chyby v registroch

Zpráva

5manager5 · #1 Příspěvek od **5manager5** » 10 pro 2016 18:45

Zdravím,

poslednú dobu nájdem vždy čosi drobné v registroch. Čím to je?

- minule mi AdwCleaner nevedel vymazať nejaké veci v registroch...pomohla až obnova systému

- teraz AdwCleaner nič nenašiel a MBAN tiež nič

čím to je?

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
http://www.malwarebytes.org

Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01

Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
saullerist :: DESKTOP-3SMP07F [administrator]

09.12.2016 18:15:51
mbar-log-2016-12-09 (18-15-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 317634
Time elapsed: 30 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [98a5201d522aff379934eb09cd367a86]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [f24bca730c70e155bd2913e12dd6a759]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [83baba832b51ad89c4423bbc12f1a15f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [211cc5784933b97db914db192ed5d42c]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [e35a54e92d4fd165a541fff55da67e82]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [2c11300d324acb6b9373768136cd49b7]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

#2 Příspěvek od **Rudy** » 10 pro 2016 19:13

Zdravím!
Trojáci a Hijackery. Nechodíte do "temných zákoutí" internetu?

5manager5 · #3 Příspěvek od **5manager5** » 10 pro 2016 19:29

"temných zákoutí" internetu

pod tým myslíte čo?

ako kedy...ale veľmi nie...

len je zaujímavé, že niektorý scan nástroj nájde problém a iný nie...a notebook je vždy veľmi rýchly, tak neviem

väčšinou ale schytám len adware či podobné veci...asi vyskakovacie reklamy a podobne a zapisuje sa to niekde do registrov...tipujem

ak si otvorím stránku len vo vyrovnávacej pamäti Google môžem tiež niečo chytiť?

#4 Příspěvek od **Rudy** » 10 pro 2016 20:20

Myslím tím cracky a péčka.

Ty nálezy jsou pro to typické. Faktem ale je, že vám toto odhalí jen některý skener. Záleží na jeho databázi malwaru. Zapisují se do nastavení prohlížeče. Otevření jen z vyrovnávací paměti by váš PC ohrozit nemělo.

5manager5 · #5 Příspěvek od **5manager5** » 12 pro 2016 15:28

využívam vždy len overené zdroje, neoverené nie. Skôr to môže byť tým ak občas pozerám futbal, ktorý nevysielajú v TV a využijem alternatívny zdroj, aj keď ho odporúčajú overené zdroje.

Aký scanner na preventívnu kontrolu doporučujete?

