悪代官の伏魔殿掲示板

AdwcleanerでPUP.Optional.Legacy検出

悪代官さんお久しぶりです。以前にもご相談させて頂きましたペソネと申します。

本日Adwcleanerでスキャンしたら、PUP.Optional.Legacyが検出されました。
現状不審な挙動は見当たらず、誤検出かも知れないのですが自分では判断できません。
どうか皆様のお知恵を貸していただけませんでしょうか。

ペソネ
2022/12/06 (Tue) 11:57:57

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:01:40, on 2022/12/06
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.22000.0120)

Boot mode: Normal

Running processes:
C:\Users\XXXX\Downloads\HijackThis.exe
C:\Program Files\NTTW\Security\SEC\UIFramework\uiWinMgr.exe
C:\Program Files\NTTW\Security\SEC\UIFramework\uiWinMgr.exe
C:\Program Files\NTTW\Security\SEC\UIFramework\uiWinMgr.exe
C:\Program Files\NTTW\Security\SEC\UIFramework\uiWinMgr.exe

F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.62\BHO\ie_to_edge_bho.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O3 - Toolbar: Trend ツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_4D7D77F120A72D51F6BD27E97162BD95] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\Security\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_7a9f2 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Optane(TM) Memory Service (iaStorAfsService) - Intel Corporation - C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe
O23 - Service: Intel(R) Graphics Command Center Service (igccservice) - Unknown owner - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe
O23 - Service: @oem35.inf,%SocketHECIServiceName%;Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) - Intel(R) Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service: @oem35.inf,%TPMProvisioningServiceName%;Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) - Intel(R) Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT Meter - NEC Personal Computers, Ltd. - c:\Windows\SysWOW64\NTMETER.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TmWscSvc - Trend Micro Inc. - C:\Program Files\NTTW\Security\SEC\TmWscSvc\TmWscSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8304 bytes

ペソネ
2022/12/06 (Tue) 12:08:27

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

3D ビューアー Microsoft Corporation 2022/03/24 1.0.35.0
BUFFALO エアステーション設定ツール Buffalo Inc. 2022/05/13 2.1.2
CCleaner Piriform 2022/12/06 6.06
Cortana Microsoft Corporation 2022/06/19 4.2204.13303.0
HEIF Image Extensions Microsoft Corporation 2022/05/11 1.0.43012.0
Intel(R) Management Engine Components Intel Corporation 2019/12/17 1920.12.0.1273
Intel(R) Processor Graphics Intel Corporation 2020/09/29 26.20.100.7870
Intel® Graphics Control Panel INTEL CORP 2022/03/20 3.3.0.0
iTunes Apple Inc. 2022/10/26 12126.1.57048.0
Malwarebytes version 4.5.18.226 Malwarebytes 2022/11/23 4.5.18.226
Maps Microsoft Corporation 2022/03/24 1.0.28.0
Microsoft Edge Microsoft Corporation 2022/11/30 107.0.1418.62
Microsoft Edge WebView2 Runtime Microsoft Corporation 2022/12/02 107.0.1418.62
Microsoft Store Microsoft Corporation 2022/12/06 22210.1401.10.0
Microsoft Store エクスペリエンスホスト Microsoft Corporation 2022/11/11 12207.44.6.0
Microsoft Update Health Tools Microsoft Corporation 2022/04/07 0.99 MB 4.67.0.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2018/03/08 4.84 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2018/03/08 6.83 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2018/03/08 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2018/05/11 9.54 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2018/03/08 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2018/03/08 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2018/03/08 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2020/12/02 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2020/12/02 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2020/12/02 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2020/12/02 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2020/12/02 12.0.30501.0
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 Microsoft Corporation 2020/12/02 14.0.22816.0
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 Microsoft Corporation 2020/12/02 14.26.28720.3
Microsoft 付箋 Microsoft Corporation 2022/10/19 4.5.7.0
Mixed Reality ポータル Microsoft Corporation 2021/07/16 2000.21051.1282.0
Mozilla Firefox (x64 ja) Mozilla 2022/11/30 107.0.1
Mozilla Maintenance Service Mozilla 2019/12/18 68.3.0
MPEG-2 ビデオ拡張機能 Microsoft Corporation 2022/10/26 1.0.50901.0
Music Center for PC Sony Corporation 2021/12/16 280 MB 2.5.0.11260
NEC MFKB Driver NEC Personal Computers, Ltd. 2019/12/17 77.0 KB 1.19.1314
NX PAD Driver ELAN Microelectronic Corp. 2022/03/22 15.16.11.3
OneNote for Windows 10 Microsoft Corporation 2022/06/19 16.14326.20837.0
People Microsoft Corporation 2022/05/06 10.2105.4.0
Print 3D Microsoft Corporation 2022/03/22 3.3.791.0
Realtek Card Reader Realtek Semiconductor Corp. 2022/03/22 10.0.15063.21300
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2022/03/22 6.0.1.8125
Snipping Tool Microsoft Corporation 2022/10/21 11.2209.2.0
Solitaire & Casual Games Microsoft Studios 2022/12/01 4.15.11210.0
Trend Micro Titanium 西日本電信電話株式会社 2022/04/23 450 MB 17.71
VP9 Video Extensions Microsoft Corporation 2022/10/26 1.0.52781.0
Web メディア拡張機能 Microsoft Corporation 2021/10/11 1.0.42192.0
Webp Image Extensions Microsoft Corporation 2022/10/26 1.0.52351.0
Windows PC 正常性チェック Microsoft Corporation 2021/10/22 11.4 MB 3.2.2110.14001
Windows Print
Windows Web Experience Pack Microsoft Windows 2022/11/06 421.20070.765.0
Windows サウンドレコーダー Microsoft Corporation 2022/12/01 11.2208.28.0
Windows セキュリティ Microsoft Corporation 2022/08/31 1000.22621.1.0
Xbox Game Bar Microsoft Corporation 2022/11/06 5.822.10271.0
Xbox Game bar Microsoft Corporation 2020/06/13 1.54.4001.0
Xbox Game Speech Window Microsoft Corporation 2022/03/22 1.21.13002.0
Xbox Identity Provider Microsoft Corporation 2022/11/16 12.95.3001.0
Xbox Live Microsoft Corporation 2022/03/22 1.24.10001.0
Xbox コンソールコンパニオン Microsoft Corporation 2022/06/23 48.89.25001.0
アプリインストーラー Microsoft Corporation 2022/10/10 1.18.2691.0
インテル® グラフィックス・コマンド・センター INTEL CORP 2022/10/15 1.100.3408.0
カメラ Microsoft Corporation 2022/11/06 2022.2209.13.0
クロック Microsoft Corporation 2022/11/11 11.2209.11.0
スマートフォン連携 Microsoft Corporation 2022/11/23 1.22092.214.0
セキュリティ対策ツール西日本電信電話株式会社 2022/04/23 17.71
デバイス製造元からの HEVC ビデオ拡張機能 Microsoft Corporation 2022/10/26 2.0.51121.0
ヒント Microsoft Corporation 2022/12/01 10.2210.3.0
フィードバック Hub Microsoft Corporation 2022/03/24 1.2203.761.0
フォト Microsoft Corporation 2022/11/23 2022.31110.14005.0
フォトメディアエンジンアドオン Microsoft Corporation 2021/10/08 1.0.0.0
ペイント Microsoft Corporation 2022/10/01 11.2208.6.0
ペイント 3D Microsoft Corporation 2022/03/10 6.2203.1037.0
メモ帳 Microsoft Corporation 2022/11/06 11.2209.6.0
メール/カレンダー Microsoft Corporation 2022/05/20 16005.14326.20970.0
問い合わせ Microsoft Corporation 2022/11/02 10.2208.2551.0
天気 Microsoft Corporation 2022/11/11 4.53.43112.0
日本語ローカルエクスペリエンスパック Microsoft Corporation 2022/11/12 22000.28.135.0
電卓 Microsoft Corporation 2022/11/06 11.2209.0.0

ペソネ
2022/12/06 (Tue) 12:09:42

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

Microsoft Windows [Version 10.0.22000.1219]

それと、参考になるかと思いましてAdwcleanerのスキャンログも添付しておきます。
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-06-2022
# Duration: 00:00:06
# OS: Windows 11 (Build 22000.1219)
# Scanned: 32087
# Detected: 1

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evtion

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

お手間をお掛けしますが、よろしくお願いいたします。

ペソネ
2022/12/06 (Tue) 12:12:30

返信フォームへ

ACの検出が気になります

こんばんは。
お久しぶりですね。

今回はACでの検出で気になりましたか。

ACとHJTとインストール情報のログを見せてもらいました。

ブラウザのEdgeが更新リリースされているので更新してください。
>Microsoft Edge Microsoft Corporation 2022/11/30 107.0.1418.62
>Microsoft Edge WebView2 Runtime Microsoft Corporation 2022/12/02 107.0.1418.62

上記以外は不審な点見えないようですが、ACのログがひっかかりますね。

>PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evtion

スタートメニューに登録されているようですが、Evtionというワードが情報見つかりません。
インストールされているアプリでもそれらしい名前がなさそうですし、HJTログにもエントリありません。

少し解析してみましょうか。

まずEdge起動して「拡張機能」画面を開いてください。
Edgeのアドレスバーに下記をコピペで貼りつけて移動です。

edge://extensions/

そこでEvtionに該当する拡張がないか見てください。
また、入れた覚えがないのに入っている拡張があればそれも教えてください。

次にCC起動して、各タブのログを取って、それをレスで見せてください。
HJTでは見えないスタートアップや拡張のエントリを調べてみましょう

悪代官
2022/12/06 (Tue) 21:11:21

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

Edgeの更新を完了しました。また、Evtionを含む不審な拡張は確認されませんでした。

CCログです。

Windows
無効 HKCU:Run CCleaner Smart Cleaning Piriform Software Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run MicrosoftEdgeAutoLaunch_4D7D77F120A72D51F6BD27E97162BD95 Microsoft Corporation "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run NECMFK NEC Personal Computers, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
有効 HKLM:Run SecurityHealth Microsoft Corporation %windir%\system32\SecurityHealthSystray.exe
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe"

スケジュールされたタスク
無効 Task CCleanerCrashReporting Piriform Software C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "2c50d56c-8913-4635-999c-8bfe38cb4918" --version "6.06.10144" --silent
無効 Task CCleanerSkipUAC - XXXX Piriform Software Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task MicrosoftEdgeUpdateTaskMachineCore Microsoft Corporation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
有効 Task MicrosoftEdgeUpdateTaskMachineUA Microsoft Corporation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
有効 Task necNbSchedRun NEC Personal Computers, Ltd. "C:\Program Files\necbatt\nbSched.exe"
有効 Task OneDrive Standalone Update Task v2 %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここで開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory ファイルの所有権
有効 Drive PowerShell ウィンドウをここで開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll

サービス
有効 Service Elan Service ELAN Microelectronics Corp. "C:\Program Files\Elantech\ETDService.exe"
無効 Service Intel(R) Capability Licensing Service TCP IP Interface Intel(R) Corporation C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
有効 Service Intel(R) Content Protection HDCP Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHDCPSvc.exe
無効 Service Intel(R) Content Protection HECI Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHeciSvc.exe
有効 Service Intel(R) Dynamic Application Loader Host Interface Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
有効 Service Intel(R) Graphics Command Center Service Intel(R) pGFX C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
有効 Service Intel(R) HD Graphics Control Panel Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe
有効 Service Intel(R) Management and Security Application Local Management Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
無効 Service Intel(R) Optane(TM) Memory Service Intel Corporation C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe
有効 Service Intel(R) TPM Provisioning Service Intel(R) Corporation C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
有効 Service Malwarebytes Service Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
無効 Service Mozilla Maintenance Service Mozilla Foundation "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
有効 Service NT Meter NEC Personal Computers, Ltd. c:\Windows\SysWOW64\NTMETER.exe
無効 Service OpenSSH Authentication Agent C:\WINDOWS\System32\OpenSSH\ssh-agent.exe
有効 Service Platinum Host Service Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe"
有効 Service Security Solution Platform Trend Micro Inc. "C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=1 -ad -bt=0
無効 Service TmWscSvc Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\TmWscSvc\TmWscSvc.exe"

