2.0 default Firefox 53.0.3 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Avast Online Security 12.0.211 Avast default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\extensions\wrc@avast.com.xpi
有効 Extension Avast SafePrice 12.0.211 Avast default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\extensions\sp@avast.com.xpi
有効 Extension Multi-process staged rollout 1.14 default Firefox 53.0.3 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 53.0.3 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Shield Recipe Client 1.0.0 default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\features\{de1c7e9c-cf0d-433e-8124-fa5a493797e1}\shield-recipe-client@mozilla.org.xpi
有効 Extension Web Compat 1.0 default Firefox 53.0.3 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
有効 Plugin Shockwave Flash 25.0.0.171 Adobe Systems Incorporated default Firefox 53.0.3 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll

Chrome
有効 App Gmail 8.1 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google ドライブ 14.1 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
有効 App YouTube 4.2.8 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Google オフライン ドキュメント 1.4 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0
有効 Extension Google ドキュメント 0.9 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
  • Unica
  • 2017/05/27 (Sat) 09:49:16
異常なければ様子見に入りましょう
今日もレスが遅くなってすみません。

>アライさんだ!()

なるほど、今大きなお友達の間で大人気のけものな軍団ですか。
ですが自分はけものよりも畜生なので、フレンズの皆さんも手下もいないので安心してください。
むごいむごーい(謎

さて、続きのCCログも見せてもらいました。
ブラウザの拡張も特におかしなものはないみたいですね。
先にCCで処置と確認してもらった結果でも下記フォルダはありませんでしたか?
>c:\program files (x86)\kingsoft

これも消えていればKingの残骸掃除もできたと見ていいはずです。

処置ができて、現在異常も出てなければそのまま様子見に入りますか。
普通にPCを使いながらでいいので1週間様子見してください。

1週間後にまたHJTログとCCでインストール情報と各タブのログを取り直して、それらを様子見中の状態報告とともにレスください。

様子見後のログと状態で復活も別口の異常もなければヤマも越えられそうですが、何か異常出たら1週間待たずにいいのでそこでレスください
  • 悪代官
  • 2017/05/27 (Sat) 21:04:31
Re: duba.comに侵され困っています
お久しぶり(?)です悪代官様
最近ソースネクスト社のVEGAS 全部パックというのが\260000からまさかの92%引きで\19800になってたので買って導入したのですが、明らかにPCの速度(特に起動)が落ちました
今までの問題とまったく関係なかったらすみません。。。

ちなみにキングの残骸はあったので、前回のレスの時に報告してないですが、その時潰しました

-----HJT-----
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:57:07, on 2017/05/31
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)

FIREFOX: 53.0.3 (x86 ja)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Users\Unica\AppData\Local\SOURCENEXT\SSS3\4.00.22\Statistics.exe
C:\Users\Unica\AppData\Local\SOURCENEXT\SSS3\4.00.22\Message.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Unica\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Sourcenext.SSS.Launcher] "C:\Program Files (x86)\SOURCENEXT\ソースネクスト アップデート4\Launcher.exe" UpdateTool.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: クライアントマネージャV.lnk = C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
O4 - Global Startup: ソフトウェアルーター設定ツール.lnk = C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BWH32S - Buffalo Inc. - C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe
O23 - Service: Dropbox アップデート サービス (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox アップデート サービス (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6297 bytes