Prikladám FRST, preistotu na kontrolu

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by saullerist (administrator) on DESKTOP-3SMP07F (12-12-2016 15:20:30)
Running from C:\Users\saullerist\Desktop
Loaded Profiles: saullerist (Available Profiles: saullerist)
Platform: Windows 10 Home Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2016-11-23] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1796023744-1759536030-3900380101-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)
HKU\S-1-5-21-1796023744-1759536030-3900380101-1002\...\RunOnce: [Uninstall C:\Users\saullerist\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\saullerist\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1eddc115-acc8-4936-babc-2c9a8d0c49d8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1796023744-1759536030-3900380101-1002 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1796023744-1759536030-3900380101-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF ProfilePath: C:\Users\saullerist\AppData\Roaming\Mozilla\Firefox\Profiles\dnihtkl4.default-1481223607214 [2016-12-12]
FF Homepage: Mozilla\Firefox\Profiles\dnihtkl4.default-1481223607214 -> www.google.sk
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-28] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-28] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-28] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)
FF Plugin HKU\S-1-5-21-1796023744-1759536030-3900380101-1002: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946312 2016-10-30] (Microsoft Corporation)
S4 debugregsvc; C:\WINDOWS\System32\debugregsvc.dll [29184 2016-07-15] (Microsoft Corporation)
S3 DeveloperToolsService; C:\Windows\System32\DeveloperToolsSvc.exe [104448 2016-07-15] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 SshBroker; C:\WINDOWS\System32\SshBroker.dll [360960 2016-07-15] (Microsoft Corporation)
S3 SshProxy; C:\WINDOWS\System32\SshProxy.dll [275456 2016-07-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2016-11-23] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WebManagement; C:\WINDOWS\system32\WebManagement.exe [1000448 2016-09-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a016bus; C:\WINDOWS\System32\drivers\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\WINDOWS\System32\drivers\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\WINDOWS\System32\drivers\a016obex.sys [125480 2008-01-18] (MCCI Corporation)
R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-12-08] ()
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2016-11-29] ()
S3 HWHandSet; C:\WINDOWS\System32\drivers\hw_quusbmdm.sys [223232 2015-05-07] (Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\WINDOWS\System32\drivers\hw_usbdev.sys [116864 2015-05-07] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2016-12-11] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 s0016bus; C:\WINDOWS\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\WINDOWS\System32\drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\WINDOWS\System32\drivers\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\WINDOWS\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\WINDOWS\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\WINDOWS\System32\drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\WINDOWS\System32\drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\WINDOWS\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 s1018bus; C:\WINDOWS\System32\drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\WINDOWS\System32\drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\WINDOWS\System32\drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\WINDOWS\System32\drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 s1029bus; C:\WINDOWS\System32\drivers\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\WINDOWS\System32\drivers\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\WINDOWS\System32\drivers\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\WINDOWS\System32\drivers\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
S3 s1039mgmt; C:\WINDOWS\System32\drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\WINDOWS\System32\drivers\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\WINDOWS\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 s916bus; C:\WINDOWS\System32\drivers\s916bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s916mgmt; C:\WINDOWS\System32\drivers\s916mgmt.sys [130088 2007-11-02] (MCCI Corporation)
S3 s916obex; C:\WINDOWS\System32\drivers\s916obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 se3ebus; C:\WINDOWS\System32\drivers\se3ebus.sys [107784 2007-04-10] (MCCI Corporation)
S3 se3emgmt; C:\WINDOWS\System32\drivers\se3emgmt.sys [126216 2007-04-10] (MCCI Corporation)
S3 se3eobex; C:\WINDOWS\System32\drivers\se3eobex.sys [123144 2007-04-10] (MCCI Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-06-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [51392 2016-11-23] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-10-07] (Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: debugregsvc -> C:\Windows\System32\debugregsvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 15:20 - 2016-12-12 15:22 - 00011534 _____ C:\Users\saullerist\Desktop\FRST.txt
2016-12-11 20:50 - 2016-12-12 15:20 - 00000000 ____D C:\FRST
2016-12-11 20:48 - 2016-12-11 20:50 - 02420224 _____ (Farbar) C:\Users\saullerist\Desktop\FRST64.exe
2016-12-10 18:17 - 2016-12-11 10:06 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-10 18:16 - 2016-12-11 14:22 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-10 18:16 - 2016-12-11 14:22 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-10 18:16 - 2016-12-11 14:22 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-10 18:16 - 2016-12-11 14:22 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-10 18:16 - 2016-12-10 18:16 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-10 18:16 - 2016-12-10 18:16 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-10 18:16 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-10 18:11 - 2016-12-10 18:12 - 51969976 _____ (Malwarebytes ) C:\Users\saullerist\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-08 21:07 - 2016-12-08 21:07 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-12-08 20:03 - 2016-12-08 20:03 - 00000000 ____D C:\Users\saullerist\AppData\Local\VirtualStore