IE
有効 Helper IEToEdge BHO Microsoft Corporation C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\BHO\ie_to_edge_bho.dll
有効 Helper IEToEdge BHO Microsoft Corporation C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\BHO\ie_to_edge_bho_64.dll
有効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll
有効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll

FF
有効 Extension Add-ons Search Detection 2.0.0 default-release Firefox 107.0.1 path
有効 Extension Amazon.com.au 1.9 default-release Firefox 107.0.1 path
有効 Extension Bing 1.3 default-release Firefox 107.0.1 path
有効 Extension DuckDuckGo 1.1 default-release Firefox 107.0.1 path
有効 Extension Firefox Screenshots 39.0.1 Mozilla <screenshots-feedback@mozilla.com> default-release Firefox 107.0.1 path
有効 Extension Form Autofill 1.0.1 default-release Firefox 107.0.1 path
有効 Extension Google 1.2 default-release Firefox 107.0.1 path
有効 Extension Picture-In-Picture 1.0.0 default-release Firefox 107.0.1 path
有効 Extension uBlock Origin 1.45.2 Raymond Hill & contributors default-release Firefox 107.0.1 path
有効 Extension Web Compatibility Interventions 107.1.0 default-release Firefox 107.0.1 path
無効 Extension WebCompat Reporter 1.5.0 Thomas Wisniewski <twisniewski@mozilla.com> default-release Firefox 107.0.1 path
有効 Extension Wikipedia (en) 1.1 default-release Firefox 107.0.1 path
有効 Extension Yahoo! JAPAN 1.0 default-release Firefox 107.0.1 path
有効 Extension ヤフオク! 1.3 default-release Firefox 107.0.1 path
有効 Extension 楽天市場 1.2 default-release Firefox 107.0.1 path
有効 Plugin 4.10.2557.0 Google LLC default-release Firefox 107.0.1 C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\gle0pcpf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.8.1.2 Mozilla Corporation default-release Firefox 107.0.1 C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\gle0pcpf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

お手数をおかけしますが、よろしくお願いします。

ペソネ
2022/12/07 (Wed) 06:50:40

返信フォームへ

ショートカットから調べますか

作業と報告、ご苦労様です。
CCの各ログも見せてもらいました。

>Edgeの更新を完了しました。また、Evtionを含む不審な拡張は確認されませんでした。

はい、まず更新はできたのでいいでしょう。
不審拡張は見つからなかったようなのでEdgeの原因ではないようですね。

ではまた確認しながら進めましょうか。

まずブラウザのFirefoxは起動しない状態でCC起動して、「FF」タブ内の下記のうち不要なものは「無効」推奨です。

>有効 Extension Amazon.com.au 1.9 default-release Firefox 107.0.1 path

>有効 Extension Bing 1.3 default-release Firefox 107.0.1 path

>有効 Extension Google 1.2 default-release Firefox 107.0.1 path

>有効 Extension Wikipedia (en) 1.1 default-release Firefox 107.0.1 path

>有効 Extension Yahoo! JAPAN 1.0 default-release Firefox 107.0.1 path

>有効 Extension ヤフオク! 1.3 default-release Firefox 107.0.1 path

>有効 Extension 楽天市場 1.2 default-release Firefox 107.0.1 path

見ての通り検索エンジンですがユーザーが必要として使っているものでなければ無効化しておくのがいいです。
いらなければ無効化後「削除」してもいいです。
ちなみに自分の環境ではどのブラウザでも不要な検索は検証や解析に使う場合以外は無効化削除してます。

CCを終了したら次は手動目視で確認です。

Cドライブで下記のフォルダを開いてください。

C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

そこにEvtionがありますか？
なければその旨だけ次回レスで教えてください。

あればそれを右クリックで開いて「プロパティ」から「ショートカット」タブを開き、「リンク先」欄内に表示されているリンク先を丸ごとコピーして、そのリンク先をレスに貼り付けて見せてください。
リンク先内に個人情報にあたる内容が含まれていたらそこだけ適当に伏せてくれていいです。
続いて「全般」タブ画面も見て、「作成日時」「更新日時」「アクセス日時」も表示されていればそれも教えてください。
インストールアプリの場合はインストールされた日時がショートカット作成日時と大体同じになるので、ある程度素性を絞ることが可能になります。完全ではないので決め手にはならないこともありますからまだ断言はできませんが。

Evtionがファイルもしくはショートカットじゃなくフォルダの場合はそのフォルダも開いて、中にある内容を教えてください。

リンク先がわかればそこにあるはずの本体を調べることになりそうです

悪代官
2022/12/07 (Wed) 20:09:32

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

Firefoxの検索エンジンはブラウザの設定からGoogle以外無効にしているのですが、
その残骸がCCleanerの一覧に載ってしまったみたいです。

Evtionについてですが、Adwcleaner検出後に隔離したところ
再起動されずにクリーニングだけで処置が終わりました。
Adwcleaner隔離項目の一覧やCドライブを確認しましたが、Evtionは見当たりませんでした。

この件と似た投稿がありました。https://www.reddit.com/r/Malwarebytes/comments/orab7m/adwcealer_detection_disappeared_by_itself/
ご参考までにお伝えさせて頂きます。

ペソネ
2022/12/07 (Wed) 23:59:15

返信フォームへ

MBAMでもスキャンしてみてください

今夜もレスが遅くなってすみません。

>Firefoxの検索エンジンはブラウザの設定からGoogle以外無効にしているのですが、
>その残骸がCCleanerの一覧に載ってしまったみたいです。

はい、了解です。
CCはこうやって残骸が表示されることも多いので解析が混乱するのが難ですね。

>Evtionについてですが、Adwcleaner検出後に隔離したところ
>再起動されずにクリーニングだけで処置が終わりました。
A>dwcleaner隔離項目の一覧やCドライブを確認しましたが、Evtionは見当たりませんでした。

既にACで隔離しているわけですね。
では下手に復元するのもよくないので隔離したままにしておいてください。

>この件と似た投稿がありました

リンク先も見せていただきました。
海外で似た症状もあったんですね。
そちらもACで検出されるならパスは違っても改変されたモノの疑いが考えられますね。

ACで検出隔離したEvtionは念のため削除はせず隔離のまま残しておいてください。
もしPCの不具合でも起きたらそれを復元しての修正が必要になるかもしれないので。
何も異常起きなければ様子見期間過ぎたら削除しても大丈夫でしょう。
1週間は残しておいてください。

念のため、malwarebytesでも更新してからフルスキャンして、その検出レポート（ログ）を見せてもらえますか。
検出があってもその時点では隔離もせずそのままにしておいてください

悪代官
2022/12/08 (Thu) 21:41:46

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

>>ACで検出隔離したEvtionは念のため削除はせず隔離のまま残しておいてください。
>>もしPCの不具合でも起きたらそれを復元しての修正が必要になるかもしれないので。

伝わりにくくて申し訳ございません。
Evtionはスキャン時に検出され、対処として隔離を選択したものの、
何故か隔離項目一覧に見当たらなかったのです。
隔離時のログファイルを確認すると、削除した事になっています。
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-06-2022
# Duration: 00:00:01
# OS: Windows 11 (Build 22000.1219)
# Cleaned: 1
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evtion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Hosts File
[+] Reset Winsock

検出後からは、シャットダウン前に必ずMalwarebytesでフルスキャンしておりますが、
一度もマルウェアの類が検出された事はありません。

ペソネ
2022/12/08 (Thu) 22:10:09

返信フォームへ

Malwarebytesログ

Malwarebytes
www.malwarebytes.com

-ログの詳細-
スキャン日付: 2022/12/08
スキャン時間: 22:12
ログファイル: f2dca670-76f9-11ed-9ed8-fc6198fbbba6.json

-ソフトウェア情報-
バージョン: 4.5.18.226
コンポーネントバージョン: 1.0.1838
パッケージバージョンをアップデート: 1.0.63192
ライセンス: 無料版

-システム情報-
OS: Windows 11 (Build 22000.1219)
CPU: x64
ファイルシステム: NTFS
ユーザー: XXXX-XXXX\XXXX

-スキャン結果の概要-
スキャンタイプ: カスタムスキャン
スキャン開始日時: マニュアル
結果: 完了
スキャンされたオブジェクト: 521552
検出された脅威: 0
隔離された脅威: 0
経過時間: 8 分 22 秒

-スキャンオプション-
メモリ: 有効
スタートアップ: 有効
ファイルシステム: 有効
アーカイブ: 有効
ルートキット: 無効
ヒューリスティック: 有効
PUP: 検出
PUM: 検出

-スキャンの詳細-
プロセス: 0
(悪意のあるアイテムは検出されませんでした)

モジュール: 0
(悪意のあるアイテムは検出されませんでした)

レジストリキー: 0
(悪意のあるアイテムは検出されませんでした)

レジストリ値: 0
(悪意のあるアイテムは検出されませんでした)

レジストリデータ: 0
(悪意のあるアイテムは検出されませんでした)

データストリーム: 0
(悪意のあるアイテムは検出されませんでした)

フォルダ: 0
(悪意のあるアイテムは検出されませんでした)

ファイル: 0
(悪意のあるアイテムは検出されませんでした)

物理セクタ: 0
(悪意のあるアイテムは検出されませんでした)

WMI（ウィンドウズ・マネージメント・インスツルメンテ〜ション）: 0
(悪意のあるアイテムは検出されませんでした)

(end)

ペソネ
2022/12/08 (Thu) 22:25:32

返信フォームへ

バスターが反応した可能性もありますが

今日もレスが遅くなりました。

>Evtionはスキャン時に検出され、対処として隔離を選択したものの、
>何故か隔離項目一覧に見当たらなかったのです。
>隔離時のログファイルを確認すると、削除した事になっています。

うーん、その挙動だと考えられるのは、PCに入れていたアンチウイルスソフトがACで検出処置の動作に反応してアンチウイルスに隔離された可能性です。
PCに入っているアンチウイルスソフトは下記ですね。
>セキュリティ対策ツール西日本電信電話株式会社 2022/04/23 17.71

これはトレンドマイクロのウイルスバスターのOEM版と思いますが、これを使っているならその隔離ボックスを確認してみてください。
もしそちらに隔離されていたらACで処置できてなくても動けなくされているのは同じなのでいいです。
バスターの隔離やログにそれらしい記録がなければこれは該当しないので別の原因が考えられます。

MBAMのスキャンでは特に検出ないようですね。

ACとMBAMの記録には見つからないので、OTLで調べてみましょうか。

以下のツールを準備してください。
OTL(OldTimer Listit)
「Download」ボタンからDLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。
ただし、Windows10をお使いの場合は本体ファイルをそのまま削除すればいいです。

他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。

SHOWHIDDEN
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
ACTIVEX
CREATERESTOREPOINT

その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。

このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで1万文字以内に分割して、複数回に分けてレス送信してください。
1万文字を越えた投稿はfc2の文字数制限で途切れてしまうためです。
http://www1.odn.ne.jp/megukuma/count.htm

ログの最後に< End of report >という表示が出るのでそこまで全部貼り付けてください。

OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです

悪代官
2022/12/09 (Fri) 22:24:46

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

>これはトレンドマイクロのウイルスバスターのOEM版と思いますが、これを使っているならその隔離ボックスを確認してみてください。

確認しましたが、Evtionはありませんでした。

ペソネ
2022/12/09 (Fri) 23:57:41

返信フォームへ

OTLログ1

OTLログになります。お手数をおかけしますが、検証よろしくお願いします。

OTL logfile created on: 2022/12/09 23:14:04 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXXX\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.22000.0)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.92 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 52.06% Memory free
9.17 Gb Paging File | 5.41 Gb Available in Paging File | 59.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.23 Gb Total Space | 142.97 Gb Free Space | 60.27% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-XXXXXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2022/12/09 23:10:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Downloads\OTL.exe
PRC - [2022/07/15 12:05:27 | 001,503,112 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\NTTW\SECURITY\SEC\UIFramework\uiWinMgr.exe
PRC - [2022/02/21 14:26:56 | 000,386,920 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\NTTW\SECURITY\AMSP\coreServiceShell.exe
PRC - [2020/03/03 19:12:34 | 000,223,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PRC - [2016/06/23 11:18:56 | 000,099,712 | ---- | M] (NEC Personal Computers, Ltd.) -- c:\Windows\SysWOW64\NTMETER.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2022/03/22 09:30:49 | 000,617,648 | ---- | M] () -- C:\Windows\SysWOW64\TextShaping.dll
MOD - [2022/02/21 16:13:40 | 104,624,072 | ---- | M] () -- C:\Program Files\NTTW\SECURITY\SEC\UIFramework\libcef.dll
MOD - [2022/02/21 16:13:40 | 006,831,560 | ---- | M] () -- C:\Program Files\NTTW\SECURITY\SEC\UIFramework\libGLESv2.dll
MOD - [2022/02/21 16:13:40 | 000,329,672 | ---- | M] () -- C:\Program Files\NTTW\SECURITY\SEC\UIFramework\libEGL.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