----------CC----------
-----インストール情報-----
ACID Music Studio 10.0 Sony 2017/05/30 273 MB 10.0.108
ACID Pro 7.0 Sony 2017/05/30 252 MB 7.0.713
Adobe Flash Player 25 NPAPI Adobe Systems Incorporated 2017/05/25 5.55 MB 25.0.0.171
AlphaGo AlphaGo 2017/05/05 7.97 MB 1.2.3
Ample Bass P Lite II version 2.3.1 Ample Sound Technology Co., Ltd. 2017/04/30 531 MB 2.3.1
Ample Guitar M Lite II version 2.3.1 Ample Sound Technology Co., Ltd. 2017/04/30 859 MB 2.3.1
Any Audio Converter 6.1.2 Anvsoft 2017/05/25 6.1.2
ARIA Engine v1.9.1.6 Plogue Art et Technologie, Inc 2017/05/07 13.5 MB v1.9.1.6
Avast Free Antivirus AVAST Software 2017/05/25 17.4.2294
BUFFALO AirStation倍速設定ツール(アンインストール) 2017/05/25
BUFFALO クライアントマネージャV をアンインストール Buffalo Inc. 2017/04/29 13.2 MB 1.5.3
BUFFALO ソフトウェアルーター設定ツール 2017/05/25
CCleaner Piriform 2017/05/06 5.29
Dropbox Dropbox, Inc. 2017/05/25 26.4.24
DVD Architect VEGAS 2017/05/30 423 MB 7.0.54
eLicenser Control Steinberg Media Technologies GmbH 2017/05/25 154 MB 6.10.2.18201
Google Chrome Google Inc. 2017/05/06 58.0.3029.110
Groove Agent SE Rock Pop Toolbox Drums Steinberg Media Technologies GmbH 2017/04/29 3.30 GB 1.0.0
KORG USB-MIDI Driver Tools for Windows 株式会社コルグ 2017/05/11 5.35 MB 1.15.1801
Link Shell Extension Hermann Schinagl 2017/05/07 14.6 MB 3.8.6.8
MAGIX Content and Soundpools MAGIX Software GmbH 2017/05/30 1.0.0.0
Malwarebytes Anti-Malware バージョン 1.75.0.1300 Malwarebytes Corporation 2017/05/12 19.2 MB 1.75.0.1300
Microsoft .NET Framework 4.6.2 Microsoft Corporation 2017/04/29 4.6.01590
Microsoft Silverlight Microsoft Corporation 2017/04/29 22.6 MB 5.1.30514.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2017/05/29 348 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2017/05/07 572 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 2017/04/29 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2017/05/29 232 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2017/04/29 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 2017/04/30 11.0 MB 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2017/05/25 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2017/05/25 17.3 MB 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2017/05/25 20.5 MB 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2017/05/25 17.1 MB 12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 Microsoft Corporation 2017/05/25 24.5 MB 14.0.23506.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 Microsoft Corporation 2017/05/25 20.7 MB 14.0.23506.0
Moo0 ボイス録音器 1.43 2017/05/25
Moo0 窓メニュー拡張器 1.20 2017/05/25
Movie Studio 14.0 Platinum VEGAS 2017/05/30 795 MB 14.0.113
Mozilla Firefox 53.0.3 (x86 ja) Mozilla 2017/05/25 88.4 MB 53.0.3
Mozilla Maintenance Service Mozilla 2017/05/06 257 KB 53.0.2
Noise Reduction Plug-In 2.0 VEGAS 2017/05/30 27.9 MB 2.0.662
Plogue sforzando v1.916 Plogue 2017/05/07 44.6 MB v1.916
proDAD Mercalli NLE 4.0 (64bit) proDAD GmbH 2017/05/31 4.0.471.1
Sound Forge Audio Studio 10.0 Sony 2017/05/30 235 MB 10.0.252
Sound Forge Pro 11.0 MAGIX 2017/05/30 356 MB 11.0.341
SoundEngine Free Coderium 2017/04/29 5.2.0.8
Steinberg Content Updater Steinberg Media Technologies GmbH 2017/04/29 2.04 MB 3.1.0
Steinberg Cubase 8 64bit Steinberg Media Technologies GmbH 2017/04/29 529 MB 8.0.0
Steinberg Download Assistant Steinberg Media Technologies GmbH 2017/05/25 194 MB 1.5.4
Steinberg Drum Loop Expansion 01 Steinberg Media Technologies GmbH 2017/04/29 428 MB 2.0.0.0