ペソネ
2022/12/09 (Fri) 23:58:33

返信フォームへ

OTLログ2

OTLログ2
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:[b]64bit:[/b] - [2022/11/23 17:37:46 | 008,872,736 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:[b]64bit:[/b] - [2022/11/09 07:32:50 | 000,708,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2022/11/09 07:29:05 | 000,139,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2022/11/09 07:29:04 | 000,774,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:[b]64bit:[/b] - [2022/11/09 07:29:03 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PenService.dll -- (PenService)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:54 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:53 | 001,286,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:53 | 000,831,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcsvc.dll -- (dcsvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:53 | 000,143,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:52 | 006,135,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:51 | 000,847,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:49 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:45 | 000,638,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:45 | 000,094,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usosvc.dll -- (UsoSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:44 | 000,868,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:44 | 000,118,784 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\windowsudkservices.shellcommon.dll -- (UdkUserSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:40 | 006,777,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:39 | 000,462,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WaaSMedicSvc.dll -- (WaaSMedicSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:15 | 001,929,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WpcDesktopMonSvc.dll -- (WpcMonSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:15 | 001,351,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Management.Service.dll -- (WManSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:14 | 001,089,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BTAGService.dll -- (BTAGService)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:12 | 003,940,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:58 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\McpManagementService.dll -- (McpManagementService)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:41 | 000,141,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SecurityHealthService.exe -- (SecurityHealthService)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:40 | 001,544,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:38 | 004,411,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:37 | 001,265,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:31 | 001,216,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:31 | 000,962,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:28 | 002,752,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\InstallService.dll -- (InstallService)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:09 | 000,692,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:17 | 000,454,656 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PrintWorkflowService.dll -- (PrintWorkflowUserSvc)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:01 | 001,290,240 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:01 | 001,137,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:01 | 000,536,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\LanguageOverlayServer.dll -- (LxpSvc)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:01 | 000,475,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2022/08/10 09:47:54 | 000,163,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:[b]64bit:[/b] - [2022/08/10 09:47:44 | 002,109,440 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2022/08/10 09:47:41 | 001,101,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:[b]64bit:[/b] - [2022/08/10 09:47:41 | 000,704,512 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\AarSvc.dll -- (AarSvc)
SRV:[b]64bit:[/b] - [2022/07/13 12:04:16 | 000,532,480 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Windows.Devices.Picker.dll -- (DevicePickerUserSvc)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:22 | 001,171,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:22 | 000,319,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServerMonitor.dll -- (FrameServerMonitor)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:18 | 000,066,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:16 | 001,527,808 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\bcastdvruserservice.dll -- (BcastDVRUserService)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:16 | 001,294,336 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Microsoft.Graphics.Display.DisplayEnhancementService.dll -- (DisplayEnhancementService)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:07 | 001,531,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netprofmsvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:07 | 001,531,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2022/05/25 09:01:59 | 000,679,936 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\DevicesFlowBroker.dll -- (DevicesFlowUserSvc)
SRV:[b]64bit:[/b] - [2022/05/25 09:01:56 | 000,659,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:[b]64bit:[/b] - [2022/05/25 09:01:53 | 000,274,104 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\deviceaccess.dll -- (DeviceAssociationBrokerSvc)
SRV:[b]64bit:[/b] - [2022/05/25 09:01:51 | 000,385,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PushToInstall.dll -- (PushToInstall)
SRV:[b]64bit:[/b] - [2022/05/25 09:01:50 | 000,278,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GraphicsPerfSvc.dll -- (GraphicsPerfSvc)
SRV:[b]64bit:[/b] - [2022/05/25 09:01:46 | 001,785,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TokenBroker.dll -- (TokenBroker)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:37 | 000,466,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:05 | 000,122,880 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\p9rdrservice.dll -- (P9RdrService)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:03 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,349,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcvss.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,316,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,316,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,316,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,316,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,316,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,316,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvc.dll -- (diagsvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:30:02 | 000,143,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:59 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:50 | 000,434,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\DispBroker.Desktop.dll -- (DispBrokerDesktopSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:50 | 000,053,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:49 | 000,212,992 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\ConsentUxClient.dll -- (ConsentUxUserSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:48 | 001,093,632 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\CBDHSvc.dll -- (cbdhsvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:46 | 001,388,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:46 | 000,430,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dusmsvc.dll -- (DusmSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:46 | 000,143,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\autotimesvc.dll -- (autotimesvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:28 | 000,212,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:22 | 000,352,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:22 | 000,110,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:18 | 000,188,416 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\CaptureService.dll -- (CaptureService)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:15 | 000,253,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:09 | 000,761,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\CapabilityAccessManager.dll -- (camsvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:08 | 000,106,496 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:08 | 000,053,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:07 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:06 | 000,233,472 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\NPSM.dll -- (NPSMSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:06 | 000,114,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:03 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:01 | 000,455,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\CredentialEnrollmentManager.exe -- (CredentialEnrollmentManagerUserSvc_613cc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:01 | 000,455,936 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\CredentialEnrollmentManager.exe -- (CredentialEnrollmentManagerUserSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:01 | 000,188,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:00 | 000,704,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WFDSConMgrSvc.dll -- (WFDSConMgrSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:59 | 000,466,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NaturalAuth.dll -- (NaturalAuthentication)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:57 | 000,414,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vac.dll -- (VacSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 001,224,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lpasvc.dll -- (wlpasvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 001,155,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 000,569,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\MitigationClient.dll -- (TroubleshootingSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 000,512,000 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Microsoft.Bluetooth.UserService.dll -- (BluetoothUserService)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 000,397,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\BthAvctpSvc.dll -- (BthAvctpSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\xboxgipsvc.dll -- (XboxGipSvc)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipxlatcfg.dll -- (IpxlatCfgSvc)
SRV:[b]64bit:[/b] - [2022/04/13 09:04:18 | 002,073,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2022/04/13 09:04:10 | 000,380,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2022/03/23 20:56:00 | 000,378,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Update Health Tools\uhssvc.exe -- (uhssvc)
SRV:[b]64bit:[/b] - [2022/03/22 09:31:09 | 000,757,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Spectrum.exe -- (spectrum)
SRV:[b]64bit:[/b] - [2022/03/22 09:31:09 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:58 | 000,618,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UdkUserSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (PrintWorkflowUserSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (PenService_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (P9RdrService_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (NPSMSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (DevicesFlowUserSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (DevicePickerUserSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (DeviceAssociationBrokerSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (ConsentUxUserSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (cbdhsvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (CaptureService_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (BluetoothUserService_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (BcastDVRUserService_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:24 | 000,079,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (AarSvc_613cc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:11 | 000,733,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:09 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:07 | 000,077,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:03 | 001,622,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:[b]64bit:[/b] - [2022/03/22 09:29:51 | 001,052,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2022/02/21 16:13:42 | 001,133,224 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\NTTW\SECURITY\SEC\plugin\Pt\PtSvcHost.exe -- (Platinum Host Service)
SRV:[b]64bit:[/b] - [2022/02/21 16:13:36 | 000,393,984 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\NTTW\SECURITY\SEC\TmWscSvc\TmWscSvc.exe -- (TmWscSvc)
SRV:[b]64bit:[/b] - [2021/09/15 10:02:28 | 000,785,240 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2021/09/15 10:02:28 | 000,729,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2021/09/02 02:06:42 | 004,064,384 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe -- (LMS)
SRV:[b]64bit:[/b] - [2021/06/16 06:23:52 | 000,628,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe -- (jhi_service)
SRV:[b]64bit:[/b] - [2021/06/06 02:47:49 | 000,165,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\MixedRealityRuntime.dll -- (MixedRealityOpenXRSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:06:16 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SharedRealitySvc.dll -- (SharedRealitySvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:06:15 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:06:00 | 000,409,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SgrmBroker.exe -- (SgrmBroker)
SRV:[b]64bit:[/b] - [2021/06/05 21:06:00 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PerceptionSimulation\PerceptionSimulationService.exe -- (perceptionsimulation)
SRV:[b]64bit:[/b] - [2021/06/05 21:06:00 | 000,086,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:40 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:29 | 000,188,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:29 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:27 | 001,187,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,606,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:10 | 000,290,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\psmsrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:09 | 001,585,152 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:09 | 001,122,304 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:09 | 000,352,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:09 | 000,253,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:09 | 000,184,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:06 | 000,311,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:06 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.WARP.JITService.dll -- (WarpJITSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:05 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SEMgrSvc.dll -- (SEMgrSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:03 | 000,045,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:02 | 000,561,152 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:04:52 | 000,106,496 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:[b]64bit:[/b] - [2021/06/05 04:12:00 | 000,389,120 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:[b]64bit:[/b] - [2021/06/05 02:53:00 | 000,382,976 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\OpenSSH\ssh-agent.exe -- (ssh-agent)
SRV:[b]64bit:[/b] - [2020/09/29 10:42:19 | 000,036,680 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe -- (igccservice)
SRV:[b]64bit:[/b] - [2020/09/29 10:42:17 | 000,524,832 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHDCPSvc.exe -- (cplspcon)
SRV:[b]64bit:[/b] - [2020/09/29 10:42:17 | 000,519,704 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHeciSvc.exe -- (cphs)
SRV:[b]64bit:[/b] - [2020/09/29 10:42:16 | 000,399,384 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe -- (igfxCUIService2.0.0.0)
SRV:[b]64bit:[/b] - [2017/04/06 07:02:26 | 000,115,928 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV - [2022/12/09 23:09:59 | 003,191,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe -- (WdNisSvc)
SRV - [2022/12/09 23:09:59 | 000,133,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe -- (WinDefend)
SRV - [2022/12/05 15:55:40 | 001,739,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\elevation_service.exe -- (MicrosoftEdgeElevationService)
SRV - [2022/11/30 14:43:48 | 000,231,328 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2022/11/09 07:29:02 | 000,939,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2022/11/09 07:29:01 | 005,682,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2022/11/09 07:28:56 | 000,817,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\BTAGService.dll -- (BTAGService)
SRV - [2022/11/09 07:28:12 | 003,940,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2022/10/12 09:02:51 | 000,826,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2022/10/12 09:02:49 | 001,995,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\InstallService.dll -- (InstallService)
SRV - [2022/09/14 09:21:22 | 000,355,840 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\PrintWorkflowService.dll -- (PrintWorkflowUserSvc)
SRV - [2022/09/14 09:21:18 | 000,821,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\FlightSettings.dll -- (wisvc)
SRV - [2022/08/10 09:48:10 | 000,115,200 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\tzautoupdate.dll -- (tzautoupdate)
SRV - [2022/08/10 09:48:06 | 000,528,896 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\AarSvc.dll -- (AarSvc)
SRV - [2022/07/13 12:04:18 | 000,367,616 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Windows.Devices.Picker.dll -- (DevicePickerUserSvc)
SRV - [2022/05/25 09:02:23 | 000,046,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2022/05/25 09:02:11 | 001,353,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\TokenBroker.dll -- (TokenBroker)
SRV - [2022/05/11 16:29:39 | 000,163,328 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\NPSM.dll -- (NPSMSvc)
SRV - [2022/03/30 09:13:53 | 000,199,392 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\deviceaccess.dll -- (DeviceAssociationBrokerSvc)
SRV - [2021/09/15 10:02:28 | 000,785,240 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe -- (Intel(R)
SRV - [2021/09/15 10:02:28 | 000,729,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe -- (Intel(R)
SRV - [2021/09/02 02:06:42 | 004,064,384 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe -- (LMS)
SRV - [2021/06/16 06:23:52 | 000,628,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe -- (jhi_service)
SRV - [2021/06/06 02:47:49 | 000,119,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\MixedRealityRuntime.dll -- (MixedRealityOpenXRSvc)
SRV - [2021/06/05 21:05:51 | 000,933,888 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2020/09/29 10:42:19 | 000,036,680 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe -- (igccservice)
SRV - [2020/09/29 10:42:17 | 000,524,832 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHDCPSvc.exe -- (cplspcon)
SRV - [2020/09/29 10:42:17 | 000,519,704 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHeciSvc.exe -- (cphs)
SRV - [2020/09/29 10:42:16 | 000,399,384 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe -- (igfxCUIService2.0.0.0)
SRV - [2020/03/03 19:12:34 | 000,223,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe -- (edgeupdatem)
SRV - [2020/03/03 19:12:34 | 000,223,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe -- (edgeupdate)
SRV - [2017/06/09 16:45:46 | 002,413,720 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\IAStorAfsService\iaStorAfsService.exe -- (iaStorAfsService)
SRV - [2016/06/23 11:18:56 | 000,099,712 | ---- | M] (NEC Personal Computers, Ltd.) [Auto | Running] -- c:\Windows\SysWOW64\NTMETER.exe -- (NT Meter)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

ペソネ
2022/12/09 (Fri) 23:59:59

返信フォームへ

OTLログ3

OTLログ3
DRV:[b]64bit:[/b] - [2022/12/09 23:10:00 | 000,473,376 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wd\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2022/12/09 23:10:00 | 000,099,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2022/12/09 23:10:00 | 000,049,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\wd\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2022/12/09 23:08:43 | 000,223,176 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MbamChameleon.sys -- (MBAMChameleon)
DRV:[b]64bit:[/b] - [2022/12/06 12:20:35 | 000,239,544 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:[/b] - [2022/11/09 07:29:10 | 000,169,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktMon.sys -- (PktMon)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:51 | 000,447,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:48 | 002,295,136 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:48 | 000,540,672 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\cldflt.sys -- (CldFlt)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:48 | 000,275,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:45 | 000,202,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:43 | 000,177,536 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\bindflt.sys -- (bindflt)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:13 | 000,877,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\usb4devicerouter.inf_amd64_d8f35ef90c83032f\Usb4DeviceRouter.sys -- (Usb4DeviceRouter)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:13 | 000,656,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:13 | 000,595,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\usb4hostrouter.inf_amd64_ea264d21e6b3e5db\Usb4HostRouter.sys -- (Usb4HostRouter)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:13 | 000,329,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:13 | 000,120,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2022/11/09 07:28:13 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMini.SYS -- (BthMini)
DRV:[b]64bit:[/b] - [2022/10/12 09:02:58 | 000,062,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2022/10/12 09:02:33 | 000,238,976 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:[b]64bit:[/b] - [2022/10/12 09:02:29 | 000,206,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2022/10/12 09:02:07 | 000,345,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2022/10/12 09:02:07 | 000,238,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2022/10/12 09:02:07 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:[b]64bit:[/b] - [2022/10/12 09:02:07 | 000,099,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:[b]64bit:[/b] - [2022/09/14 09:21:08 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:[b]64bit:[/b] - [2022/09/14 09:21:06 | 000,161,120 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\cimfs.sys -- (CimFS)
DRV:[b]64bit:[/b] - [2022/09/14 09:21:00 | 000,857,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2022/09/14 09:21:00 | 000,337,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2022/09/14 09:21:00 | 000,181,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\pmem.sys -- (pmem)
DRV:[b]64bit:[/b] - [2022/09/14 09:21:00 | 000,111,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Hsp.sys -- (Hsp)
DRV:[b]64bit:[/b] - [2022/09/14 09:21:00 | 000,111,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2022/09/14 09:21:00 | 000,069,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\basicrender.inf_amd64_125ef86610247b72\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2022/08/10 09:48:05 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afunix.sys -- (afunix)
DRV:[b]64bit:[/b] - [2022/08/10 09:47:42 | 000,806,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WifiCx.sys -- (WifiCx)
DRV:[b]64bit:[/b] - [2022/08/10 09:47:41 | 000,071,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ramdisk.sys -- (Ramdisk)
DRV:[b]64bit:[/b] - [2022/08/10 09:47:38 | 000,210,272 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2022/08/10 09:47:38 | 000,135,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2022/07/13 11:59:17 | 000,507,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthA2dp.sys -- (BthA2dp)
DRV:[b]64bit:[/b] - [2022/06/09 12:27:46 | 000,343,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\ibtusb.inf_amd64_8a55e95054c2f123\ibtusb.sys -- (ibtusb)
DRV:[b]64bit:[/b] - [2022/06/06 23:14:34 | 000,166,376 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmumh.sys -- (tmumh)
DRV:[b]64bit:[/b] - [2022/05/25 09:01:43 | 001,007,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:[b]64bit:[/b] - [2022/05/25 09:01:42 | 000,193,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2022/05/25 09:01:40 | 000,180,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthHfEnum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2022/05/11 16:30:18 | 000,066,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2022/05/11 16:30:05 | 000,136,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\p9rdr.sys -- (P9Rdr)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:59 | 000,103,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NDKPing.sys -- (NDKPing)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:59 | 000,079,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NDKPerf.sys -- (NDKPerf)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:49 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spaceparser.sys -- (spaceparser)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:30 | 000,159,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:23 | 000,132,432 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:21 | 000,308,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:17 | 001,013,088 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:14 | 000,054,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdmCompanionFilter.sys -- (WdmCompanionFilter)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:13 | 000,103,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:13 | 000,071,008 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:13 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\portcfg.sys -- (portcfg)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:12 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HidSpiCx.sys -- (HidSpiCx)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:12 | 000,069,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:[b]64bit:[/b] - [2022/05/11 16:29:09 | 000,210,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:58 | 000,090,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:57 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 000,307,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winnat.sys -- (WinNat)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:56 | 000,083,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:55 | 000,132,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:55 | 000,095,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:55 | 000,091,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:55 | 000,071,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:54 | 000,131,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidspi.sys -- (hidspi)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:54 | 000,087,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:54 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:54 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,476,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,210,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,202,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nvdimm.sys -- (nvdimm)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,143,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rhproxy.sys -- (rhproxy)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,083,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\nvmedisk.sys -- (nvmedisk)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,075,272 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\IntelPMT.sys -- (IntelPMT)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,075,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\uefi.inf_amd64_6693f32a658a859a\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,075,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bttflt.sys -- (bttflt)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,053,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnpmem.sys -- (PNPMEM)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:53 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:52 | 000,380,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaudio2.sys -- (usbaudio2)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:52 | 000,157,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:52 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_6657edf28697c405\CompositeBus.sys -- (CompositeBus)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:51 | 000,385,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:51 | 000,095,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAD.sys -- (CAD)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:51 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.AvrcpTransport.sys -- (Microsoft_Bluetooth_AvrcpTransport)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:51 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:[b]64bit:[/b] - [2022/05/11 16:28:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelpmax.sys -- (intelpmax)
DRV:[b]64bit:[/b] - [2022/05/04 16:40:56 | 000,466,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)
DRV:[b]64bit:[/b] - [2022/04/24 00:30:04 | 000,021,480 | ---- | M] (Malwarebytes) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MbamElam.sys -- (MbamElam)
DRV:[b]64bit:[/b] - [2022/04/20 15:28:00 | 000,539,104 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmeyes.sys -- (tmeyes)
DRV:[b]64bit:[/b] - [2022/03/30 09:13:44 | 000,352,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:[b]64bit:[/b] - [2022/03/30 09:13:42 | 000,377,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msquic.sys -- (MsQuic)
DRV:[b]64bit:[/b] - [2022/03/22 09:30:12 | 000,086,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2022/03/22 09:29:44 | 000,750,960 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2022/03/22 09:29:44 | 000,696,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2022/03/22 09:29:44 | 000,131,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:[b]64bit:[/b] - [2022/02/21 14:23:38 | 000,152,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:[b]64bit:[/b] - [2022/02/21 14:23:38 | 000,137,128 | ---- | M] (Trend Micro, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmusa.sys -- (tmusa)
DRV:[b]64bit:[/b] - [2022/02/21 14:23:38 | 000,039,872 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\tmel.sys -- (tmel)
DRV:[b]64bit:[/b] - [2021/08/26 06:10:26 | 000,032,656 | ---- | M] (NEC Personal Computers, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioSwitchHID.sys -- (RadioSwitchHID)
DRV:[b]64bit:[/b] - [2021/06/06 02:47:47 | 000,127,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys -- (SpatialGraphFilter)
DRV:[b]64bit:[/b] - [2021/06/05 21:06:05 | 000,143,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2021/06/05 21:06:00 | 000,163,840 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2021/06/05 21:06:00 | 000,119,112 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SgrmAgent.sys -- (SgrmAgent)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:39 | 000,098,304 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:39 | 000,053,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:33 | 000,339,968 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:27 | 000,106,808 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bam.sys -- (bam)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:25 | 000,061,768 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ExecutionContext.sys -- (ExecutionContext)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,356,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,212,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,200,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,139,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsiCx.sys -- (UcmUcsiCx0101)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,119,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,115,024 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,115,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,106,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:16 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshwnclx.sys -- (HwNClx0101)
DRV:[b]64bit:[/b] - [2021/06/05 21:05:14 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:57 | 000,700,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Acx01000.sys -- (Acx01000)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:57 | 000,291,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:57 | 000,164,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:57 | 000,086,016 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:57 | 000,081,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:54 | 000,094,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipt.sys -- (IPT)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:52 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:50 | 000,425,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MbbCx.sys -- (MbbCx)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:47 | 000,074,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:47 | 000,069,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hvcrash.sys -- (hvcrash)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:47 | 000,057,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:47 | 000,053,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:47 | 000,053,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:47 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\vrd.inf_amd64_346f3764318c1681\vrd.sys -- (VirtualRender)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,188,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,135,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\ufxchipidea.inf_amd64_a517b810ee0e44a2\UfxChipidea.sys -- (UfxChipidea)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,065,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsiAcpiClient.sys -- (UcmUcsiAcpiClient)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,061,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\urssynopsys.inf_amd64_28522251903b4825\urssynopsys.sys -- (UrsSynopsys)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,061,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\urschipidea.inf_amd64_4bd4df2779fd9e16\urschipidea.sys -- (UrsChipidea)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\genericusbfn.inf_amd64_dc3260bbd08046c4\genericusbfn.sys -- (genericusbfn)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:46 | 000,053,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 001,853,752 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 001,131,344 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,884,552 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAVC.sys -- (iaStorAVC)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,561,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbhost.sys -- (mausbhost)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,558,928 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,319,800 | ---- | M] (Chelsio Communications) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,305,488 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,209,736 | ---- | M] (Microsemi Corportation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\SmartSAMD.sys -- (SmartSAMD)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,176,952 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ItSas35i.sys -- (ItSas35i)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,146,256 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,137,552 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,124,240 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,100,176 | ---- | M] (Broadcom Inc) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\megasas35i.sys -- (megasas35i)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,090,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbip.sys -- (mausbip)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,090,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\umbus.inf_amd64_0a89aff902a5c3a9\umbus.sys -- (umbus)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,087,352 | ---- | M] (Broadcom Limited) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mpi3drvi.sys -- (mpi3drvi)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\basicdisplay.inf_amd64_a3f9d7c24b3377b3\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,080,696 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,073,016 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,068,432 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,064,328 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,063,816 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,058,704 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,036,152 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:45 | 000,031,032 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 003,440,440 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 003,423,032 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbd0a.sys -- (ebdrv0)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 001,135,432 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,533,816 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,259,384 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,107,344 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,083,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,065,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SDFRd.sys -- (SDFRd)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,061,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\prm.inf_amd64_7fc9bb8ba2b73803\prm.sys -- (PRM)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,057,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_3bf6c0d173eb26c6\swenum.sys -- (swenum)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,053,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:44 | 000,026,960 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:43 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,177,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_GLK.sys -- (iaLPSS2i_I2C_GLK)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,177,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_CNL.sys -- (iaLPSS2i_I2C_CNL)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys -- (iaLPSS2i_I2C_BXT_P)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,171,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,112,440 | ---- | M] (Apple Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AppleSSD.sys -- (AppleSSD)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,112,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_CNL.sys -- (iaLPSS2i_GPIO2_CNL)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_GLK.sys -- (iaLPSS2i_GPIO2_GLK)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,093,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys -- (iaLPSS2i_GPIO2_BXT_P)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,091,136 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,079,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,045,568 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdi2c.sys -- (amdi2c)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,036,352 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,018,432 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdgpio2.sys -- (amdgpio2)
DRV:[b]64bit:[/b] - [2021/06/05 21:04:42 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2021/03/25 11:57:00 | 008,651,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwtw04.sys -- (Netwtw04)
DRV:[b]64bit:[/b] - [2020/09/29 10:42:21 | 000,351,048 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\intcdaud.inf_amd64_d148a0ef920e06c0\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2020/09/29 10:42:15 | 024,591,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2020/09/03 02:48:22 | 000,304,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\heci.inf_amd64_3fec17f874687c29\x64\TeeDriverW10x64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2020/05/25 19:44:10 | 000,045,256 | ---- | M] (NEC Personal Computers, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\necextif.sys -- (necextif)
DRV:[b]64bit:[/b] - [2020/05/20 00:44:26 | 000,029,984 | ---- | M] (NEC Personal Computers, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Ps2LedIF.sys -- (Ps2LedIF)
DRV:[b]64bit:[/b] - [2020/05/20 00:44:24 | 000,036,128 | ---- | M] (NEC Personal Computers, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ps2Led.sys -- (Ps2Led)
DRV:[b]64bit:[/b] - [2020/05/20 00:44:20 | 000,053,536 | ---- | M] (NEC Personal Computers, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfkgtkey.sys -- (MFKGTKEY)
DRV:[b]64bit:[/b] - [2020/01/18 14:51:05 | 000,043,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:[b]64bit:[/b] - [2018/07/31 00:37:46 | 001,138,024 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:[b]64bit:[/b] - [2017/06/09 16:45:46 | 000,070,632 | ---- | M] (Intel Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorAfs.sys -- (iaStorAfs)
DRV:[b]64bit:[/b] - [2017/06/09 16:45:44 | 000,894,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2017/05/15 18:47:04 | 000,782,816 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER)
DRV:[b]64bit:[/b] - [2017/04/21 17:15:30 | 000,045,960 | ---- | M] (NEC Personal Computers, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\necbatt.sys -- (necbatt)
DRV:[b]64bit:[/b] - [2017/04/06 07:02:00 | 000,613,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV - [2022/11/09 07:28:13 | 000,877,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\usb4devicerouter.inf_amd64_d8f35ef90c83032f\Usb4DeviceRouter.sys -- (Usb4DeviceRouter)
DRV - [2022/11/09 07:28:13 | 000,595,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\usb4hostrouter.inf_amd64_ea264d21e6b3e5db\Usb4HostRouter.sys -- (Usb4HostRouter)
DRV - [2022/09/14 09:21:00 | 000,069,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_125ef86610247b72\BasicRender.sys -- (BasicRender)
DRV - [2022/08/10 09:48:11 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\afunix.sys -- (afunix)
DRV - [2022/06/09 12:27:46 | 000,343,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\ibtusb.inf_amd64_8a55e95054c2f123\ibtusb.sys -- (ibtusb)
DRV - [2022/05/11 16:28:53 | 000,075,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\uefi.inf_amd64_6693f32a658a859a\UEFI.sys -- (UEFI)
DRV - [2022/05/11 16:28:52 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_6657edf28697c405\CompositeBus.sys -- (CompositeBus)
DRV - [2021/06/05 21:04:47 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\vrd.inf_amd64_346f3764318c1681\vrd.sys -- (VirtualRender)
DRV - [2021/06/05 21:04:46 | 000,135,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_a517b810ee0e44a2\UfxChipidea.sys -- (UfxChipidea)
DRV - [2021/06/05 21:04:46 | 000,061,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_28522251903b4825\urssynopsys.sys -- (UrsSynopsys)
DRV - [2021/06/05 21:04:46 | 000,061,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\urschipidea.inf_amd64_4bd4df2779fd9e16\urschipidea.sys -- (UrsChipidea)
DRV - [2021/06/05 21:04:46 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_dc3260bbd08046c4\genericusbfn.sys -- (genericusbfn)
DRV - [2021/06/05 21:04:45 | 000,090,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\umbus.inf_amd64_0a89aff902a5c3a9\umbus.sys -- (umbus)
DRV - [2021/06/05 21:04:45 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_a3f9d7c24b3377b3\BasicDisplay.sys -- (BasicDisplay)
DRV - [2021/06/05 21:04:44 | 000,057,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_3bf6c0d173eb26c6\swenum.sys -- (swenum)
DRV - [2020/09/29 10:42:21 | 000,351,048 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\intcdaud.inf_amd64_d148a0ef920e06c0\IntcDAud.sys -- (IntcDAud)
DRV - [2020/09/29 10:42:15 | 024,591,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\igdkmd64.sys -- (igfx)
DRV - [2020/09/03 02:48:22 | 000,304,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\heci.inf_amd64_3fec17f874687c29\x64\TeeDriverW10x64.sys -- (MEIx64)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