Steinberg EDM Toolbox MIDI Loops Steinberg Media Technologies GmbH 2017/04/29 574 MB 1.1.0
Steinberg Generic Lower Latency ASIO Driver 64bit Steinberg Media Technologies GmbH 2017/04/29 558 KB 1.0.11
Steinberg Groove Agent ONE Allen Morgan Signature Drums Steinberg Media Technologies GmbH 2017/04/29 0.96 GB 1.0.0
Steinberg Groove Agent ONE Content Steinberg Media Technologies GmbH 2017/04/29 142 MB 1.0.0.003
Steinberg Groove Agent ONE Vintage Beatboxes Steinberg Media Technologies GmbH 2017/04/29 38.0 MB 1.0.0.000
Steinberg Groove Agent SE 64bit Steinberg Media Technologies GmbH 2017/04/29 90.0 MB 4.1.0
Steinberg Groove Agent SE Acoustic Agent Steinberg Media Technologies GmbH 2017/04/29 808 MB 1.0.0
Steinberg Groove Agent SE Content Steinberg Media Technologies GmbH 2017/04/29 185 MB 1.2.0
Steinberg HALion 6 Steinberg Media Technologies GmbH 2017/05/07 689 MB 6.0.0
Steinberg HALion Content Steinberg Media Technologies GmbH 2017/04/29 10.4 GB 4.6.3
Steinberg HALion Library Manager Steinberg Media Technologies GmbH 2017/04/29 11.6 MB 3.0.0
Steinberg HALion Sonic 2 Content Steinberg Media Technologies GmbH 2017/04/29 355 MB 2.0.0
Steinberg HALion Sonic 3 Steinberg Media Technologies GmbH 2017/04/29 645 MB 3.0.0
Steinberg HALion Sonic SE 64bit Steinberg Media Technologies GmbH 2017/04/29 66.4 MB 2.0.2
Steinberg HALion Sonic SE Content Steinberg Media Technologies GmbH 2017/04/29 3.15 GB 2.0.0
Steinberg LoopMash Content Steinberg Media Technologies GmbH 2017/04/29 617 MB 2.0.0.000
Steinberg LoopMash Content 2 Steinberg Media Technologies GmbH 2017/04/29 558 MB 1.0.0.000
Steinberg Midi Loop Library Steinberg Media Technologies GmbH 2017/04/29 361 MB 1.0.0
Steinberg Padshop 64bit Steinberg Media Technologies GmbH 2017/04/29 433 MB 1.1.0
Steinberg Retrologue 64bit Steinberg Media Technologies GmbH 2017/04/29 81.3 MB 1.1.0
Steinberg REVerence Content 01 Steinberg Media Technologies GmbH 2017/04/29 199 MB 2.0.1.000
Steinberg Upload Manager Steinberg Media Technologies GmbH 2017/04/29 8.53 MB 1.0.1
Steinberg VST Amp Rack Content 01 Steinberg Media Technologies GmbH 2017/04/29 9.18 MB 1.0.1
Steinberg VST Bass Amp Content Steinberg Media Technologies GmbH 2017/04/29 793 KB 1.0.0
VEGAS Pro 14.0 (64-bit) VEGAS 2017/05/30 879 MB 14.0.191
VOCALOID API Runtime (32bit) Yamaha Corporation 2017/04/29 36.3 MB 3.00.0111
VOCALOID API Runtime (64bit) Yamaha Corporation 2017/04/29 36.2 MB 3.00.0111
VOCALOID Deactivation Tool Yamaha Corporation 2017/04/29 1.42 MB 4.2.0
VOCALOID3 Voice DB (MIKU_V3_Dark) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Original) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Soft) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Solid) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID3 Voice DB (MIKU_V3_Sweet) Crypton Future Media, Inc. 2017/04/29 3.0.0.0
VOCALOID4 Activator Yamaha Corporation 2017/04/29 1.78 MB 4.2.0
VOCALOID4 API (32-bit) Yamaha Corporation 2017/04/29 59.5 MB 4.01.0101
VOCALOID4 API (64-bit) Yamaha Corporation 2017/04/29 59.4 MB 4.01.0101
VOCALOID4 Editor for Cubase 64-bit Yamaha Corporation 2017/05/09 96.9 MB 4.3.0
VOCALOID4 Library KAGAMINE RIN LEN V4 English Crypton Future Media, Inc. 2017/04/29 4.0.0
VOCALOID4 Library KAGAMINE RIN LEN V4X Crypton Future Media, Inc. 2017/04/29 4.0.0
ソースネクスト アップデート 4.0 SOURCENEXT 2017/05/30 26.2 MB 16.00.0001