ペソネ
2022/12/10 (Sat) 00:02:16

返信フォームへ

OTLログ4

OTLログ4
[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0F025142-0828-4C31-89F1-74F68D43D562}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0F025142-0828-4C31-89F1-74F68D43D562}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0F025142-0828-4C31-89F1-74F68D43D562}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0F025142-0828-4C31-89F1-74F68D43D562}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-21-852619868-549112645-581641478-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?pc=LCTE
IE - HKU\S-1-5-21-852619868-549112645-581641478-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-852619868-549112645-581641478-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo17win10.msn.com/?pc=LCTE
IE - HKU\S-1-5-21-852619868-549112645-581641478-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.region: "JP"
FF - prefs.js..browser.search.separatePrivateDefault.urlbarResult.enabled: false
FF - prefs.js..browser.search.suggest.enabled: false
FF - user.js - File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 107.0.1\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 107.0.1\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\NativeMessagingHosts\com.microsoft.defender.browser_extension.native_message_host\\: C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\PLATFORM\4.18.2211.5-0\COM.MICROSOFT.DEFENDER.BE.FIREFOX.JSON [2022/12/09 23:09:59 | 000,000,310 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 107.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 107.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2019/12/17 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
[2019/12/17 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\SystemExtensionsDev
[2022/02/08 15:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\browser-extension-data
[2022/02/08 15:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\browser-extension-data\abstract-soft-colorway@mozilla.org
[2022/02/08 15:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\browser-extension-data\elemental-soft-colorway@mozilla.org
[2021/01/07 08:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\browser-extension-data\fftmtoolbar@trendmicro.com
[2022/01/06 10:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\browser-extension-data\reset-search-defaults@mozilla.com
[2022/11/16 23:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\extensions
[2020/01/09 15:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\storage\default\moz-extension+++724b1e61-a7ca-4e7e-a55f-533052b79beb^userContextId=4294967295
[2022/12/07 08:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\storage\default\moz-extension+++724b1e61-a7ca-4e7e-a55f-533052b79beb^userContextId=4294967295\idb
[2019/12/17 16:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\storage\default\moz-extension+++df9cf5ae-3beb-4b85-9f3e-6b09fada4fe1
[2022/12/09 23:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\storage\default\moz-extension+++df9cf5ae-3beb-4b85-9f3e-6b09fada4fe1\idb
[2019/12/17 16:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\storage\default\moz-extension+++df9cf5ae-3beb-4b85-9f3e-6b09fada4fe1^userContextId=4294967295
[2022/12/09 23:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\gle0pcpf.default-release\storage\default\moz-extension+++df9cf5ae-3beb-4b85-9f3e-6b09fada4fe1^userContextId=4294967295\idb
[2022/11/16 23:25:43 | 003,234,876 | ---- | M] () (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\firefox\profiles\gle0pcpf.default-release\extensions\uBlock0@raymondhill.net.xpi

ペソネ
2022/12/10 (Sat) 00:04:00

返信フォームへ

OTLログ5

OTLログ5
O1 HOSTS File: ([2022/12/06 11:59:48 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (IEToEdge BHO) - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\BHO\ie_to_edge_bho_64.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (トレンドマイクロセキュリティツールバーヘルパー) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (IEToEdge BHO) - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\BHO\ie_to_edge_bho.dll (Microsoft Corporation)
O2 - BHO: (トレンドマイクロセキュリティツールバーヘルパー) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [NECMFK] C:\Program Files\NECMFK\necmfk.exe (NEC Personal Computers, Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Platinum] C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [SecurityHealth] C:\Windows\SysNative\SecurityHealthSystray.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-852619868-549112645-581641478-1001..\Run: [CCleaner Smart Cleaning] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Software Ltd)
O4 - HKU\S-1-5-21-852619868-549112645-581641478-1001..\Run: [MicrosoftEdgeAutoLaunch_4D7D77F120A72D51F6BD27E97162BD95] C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFullTrustStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUwpStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportFullTrustStartupTasks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportUwpStartupTasks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\nlansp_c.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\nlansp_c.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8bd57898-9598-4a71-92ce-2a74e2528dcd}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{e5a08c53-337f-4b00-9dde-ee864b923ce0}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\SECURITY\SEC\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\SECURITY\SEC\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\SECURITY\SEC\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:[b]64bit:[/b] {052860C8-3E53-3D0B-9332-48A8B4971352} - .NET Framework
ActiveX:[b]64bit:[/b] {1FC9AB62-9B2E-3666-B314-B16FD09E7C52} - .NET Framework
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {8F5D9E08-71EC-370E-BA96-36E6EF916DF2} - .NET Framework
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {9459C573-B17A-45AE-9F64-1857B5D58CEE} - "C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {3853CC31-559E-32A7-B749-89E04145A139} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8E0A742C-D031-348A-954F-AFE3CB92EFB7} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {990CB269-A600-38D0-B7D1-FBD392495F13} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

ペソネ
2022/12/10 (Sat) 00:05:45

返信フォームへ

OTLログ6

OTLログ6
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2022/12/09 23:08:43 | 000,223,176 | ---- | C] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MbamChameleon.sys
[2022/12/09 23:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2022/12/06 12:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2022/11/30 14:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2022/12/09 23:19:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2022/12/09 23:12:47 | 001,449,444 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2022/12/09 23:12:47 | 000,707,374 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2022/12/09 23:12:47 | 000,473,422 | ---- | M] () -- C:\WINDOWS\SysNative\perfh011.dat
[2022/12/09 23:12:47 | 000,135,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2022/12/09 23:12:47 | 000,132,352 | ---- | M] () -- C:\WINDOWS\SysNative\perfc011.dat
[2022/12/09 23:10:00 | 000,473,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wd\WdFilter.sys
[2022/12/09 23:10:00 | 000,185,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wd\WdDevFlt.sys
[2022/12/09 23:10:00 | 000,099,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wd\WdNisDrv.sys
[2022/12/09 23:10:00 | 000,049,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wd\WdBoot.sys
[2022/12/09 23:08:43 | 000,223,176 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MbamChameleon.sys
[2022/12/09 23:08:33 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2022/12/09 23:08:29 | 3399,548,928 | -HS- | M] () -- C:\hiberfil.sys
[2022/12/07 07:13:00 | 000,000,760 | ---- | M] () -- C:\WINDOWS\tasks\CCleanerCrashReporting.job
[2022/12/07 06:20:19 | 000,002,275 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Edge.lnk
[2022/12/06 12:20:35 | 000,239,544 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\mbamswissarmy.sys
[2022/12/06 12:03:09 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2022/12/06 11:59:48 | 000,000,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2022/12/06 12:03:10 | 000,000,760 | ---- | C] () -- C:\WINDOWS\tasks\CCleanerCrashReporting.job
[2022/12/06 12:03:09 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2022/04/29 09:02:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS\SysWow64\WsdProviderUtil.dll
[2022/04/29 09:02:26 | 000,051,712 | ---- | C] () -- C:\WINDOWS\SysWow64\CredProvCommonCore.dll
[2022/04/29 09:02:19 | 000,460,800 | ---- | C] () -- C:\WINDOWS\SysWow64\SettingSyncDownloadHelper.dll
[2022/03/22 09:40:15 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2022/03/22 09:30:58 | 000,247,808 | ---- | C] () -- C:\WINDOWS\SysWow64\pku2u.dll
[2022/03/22 09:30:58 | 000,013,824 | ---- | C] () -- C:\WINDOWS\SysWow64\prxyqry.dll
[2022/03/22 09:30:56 | 000,267,264 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Internal.UI.Dialogs.dll
[2022/03/22 09:30:54 | 000,006,656 | ---- | C] () -- C:\WINDOWS\SysWow64\nrtapi.dll
[2022/03/22 09:30:49 | 000,617,648 | ---- | C] () -- C:\WINDOWS\SysWow64\TextShaping.dll
[2022/03/22 09:30:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputMethodFormatter.dll
[2022/03/22 09:30:48 | 000,221,184 | ---- | C] () -- C:\WINDOWS\SysWow64\Microsoft.Internal.FrameworkUdk.System.dll
[2022/03/22 09:30:44 | 000,121,344 | ---- | C] () -- C:\WINDOWS\SysWow64\TpmTool.exe
[2021/06/05 21:08:55 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2021/06/05 21:08:55 | 000,003,103 | ---- | C] () -- C:\WINDOWS\SysWow64\mmc.exe.config
[2021/06/05 21:08:55 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2021/06/05 21:06:26 | 000,019,485 | ---- | C] () -- C:\WINDOWS\SysWow64\srms-apr.dat
[2021/06/05 21:06:26 | 000,011,292 | ---- | C] () -- C:\WINDOWS\SysWow64\srms-apr-v.dat
[2021/06/05 21:06:23 | 000,518,144 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2021/06/05 21:06:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2021/06/05 21:05:59 | 000,065,024 | ---- | C] () -- C:\WINDOWS\SysWow64\sstpcfg.dll
[2021/06/05 21:05:55 | 000,292,352 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Internal.UI.Shell.WindowTabManager.dll
[2021/06/05 21:05:53 | 000,002,404 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2021/06/05 21:05:51 | 001,308,736 | ---- | C] () -- C:\WINDOWS\SysWow64\WindowManagementAPI.dll
[2021/06/05 21:05:51 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2021/06/05 21:05:48 | 003,635,200 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.Analysis.dll
[2021/06/05 21:05:48 | 000,513,536 | ---- | C] () -- C:\WINDOWS\SysWow64\SearchIndexerCore.dll
[2021/06/05 21:05:48 | 000,262,656 | ---- | C] () -- C:\WINDOWS\SysWow64\HeatCore.dll
[2021/06/05 21:05:48 | 000,118,272 | ---- | C] () -- C:\WINDOWS\SysWow64\WindowsDefaultHeatProcessor.dll
[2021/06/05 21:05:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\xboxgipsynthetic.dll
[2021/06/05 21:05:45 | 000,264,192 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreMas.dll
[2021/06/05 21:05:43 | 000,345,088 | ---- | C] () -- C:\WINDOWS\SysWow64\ssdm.dll
[2021/06/05 21:05:43 | 000,073,216 | ---- | C] () -- C:\WINDOWS\SysWow64\windows.applicationmodel.conversationalagent.proxystub.dll
[2021/06/05 21:05:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\WwanPrfl.dll
[2021/06/05 21:05:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\windows.applicationmodel.conversationalagent.internal.proxystub.dll
[2021/06/05 21:05:43 | 000,011,776 | ---- | C] () -- C:\WINDOWS\SysWow64\agentactivationruntimestarter.exe
[2021/06/05 21:05:37 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2021/06/05 21:05:34 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2019/12/17 16:44:37 | 000,000,036 | ---- | C] () -- C:\Users\XXXX\AppData\Local\housecall.guid.cache
[2019/12/17 15:39:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[color=#E56717]========== ZeroAccess Check ==========[/color]

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2022/11/09 07:28:40 | 008,868,736 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2022/11/09 07:29:01 | 006,980,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2021/06/05 21:04:58 | 001,019,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2021/06/05 21:05:46 | 000,815,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2021/06/05 21:05:14 | 000,491,520 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Custom Scans ==========[/color]
[2022/04/24 00:29:54 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2022/04/23 08:50:25 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk
[2019/12/17 16:17:18 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2018/05/11 12:31:51 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2022/12/09 10:30:02 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsApps
[2020/06/18 17:43:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Apple Computer\iTunes\SC Info
[2019/12/17 15:51:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2019/12/17 15:41:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\PowerDVD.exe
[2018/05/11 12:35:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2021/06/05 21:10:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Settings
[2021/06/05 21:10:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc
[2019/12/07 18:31:03 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\RetailDemo
[2022/03/22 10:00:35 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2021/06/05 21:10:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\DMProfiles
[2021/06/05 21:10:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\Microsoft\WwanSvc\Profiles
[2022/04/23 08:50:25 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config
[2022/04/23 08:50:25 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR
[2022/04/23 08:50:25 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR
[2022/04/23 08:50:25 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\Config\2022-04-22-23-50-25
[2022/04/23 08:50:25 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\MBR\2022-04-22-23-50-25
[2022/04/23 08:50:25 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\4f494d44
[2022/04/23 08:50:25 | 000,000,000 | -H-D | M] -- C:\TMRescueDisk\VBR\4f494d44\2022-04-22-23-50-25
[2022/03/22 09:55:02 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2020/06/18 17:43:16 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Apple Computer\iTunes\SC Info
[2019/12/17 15:51:53 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\EvoParser
[2019/12/17 15:41:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\PowerDVD.exe
[2018/05/11 12:35:31 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\ToGo
[2021/06/05 21:10:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Settings
[2021/06/05 21:10:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc
[2019/12/07 18:31:03 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\RetailDemo
[2022/03/22 10:00:35 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
[2021/06/05 21:10:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\DMProfiles
[2021/06/05 21:10:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Microsoft\WwanSvc\Profiles
[2022/03/22 09:49:59 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData
[2021/04/02 09:25:15 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\SEC
[2022/03/22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Microsoft\Windows\IECompatCache
[2022/03/22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Microsoft\Windows\IECompatUaCache
[2022/11/26 06:54:05 | 000,000,000 | RH-D | M] -- C:\Users\XXXX\AppData\Local\Microsoft\Windows\Burn\Burn
[2022/03/22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Microsoft\Windows\IECompatCache\Low
[2022/03/22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Microsoft\Windows\IECompatUaCache\Low
[2022/03/22 09:55:51 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Microsoft\Windows\INetCache\Virtualized
[2019/12/17 15:50:47 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low
[2019/12/17 15:50:47 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low
[2022/12/09 23:13:04 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\Content.MSO
[2022/12/09 23:12:22 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\Content.Word.6EEE325F-68E4-4C15-88C7-CBCB2EEB3173
[2021/04/02 09:25:15 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Local\SEC\Explore
[2022/04/23 08:43:02 | 000,000,000 | -H-D | M] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2022/03/22 09:49:59 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2019/12/17 15:51:14 | 000,000,000 | -H-D | M] -- C:\Users\Default\Pictures\NEC
[2022/03/22 09:55:55 | 000,000,000 | RH-D | M] -- C:\Users\Public\AccountPictures
[2022/12/06 12:03:09 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2022/03/22 09:44:39 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2022/04/24 00:30:16 | 000,000,000 | -H-D | M] -- C:\Windows\ELAMBKUP
[2021/06/05 21:10:49 | 000,000,000 | -H-D | M] -- C:\Windows\LanguageOverlayCache
[2022/03/22 09:49:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2022/03/22 09:50:09 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\Pictures\NEC
[2022/03/22 09:49:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
[2022/03/22 09:50:08 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\Pictures\NEC

[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2022/12/07 07:13:00 | 000,000,760 | ---- | M] () -- C:\WINDOWS\tasks\CCleanerCrashReporting.job
[2021/01/16 18:11:30 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job

[color=#E56717]========== Drive Information ==========[/color]

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG MZ7LN256HAJQ-000L7
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: GPT: System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 260.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 237.00GB
Starting Offset: 290455552
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: GPT: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 1,000.00MB
Starting Offset: 255011586048
Hidden sectors: 0

[color=#E56717]========== Base Services ==========[/color]
No service found with a name of AeLookupSvc
SRV:[b]64bit:[/b] - [2022/08/10 09:47:45 | 000,294,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:09 | 000,110,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2022/03/30 09:13:36 | 001,662,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:29 | 000,925,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:49 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2022/11/09 07:29:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:37 | 000,442,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2022/10/12 09:02:51 | 000,336,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
No service found with a name of Browser
SRV:[b]64bit:[/b] - [2021/06/05 21:05:23 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:49 | 001,421,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:37 | 000,427,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2022/10/12 09:02:51 | 000,335,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:49 | 000,451,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2022/05/11 16:28:59 | 000,122,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:28 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2022/05/11 16:29:44 | 000,030,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:44 | 000,662,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:25 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2022/05/11 16:29:14 | 000,475,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
No service found with a name of MMCSS
SRV:[b]64bit:[/b] - [2022/05/25 09:01:43 | 000,282,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:07 | 001,531,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:07 | 001,531,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netprofmsvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:25 | 000,057,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:39 | 000,159,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:08 | 000,888,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2022/05/11 16:29:33 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:56 | 001,073,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:49 | 001,421,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:17 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:39 | 000,084,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2022/05/25 09:01:43 | 000,315,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:40 | 000,327,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:18 | 000,278,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2022/05/25 09:02:24 | 000,212,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2021/06/05 21:05:12 | 000,835,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2022/05/11 16:29:59 | 000,335,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2022/05/11 16:30:12 | 000,253,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:14 | 000,114,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:38 | 000,610,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2022/03/22 09:30:17 | 001,466,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:01 | 002,015,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:01 | 000,475,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2022/05/25 09:02:16 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV - [2022/12/09 23:09:59 | 000,133,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:45 | 001,265,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:29 | 001,159,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (mpssvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:29:05 | 000,823,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (StiSvc)
SRV:[b]64bit:[/b] - [2022/11/09 07:29:09 | 000,212,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\msiexec.exe -- (msiserver)
SRV - [2022/11/09 07:29:14 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2021/06/05 21:05:14 | 000,245,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:34 | 003,563,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2022/09/14 09:21:02 | 000,409,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2022/11/09 07:28:16 | 002,748,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2022/10/12 09:02:40 | 000,327,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

< End of report >

ペソネ
2022/12/10 (Sat) 00:06:53

返信フォームへ

思わぬところで過去ログと重なりました

作業と報告、ご苦労様です。

>確認しましたが、Evtionはありませんでした。

はい、バスターのほうで隔離されたわけでもないようですね。そこはもう外していいでしょう。

OTLログも見せてもらいました。
OTLならEvtionの糸口見えるかと思いましたがこちらでも痕跡なさそうですね。

ただちょっとひっかかるモノも見つかりました。

>[2019/12/17 15:39:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

同名のDP45977C.lfl事例が以前当掲示板にありました。
https://detail.chiebukuro.yahoo.co.jp/qa/question_detail/q11190170346

https://akudaikan-0.bbs.fc2bbs.net/?act=reply&tid=6587337

もっとも今回ペソネさんの場合はDNS Unlocerらしい症状は出てないと思いますが、今のところこのDP45977C.lflについては検索しても日本語サイトでは伏魔殿しかヒットしないようです。

一応手動目視で確認したほうがよさそうなので、Cドライブ内に下記が存在するか確認してもらえますか。

C:\ProgramData\DP45977C.lfl

見つかっても手動で削除はしないで、ファイルの有無だけ教えてください。
その結果を聞いてから次の対応を考えましょう

悪代官
2022/12/10 (Sat) 21:54:16

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

CドライブにDP45977C.lflが確認されました。
日付を見る限り、リカバリ時に作成された様です。

そういえば、5ヶ月前に「Adwcleanerの誤検出？」というトピックで
DNSwalters.exeが検出されたと相談させてもらいました。
何らかの関係があるのでしょうか。