-----Windows-----
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run AvastUI.exe AVAST Software "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
有効 HKLM:Run Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
有効 HKLM:Run KORG USB-MIDI Driver KORG Inc. C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
有効 HKLM:Run Sourcenext.SSS.Launcher SOURCENEXT CORPORATION "C:\Program Files (x86)\SOURCENEXT\ソースネクスト アップデート4\Launcher.exe" UpdateTool.exe
有効 Startup Common クライアントマネージャV.lnk Buffalo Inc. C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
有効 Startup Common ソフトウェアルーター設定ツール.lnk BUFFALO INC. C:\Program Files (x86)\BUFFALO\SoftAP\SoftAP.exe



-----スケジュールされたタスク-----
有効 Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task DropboxUpdateTaskMachineCore Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
有効 Task DropboxUpdateTaskMachineUA Dropbox, Inc. C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Moo0 Window Menu Plus 1.20 Moo0 C:\Program Files (x86)\Moo0\WindowMenuPlus 1.20\WindowMenuPlus.exe -startup
有効 Task RunAsStdUser Task Moo0 C:\Program Files (x86)\Moo0\VoiceRecorder 1.43\VoiceRecorder.exe
有効 Task SafeZone scheduled Autoupdate 1495457167 Avast Software C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)



-----コンテキストメニュー-----
有効 Directory DropboxExt Dropbox, Inc. C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
有効 File 00asw AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 File DropboxExt Dropbox, Inc. C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
有効 File HardLinkMenu Hermann Schinagl C:\Program Files\LinkShellExtension\HardlinkShellExt.dll
有効 File MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 Folder avast AVAST Software C:\Program Files\AVAST Software\Avast\ashShA64.dll
有効 Folder HardLinkMenu Hermann Schinagl C:\Program Files\LinkShellExtension\HardlinkShellExt.dll
有効 Folder MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll



-----IE-----
有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
有効 Helper avast! Online Security AVAST Software C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll



-----FF-----
有効 Extension Application Update Service Helper 2.0 default Firefox 53.0.3 C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
有効 Extension Avast Online Security 12.0.211 Avast default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\extensions\wrc@avast.com.xpi
有効 Extension Avast SafePrice 12.0.211 Avast default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\extensions\sp@avast.com.xpi
有効 Extension Multi-process staged rollout 1.14 default Firefox 53.0.3 C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
有効 Extension Pocket 1.0.5 default Firefox 53.0.3 C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
有効 Extension Shield Recipe Client 1.0.0 default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\features\{de1c7e9c-cf0d-433e-8124-fa5a493797e1}\shield-recipe-client@mozilla.org.xpi
有効 Extension Web Compat 1.0 default Firefox 53.0.3 C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
有効 Plugin 1.4.8.903 Google Inc. default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default Firefox 53.0.3 C:\Users\Unica\AppData\Roaming\Mozilla\Firefox\Profiles\znl8pikd.default\gmp-gmpopenh264\1.6\gmpopenh264.dll
有効 Plugin Shockwave Flash 25.0.0.171 Adobe Systems Incorporated default Firefox 53.0.3 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll



-----Chrome-----
有効 App Gmail 8.1 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
有効 App Google ドライブ 14.1 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
有効 App YouTube 4.2.8 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
有効 Extension Google オフライン ドキュメント 1.4 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0
有効 Extension Google ドキュメント 0.9 ユーザー 1 C:\Users\Unica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
  • Unica
  • 2017/05/31 (Wed) 05:03:01
VEGASの一時アンインストールで確認を
こんばんは。
様子見後の報告かと思いましたが別の異常が出てますか。

>最近ソースネクスト社のVEGAS 全部パックというのが\260000からまさかの92%引きで\19800になってたので買って導入したのですが、明らかにPCの速度(特に起動)が落ちました

下記の動画編集ソフトですか。
http://www.sourcenext.com/product/vegas/allpack/

>ちなみにキングの残骸はあったので、前回のレスの時に報告してないですが、その時潰しました

こちらは処置できたならそれでいいです。

では件のVEGASですが、製品版を購入してシリアルも持っているなら一度アンインストールして動作確認してみてください。
それで動作が正常に戻ればVEGASが絡んでいるということになるので、あとは再インストールするか使用を見合わせるか判断するといいでしょう。
  • 悪代官
  • 2017/05/31 (Wed) 20:40:45
Re: duba.comに侵され困っています
avastでスキャンしたところ

パフォーマンス改善の余地があるそうなんですが、無償ではで検出のみのようですね、、、

一見してVEGASは関係なさそうなので勝手ですが一旦保留させていただきたいw(インストくそ時間かかった)
  • Unica
  • 2017/05/31 (Wed) 22:55:38
Avastのそれは無視で結構です
こんばんは、IVNOと申します。
悪代官さんと入れ代わりましてご案内いたします。
Avastのパフォーマンス検出は有償となりますし、そこまで優秀でもないので無視で結構です。
データを見る限り、確かにソースネクスト製品が動作に影響を及ぼしているのが拝見できます。
ただ事情が事情だけにそちらは自己判断で良いでしょう。
その他異常な点があればお知らせください。
異常な点が見つからないようであれば、今しばらく様子見を行ってみてください。
  • IVNO
  • 2017/06/01 (Thu) 19:47:00

返信フォーム※初心者、通りすがり等、重複しやすい名前の利用はご遠慮ください。






プレビュー (投稿前に内容を確認)