今のところ不審な挙動は見当たらないのですが、不安で仕方ありません。

ペソネ
2022/12/11 (Sun) 06:39:03

返信フォームへ

前回自分が見落としてましたか

>CドライブにDP45977C.lflが確認されました。
>日付を見る限り、リカバリ時に作成された様です。

はい、確認ありがとうございます。

>そういえば、5ヶ月前に「Adwcleanerの誤検出？」というトピックで
>DNSwalters.exeが検出されたと相談させてもらいました。
>何らかの関係があるのでしょうか。

下記トピですね。
https://akudaikan-0.bbs.fc2bbs.net/?act=reply&tid=8271028#17695776

確かに先の時点でも存在してたようです。
自分が見落としていたようで申し訳ありません。

とりあえず該当ファイルを処置しましょう。
またOTLでfixします。

このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。

用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」（赤字のボタン）を押してください。
これでOTLでの処置が開始されます。

しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
[2019/12/17 15:39:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

:Files
C:\ProgramData\DP45977C.lfl

:reg

:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------

悪代官
2022/12/11 (Sun) 20:52:24

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

OTLの作業を終えてから、1時間程様子を見ていましたが
特に不審な挙動はありませんでした。

こちらがOTLのログになります。お手数をおかけしますが、検証よろしくお願いします。
All processes killed
========== OTL ==========
C:\ProgramData\DP45977C.lfl moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\DP45977C.lfl not found.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: XXXX
->Temp folder emptied: 1520983707 bytes
->Temporary Internet Files folder emptied: 78646 bytes
->FireFox cache emptied: 33251055 bytes
->Flash cache emptied: 2107 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 12288 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10248521 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,492.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.69.0 log created on 12112022_222048

Files\Folders moved on Reboot...
File\Folder C:\DumpStack.log.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ペソネ
2022/12/12 (Mon) 00:00:16

返信フォームへ

アドウェアは必要以上に恐れなくてもいいものです

作業と報告、ご苦労様です。
OTL処置後のログを見せてもらいましたが無事処置出来ているようです。
successfully（処置成功）となってます。

一応再度ACを更新後にスキャンしてみてください。
DNSwalters含む悪玉がまだ検出されるとは思えませんが確認はしておきましょう。
スキャン後にまたそのログをレスで見せてください。
それとHJTログ、CCでインストール情報と各タブのログも取り直して同時に見せてもらえますか。

一応案内しておくと、DNS Unlocker系はアドウェアのカテゴリに分類されるものが多く、ユーザーが望まない広告を表示して嫌がられることはありますがPC内の個人情報を盗む性質を持つものは少ないようです。
古くから『ウイルス』の通称が一般的な個人情報を盗み取る真性のマルウェアと、広告を表示するアドウェアに対してセキュリティソフトベンダーが後者の検出削除に積極的でないのはこの事情もあります。
他にも様々な事情が絡んでいるためアドウェアは今でも検出さえサポートしないセキュリティソフトは少なくありませんが、個人情報を盗み取る性質を兼ね備えるアドウェアはアドウェアの範疇に収まらなくなるので多くのベンダーのセキュリティソフトも対応に動きます。
アドウェアのベンダーもそれを知っているので、あえてマルウェアそのものなアドウェアをばらまくようなことは避けるでしょう。
完全に巧妙で検出処置も困難な危険アドウェアを作成配布している悪意の者（大規模な組織）も存在するので油断はできませんが。

上記の背景から、アドウェアの多くは検出処置が面倒なことはあっても不安がらないでください

悪代官
2022/12/12 (Mon) 22:08:01

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

悪代官さんに解説して頂いたおかげで安心できました。

こちらが各ログになります。お手数をおかけしますが、検証よろしくお願いします。
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-13-2022
# Duration: 00:00:07
# OS: Windows 11 (Build 22000.1219)
# Scanned: 32097
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:56:17, on 2022/12/13
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.22000.0120)

Boot mode: Normal

Running processes:
C:\Program Files\NTTW\Security\SEC\UIFramework\uiWinMgr.exe
C:\Program Files\NTTW\Security\SEC\UIFramework\uiWinMgr.exe
C:\Program Files\NTTW\Security\SEC\UIFramework\uiWinMgr.exe
C:\Program Files\NTTW\Security\SEC\UIFramework\uiWinMgr.exe
C:\Users\XXXX\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\BHO\ie_to_edge_bho.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O3 - Toolbar: Trend ツールバー - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_4D7D77F120A72D51F6BD27E97162BD95] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\NTTW\Security\SEC\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Security Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_61ac9 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Optane(TM) Memory Service (iaStorAfsService) - Intel Corporation - C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe
O23 - Service: Intel(R) Graphics Command Center Service (igccservice) - Unknown owner - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe
O23 - Service: @oem35.inf,%SocketHECIServiceName%;Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) - Intel(R) Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service: @oem35.inf,%TPMProvisioningServiceName%;Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) - Intel(R) Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT Meter - NEC Personal Computers, Ltd. - c:\Windows\SysWOW64\NTMETER.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TmWscSvc - Trend Micro Inc. - C:\Program Files\NTTW\Security\SEC\TmWscSvc\TmWscSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8462 bytes

インストールリスト
3D ビューアー Microsoft Corporation 2022/03/24 1.0.35.0
BUFFALO エアステーション設定ツール Buffalo Inc. 2022/05/13 2.1.2
CCleaner Piriform 2022/12/06 6.06
Cortana Microsoft Corporation 2022/06/19 4.2204.13303.0
HEIF Image Extensions Microsoft Corporation 2022/05/11 1.0.43012.0
Intel(R) Management Engine Components Intel Corporation 2019/12/17 1920.12.0.1273
Intel(R) Processor Graphics Intel Corporation 2020/09/29 26.20.100.7870
Intel® Graphics Control Panel INTEL CORP 2022/03/20 3.3.0.0
iTunes Apple Inc. 2022/10/26 12126.1.57048.0
Malwarebytes version 4.5.18.226 Malwarebytes 2022/11/23 4.5.18.226
Maps Microsoft Corporation 2022/03/24 1.0.28.0
Microsoft Edge Microsoft Corporation 2022/12/10 108.0.1462.46
Microsoft Edge WebView2 Runtime Microsoft Corporation 2022/12/11 108.0.1462.46
Microsoft Store Microsoft Corporation 2022/12/06 22210.1401.10.0
Microsoft Store エクスペリエンスホスト Microsoft Corporation 2022/11/11 12207.44.6.0
Microsoft Update Health Tools Microsoft Corporation 2022/04/07 0.99 MB 4.67.0.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2018/03/08 4.84 MB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 2018/03/08 6.83 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2018/03/08 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2018/05/11 9.54 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2018/03/08 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2018/03/08 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2018/03/08 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2020/12/02 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 2020/12/02 11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2020/12/02 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Corporation 2020/12/02 12.0.30501.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Corporation 2020/12/02 12.0.30501.0
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 Microsoft Corporation 2020/12/02 14.0.22816.0
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 Microsoft Corporation 2020/12/02 14.26.28720.3
Microsoft 付箋 Microsoft Corporation 2022/10/19 4.5.7.0
Mixed Reality ポータル Microsoft Corporation 2021/07/16 2000.21051.1282.0
Mozilla Firefox (x64 ja) Mozilla 2022/11/30 107.0.1
Mozilla Maintenance Service Mozilla 2019/12/18 68.3.0
MPEG-2 ビデオ拡張機能 Microsoft Corporation 2022/10/26 1.0.50901.0
Music Center for PC Sony Corporation 2021/12/16 280 MB 2.5.0.11260
NEC MFKB Driver NEC Personal Computers, Ltd. 2019/12/17 77.0 KB 1.19.1314
NX PAD Driver ELAN Microelectronic Corp. 2022/03/22 15.16.11.3
OneNote for Windows 10 Microsoft Corporation 2022/06/19 16.14326.20837.0
People Microsoft Corporation 2022/05/06 10.2105.4.0
Print 3D Microsoft Corporation 2022/03/22 3.3.791.0
Realtek Card Reader Realtek Semiconductor Corp. 2022/03/22 10.0.15063.21300
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2022/03/22 6.0.1.8125
Snipping Tool Microsoft Corporation 2022/10/21 11.2209.2.0
Solitaire & Casual Games Microsoft Studios 2022/12/09 4.15.12020.0
Trend Micro Titanium 西日本電信電話株式会社 2022/04/23 450 MB 17.71
VP9 Video Extensions Microsoft Corporation 2022/10/26 1.0.52781.0
Web メディア拡張機能 Microsoft Corporation 2021/10/11 1.0.42192.0
Webp Image Extensions Microsoft Corporation 2022/10/26 1.0.52351.0
Windows PC 正常性チェック Microsoft Corporation 2021/10/22 11.4 MB 3.2.2110.14001
Windows Print
Windows Web Experience Pack Microsoft Windows 2022/11/06 421.20070.765.0
Windows サウンドレコーダー Microsoft Corporation 2022/12/01 11.2208.28.0
Windows セキュリティ Microsoft Corporation 2022/08/31 1000.22621.1.0
Xbox Game bar Microsoft Corporation 2020/06/13 1.54.4001.0
Xbox Game Bar Microsoft Corporation 2022/11/06 5.822.10271.0
Xbox Game Speech Window Microsoft Corporation 2022/03/22 1.21.13002.0
Xbox Identity Provider Microsoft Corporation 2022/11/16 12.95.3001.0
Xbox Live Microsoft Corporation 2022/03/22 1.24.10001.0
Xbox コンソールコンパニオン Microsoft Corporation 2022/06/23 48.89.25001.0
アプリインストーラー Microsoft Corporation 2022/10/10 1.18.2691.0
インテル® グラフィックス・コマンド・センター INTEL CORP 2022/10/15 1.100.3408.0
カメラ Microsoft Corporation 2022/12/09 2022.2210.9.0
クロック Microsoft Corporation 2022/11/11 11.2209.11.0
スマートフォン連携 Microsoft Corporation 2022/11/23 1.22092.214.0
セキュリティ対策ツール西日本電信電話株式会社 2022/04/23 17.71
デバイス製造元からの HEVC ビデオ拡張機能 Microsoft Corporation 2022/10/26 2.0.51121.0
ヒント Microsoft Corporation 2022/12/01 10.2210.3.0
フィードバック Hub Microsoft Corporation 2022/03/24 1.2203.761.0
フォト Microsoft Corporation 2022/11/23 2022.31110.14005.0
フォトメディアエンジンアドオン Microsoft Corporation 2021/10/08 1.0.0.0
ペイント Microsoft Corporation 2022/10/01 11.2208.6.0
ペイント 3D Microsoft Corporation 2022/03/10 6.2203.1037.0
メモ帳 Microsoft Corporation 2022/12/09 11.2210.5.0
メール/カレンダー Microsoft Corporation 2022/05/20 16005.14326.20970.0
問い合わせ Microsoft Corporation 2022/11/02 10.2208.2551.0
天気 Microsoft Corporation 2022/11/11 4.53.43112.0
日本語ローカルエクスペリエンスパック Microsoft Corporation 2022/11/12 22000.28.135.0
電卓 Microsoft Corporation 2022/11/06 11.2209.0.0

スタートアップ
無効 HKCU:Run CCleaner Smart Cleaning Piriform Software Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run MicrosoftEdgeAutoLaunch_4D7D77F120A72D51F6BD27E97162BD95 Microsoft Corporation "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
有効 HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
有効 HKLM:Run NECMFK NEC Personal Computers, Ltd. C:\Program Files\necmfk\necmfk.exe
有効 HKLM:Run Platinum Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSessionAgent.exe" 1
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
有効 HKLM:Run SecurityHealth Microsoft Corporation %windir%\system32\SecurityHealthSystray.exe
有効 HKLM:Run Trend Micro Client Framework Trend Micro Inc. "C:\Program Files\NTTW\Security\UniClient\UiFrmWrk\UIWatchDog.exe"

スケジュールされたタスク
無効 Task CCleanerCrashReporting Piriform Software C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "2c50d56c-8913-4635-999c-8bfe38cb4918" --version "6.06.10144" --silent
有効 Task CCleanerSkipUAC - XXXX Piriform Software Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task MicrosoftEdgeUpdateTaskMachineCore Microsoft Corporation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
有効 Task MicrosoftEdgeUpdateTaskMachineUA Microsoft Corporation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
有効 Task necNbSchedRun NEC Personal Computers, Ltd. "C:\Program Files\necbatt\nbSched.exe"
有効 Task OneDrive Standalone Update Task v2 %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

コンテキストメニュー
有効 Directory PowerShell ウィンドウをここで開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 Directory ファイルの所有権
有効 Drive PowerShell ウィンドウをここで開く(S) powershell.exe -noexit -command Set-Location -literalPath '%V'
有効 File MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 File {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll
有効 Folder MBAMShlExt Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
有効 Folder {48F45200-91E6-11CE-8A4F-0080C81A28D4} Trend Micro Inc. C:\Program Files\NTTW\Security\UniClient\UiFrmwrk\tmdshell.dll

サービス
有効 Service Elan Service ELAN Microelectronics Corp. "C:\Program Files\Elantech\ETDService.exe"
無効 Service Intel(R) Capability Licensing Service TCP IP Interface Intel(R) Corporation C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
有効 Service Intel(R) Content Protection HDCP Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHDCPSvc.exe
無効 Service Intel(R) Content Protection HECI Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch1.inf_amd64_484d2c1a08e1f7ed\IntelCpHeciSvc.exe
有効 Service Intel(R) Dynamic Application Loader Host Interface Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
有効 Service Intel(R) Graphics Command Center Service Intel(R) pGFX C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
有効 Service Intel(R) HD Graphics Control Panel Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe
有効 Service Intel(R) Management and Security Application Local Management Service Intel Corporation C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
無効 Service Intel(R) Optane(TM) Memory Service Intel Corporation C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe
有効 Service Intel(R) TPM Provisioning Service Intel(R) Corporation C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
有効 Service Malwarebytes Service Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
無効 Service Mozilla Maintenance Service Mozilla Foundation "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
有効 Service NT Meter NEC Personal Computers, Ltd. c:\Windows\SysWOW64\NTMETER.exe
無効 Service OpenSSH Authentication Agent C:\WINDOWS\System32\OpenSSH\ssh-agent.exe
有効 Service Platinum Host Service Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\plugin\Pt\PtSvcHost.exe"
有効 Service Security Solution Platform Trend Micro Inc. "C:\Program Files\NTTW\Security\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=1 -ad -bt=0
無効 Service TmWscSvc Trend Micro Inc. "C:\Program Files\NTTW\Security\SEC\TmWscSvc\TmWscSvc.exe"

IE
有効 Helper IEToEdge BHO Microsoft Corporation C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\BHO\ie_to_edge_bho.dll
有効 Helper IEToEdge BHO Microsoft Corporation C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\BHO\ie_to_edge_bho_64.dll
有効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Helper トレンドマイクロセキュリティツールバーヘルパー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll
有効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\UIFramework\ToolbarIE.dll
有効 Toolbar Trend ツールバー Trend Micro Inc. C:\Program Files\NTTW\Security\SEC\plugin\ToolbarIE64\ToolbarIE.dll

FF
有効 Extension Add-ons Search Detection 2.0.0 default-release Firefox 107.0.1 path
有効 Extension Amazon.com.au 1.9 default-release Firefox 107.0.1 path
有効 Extension Bing 1.3 default-release Firefox 107.0.1 path
有効 Extension DuckDuckGo 1.1 default-release Firefox 107.0.1 path
有効 Extension Firefox Screenshots 39.0.1 Mozilla <screenshots-feedback@mozilla.com> default-release Firefox 107.0.1 path
有効 Extension Form Autofill 1.0.1 default-release Firefox 107.0.1 path
有効 Extension Google 1.2 default-release Firefox 107.0.1 path
有効 Extension Picture-In-Picture 1.0.0 default-release Firefox 107.0.1 path
有効 Extension uBlock Origin 1.45.2 Raymond Hill & contributors default-release Firefox 107.0.1 path
有効 Extension Web Compatibility Interventions 107.1.0 default-release Firefox 107.0.1 path
無効 Extension WebCompat Reporter 1.5.0 Thomas Wisniewski <twisniewski@mozilla.com> default-release Firefox 107.0.1 path
有効 Extension Wikipedia (en) 1.1 default-release Firefox 107.0.1 path
有効 Extension Yahoo! JAPAN 1.0 default-release Firefox 107.0.1 path
有効 Extension ヤフオク! 1.3 default-release Firefox 107.0.1 path
有効 Extension 楽天市場 1.2 default-release Firefox 107.0.1 path
有効 Plugin 4.10.2557.0 Google LLC default-release Firefox 107.0.1 C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\gle0pcpf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
有効 Plugin OpenH264 Video Codec 1.8.1.2 Mozilla Corporation default-release Firefox 107.0.1 C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\gle0pcpf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

ペソネ
2022/12/13 (Tue) 02:02:46

返信フォームへ

様子見後、消したはずのファイルを確認です

作業と報告、ご苦労様です。
現在の各ログを見せてもらいましたが、今度はおかしなところは見えないようです。

それでは様子見に入りましょう。

普通にPCを使いながら1週間様子見してから、OTLでfixしたはずの下記がまた復活していないか確認してください。

C:\ProgramData\DP45977C.lfl

復活してなければいいですが、もしまた復活でもしていたらその旨教えてください。
復活していたら再度対応を考えましょう

悪代官
2022/12/13 (Tue) 21:26:27

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。
1週間後また報告に参りますので、その際はよろしくお願いします。

ペソネ
2022/12/14 (Wed) 06:48:31

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

1週間経ちましたので、報告させて頂きます。

確認したところ、DP45977C.lflは復活していませんでした。
また、何かしらの不審な挙動も発生しておりません。

ペソネ
2022/12/21 (Wed) 08:32:12

返信フォームへ

今回は残骸が見つかったわけですね

こんばんは。
様子見後の状態は落ち着いているようですね。

>確認したところ、DP45977C.lflは復活していませんでした。
>また、何かしらの不審な挙動も発生しておりません。

OTLでの処置は成功しましたね。
復活もしてないならいいと思います。

前回の相談で自分が見落としていたせいで余計な手間かけてしまってお詫びします。

ACで検出があったのもそれが絡んでいた可能性あります。
ただ、ファイル本体はACで検出されなかったわけですが、こういう動きは珍しくなくむしろ多い挙動です。
いわゆる残骸みたいなものですが、多くは本体が処置削除されて動かなくなったゴミ程度の遺留物です。

アドウェア程度の残骸なら単体で動かなくなった残骸は危険性も薄いですが、真性の危険マルウェアの場合は残骸も見逃せないほどの動きを再開することがありますが、そこまで危険なものなら各ベンダーのセキュリティソフトも本体同様検出処置対象にするはずです。

別の事例で説明すると、PCにインストールされたマルウェアアプリをユーザーが見つけてアンインストールしたのに消えないという問題がありました。
Windowsのコントロールパネル「プログラムと機能」欄からは該当アプリは消えていて表面上は見えないのに異常は続くので当掲示板に来られて解析したところ巧妙な作りが判明しました。

普通のアプリはインストールするとそれをアンインストールするための「アンインストーラー」と呼ばれるファイルも存在し、スタートメニューの該当ファイル欄でそれを表示起動させればアンインストールできます。
ですが上記の問題アプリは偽のアンインストーラーを用意して削除を図ったユーザーがそれを起動したら表面上はアンインストールできたように見せながら実際はPC内にしっかり残って生きて動いていました。

正常に削除するには偽物ではない本物のアンインストーラーから削除する必要がありましたがそれをわかりにくいところに置いていました。
解析したらそれもわかったので順番に案内して片付きましたが、悪質なプログラムほど

『削除できない、させない』

ための手口を弄してきます。

セキュリティソフトでスキャンすれば検出とその後の処置まで自動でできるのはよほどの小物だけです。
ちょっと手間かけたモノならセキュリティソフトの検出をかいくぐってきます。

ですがあまり深刻に考えなくても大丈夫。
基本的な自衛できていればPCに入り込まれる前に驚異の多くは防げます。
入りこまれたモノを解析処置するより、入り込むのを防ぐほうがはるかに簡単で効果も大なんですよ。

信頼できないサイトでなんでも「はい」「許可」クリックをせず、不安になったらすぐブラウザバックするかブラウザごと終了するだけでも結構な効果期待できます。

他にも気になる症状ありましたら教えてもらえますか。
特に異常ないなら今のところはいいと思いますが、また不安なこと起きたらいつでも質問してきていいです。
自分でわかる範囲なら協力いたします

悪代官
2022/12/21 (Wed) 22:19:25

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

悪代官さん、返信ありがとうございます。

今のところ気になる症状は発生しておりません。

解決して下さって、どうもありがとうございました。
またお世話になる事もあるかと思いますが、その際はよろしくお願いします。

ペソネ
2022/12/22 (Thu) 09:41:38

返信フォームへ

MBAMでもスキャンを

こんばんは。
レスが遅くなってすみません。

CCの各ログを見せてもらいました。
amazon絡みでログに出ているのはFFの下記だけですが

>有効 Extension Amazon.com.au 1.10 default-release Firefox 108.0.2 path

これは現在FFインストールすると最初から入っている検索エンジンのひとつで、無効化してもFFを使っていると自然に有効になってしまうし、ブラウザ設定で削除しても残骸が残ってしまうようなのでCC上にはこうやってログに現れます。
他の検索も同様で、深刻レベルではないですがFFのバグみたいなものでしょうか。
まさかFFが検索をわざと完全削除させない形にしているというわけではないでしょうが、いろんなアプリ、プログラムは提携する社の広告やサイトをブラウザ設定にデフォルト状態の設定して簡単には削除できなくする手口も珍しくありません。
当掲示板の過去相談でもひと頃は毎日見つかっていた事例です。

>Edgeの拡張機能は何もありませんでした。

はい、そちらもブラウザはいじられてなさそうなのでいいでしょう。
今回検出されたのはACだけでMBAMではスキャンしても検出ないなら実害はないかと思われます。
念のためCCでもFFタブで下記を無効化してから、MBAMでも最新状態でスキャンして検出あるようならそのログも見せてください。
またACでも無効化後にスキャンして同じモノが検出されるか確認をお願いします。

悪代官
2023/01/08 (Sun) 21:33:20

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

MBAMとACでスキャンしましたが、検出はありませんでした。

ペソネ
2023/01/09 (Mon) 08:35:28

返信フォームへ

ユーザー設定でバランスを選択することになります

こんばんは。
またレスが遅くなってごめんなさい。

>MBAMとACでスキャンしましたが、検出はありませんでした。

はい、ACでも検出なくなっているならよさそうですね。
先のスキャンで検出されたのを隔離もしてないならamazonの広告履歴かcookieをACが過剰検出したんでしょうか？
自分の環境でもamazonや他の大手サイトにブラウザ閲覧したあとにセキュリティソフトでそのcookieや履歴が検出されることは珍しくありませんが、それくらいならブラウザのほうで履歴消去すれば掃除できます。

信頼できないサイトならサードパーティのcookieを受け入れない設定にしておけば防げますが、こういう有名サイトのcookieまで受け入れない設定にすると結構不便になるので普通はあまりお勧めしないんですね。
具体的にはフリーゲームサイトで画面が表示されなくなったり、webコミックサイトで閲覧できなくなるといった支障が現れます。
安全性と利便性をどこまでバランス選択するかは各ユーザーの判断になるのが不可避ですね。

悪代官
2023/01/10 (Tue) 22:44:49

返信フォームへ

Re: AdwcleanerでPUP.Optional.Legacy検出

返信ありがとうございます。

私の過剰反応でお手数をお掛けしてしまって申し訳ありませんでした。
またお世話になる事もあるかと思いますが、その際はよろしくお願いします。

ペソネ
2023/01/10 (Tue) 23:33:58

返信フォームへ

返信フォーム

Template by マシマロック