2016-12-08 19:50 - 2016-12-08 19:29 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-12-08 15:24 - 2016-12-08 15:24 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1EB13F89.sys
2016-12-08 15:19 - 2016-12-08 15:19 - 00002880 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-08 15:19 - 2016-12-08 15:19 - 00000000 ____D C:\Program Files\CCleaner
2016-12-06 21:07 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2016-11-29 17:19 - 2016-11-29 17:19 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-11-29 16:55 - 2016-11-29 16:55 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-11-28 22:26 - 2016-11-29 13:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-28 22:26 - 2016-11-28 22:26 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-11-28 21:38 - 2016-11-28 21:49 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-28 21:38 - 2016-11-28 21:49 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-28 21:38 - 2016-11-28 21:38 - 00004034 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-28 21:38 - 2016-11-28 21:38 - 00003802 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-28 17:10 - 2016-12-11 14:26 - 00212668 _____ C:\WINDOWS\system32\perfh01B.dat
2016-11-28 17:10 - 2016-12-11 14:26 - 00063764 _____ C:\WINDOWS\system32\perfc01B.dat
2016-11-28 16:54 - 2016-11-28 16:54 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-28 16:03 - 2016-11-28 16:01 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-11-27 11:13 - 2016-11-28 15:50 - 00000000 ____D C:\Users\saullerist\AppData\Roaming\vlc
2016-11-27 11:12 - 2016-11-27 11:12 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-11-23 01:53 - 2016-11-23 01:53 - 00428736 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2016-11-23 01:53 - 2016-11-23 01:53 - 00262848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo33.dll
2016-11-23 01:53 - 2016-11-23 01:53 - 00051392 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2016-11-23 01:53 - 2016-11-23 01:53 - 00050880 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2016-11-22 16:54 - 2016-11-22 16:54 - 00000000 ____D C:\Users\saullerist\AppData\Roaming\Verimatrix
2016-11-22 16:01 - 2016-12-06 21:07 - 00000000 ____D C:\Program Files (x86)\Verimatrix
2016-11-19 15:19 - 2016-11-28 21:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-19 15:18 - 2016-11-28 21:54 - 00000000 ____D C:\Users\saullerist\AppData\Local\Google
2016-11-18 22:18 - 2016-11-18 22:18 - 00000000 ____D C:\Users\saullerist\AppData\Local\Macromedia
2016-11-18 22:12 - 2016-11-18 22:12 - 00000000 ____D C:\Program Files (x86)\FinalWire
2016-11-18 21:37 - 2016-12-03 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-18 21:37 - 2016-11-18 21:51 - 00000000 ____D C:\Users\saullerist\AppData\Local\Mozilla
2016-11-18 21:37 - 2016-11-18 21:37 - 00000000 ____D C:\Users\saullerist\AppData\Roaming\Mozilla
2016-11-18 21:36 - 2016-12-03 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-18 19:49 - 2016-11-29 16:56 - 00000000 ____D C:\Program Files\Microsoft Office
2016-11-18 19:05 - 2016-11-18 19:05 - 00000000 ____D C:\Users\saullerist\AppData\Roaming\Macromedia
2016-11-18 18:24 - 2016-11-28 16:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-18 17:29 - 2016-11-18 17:29 - 00000000 ____D C:\Users\saullerist\AppData\Local\MicrosoftEdge
2016-11-18 17:28 - 2016-11-18 17:28 - 00003300 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-11-18 17:26 - 2016-11-18 17:28 - 00002393 _____ C:\Users\saullerist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-18 17:26 - 2016-11-18 17:26 - 00000000 ____D C:\Users\saullerist\AppData\Roaming\Skype
2016-11-18 17:24 - 2016-11-18 17:24 - 00000000 ____D C:\Users\saullerist\AppData\Local\Comms
2016-11-18 17:23 - 2016-11-18 17:23 - 00000000 ____D C:\Users\saullerist\AppData\Roaming\ATI
2016-11-18 17:23 - 2016-11-18 17:23 - 00000000 ____D C:\Users\saullerist\AppData\Local\ATI
2016-11-18 17:21 - 2016-12-11 14:26 - 01279066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-18 17:21 - 2016-11-18 17:21 - 00000000 ____D C:\Users\saullerist\AppData\Local\Publishers
2016-11-18 17:20 - 2016-12-08 22:11 - 00000000 ____D C:\Users\saullerist\AppData\Local\Packages
2016-11-18 17:20 - 2016-11-18 19:03 - 00000000 ____D C:\Users\saullerist\AppData\Local\ConnectedDevicesPlatform
2016-11-18 17:20 - 2016-11-18 17:20 - 00000020 ___SH C:\Users\saullerist\ntuser.ini
2016-11-18 17:20 - 2016-11-18 17:20 - 00000000 ____D C:\Users\saullerist\AppData\Roaming\Adobe
2016-11-18 17:20 - 2016-11-18 17:20 - 00000000 ____D C:\Users\saullerist\AppData\Local\TileDataLayer
2016-11-18 17:10 - 2016-12-08 19:46 - 00000000 ____D C:\Users\saullerist
2016-11-18 17:06 - 2016-11-28 15:09 - 00000000 ____D C:\Program Files\ATI Technologies
2016-11-18 17:06 - 2016-11-28 15:09 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-11-18 17:05 - 2016-11-18 17:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-11-18 17:05 - 2016-11-18 17:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-11-18 17:05 - 2016-11-18 17:05 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-11-18 17:05 - 2016-11-18 17:05 - 00000000 ____D C:\Program Files\AMD
2016-11-18 17:05 - 2016-11-18 17:05 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-11-18 17:02 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-11-18 16:59 - 2016-12-11 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-18 16:58 - 2016-12-12 11:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-18 16:58 - 2016-12-03 21:53 - 00340744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-18 16:56 - 2016-11-19 14:09 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-18 16:56 - 2016-11-18 17:46 - 00000000 ____D C:\Windows.old
2016-11-18 16:56 - 2016-11-18 16:56 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-11-18 16:55 - 2016-11-18 16:58 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-11-18 16:55 - 2016-11-18 16:55 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-11-18 16:53 - 2016-11-18 16:53 - 00000000 ____D C:\Program Files\Synaptics
2016-11-18 16:52 - 2016-11-18 16:52 - 00000000 ____D C:\WINDOWS\Setup
2016-11-18 16:49 - 2016-11-18 16:49 - 00000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2016-11-18 16:49 - 2016-11-18 16:49 - 00000000 ___RD C:\WINDOWS\WebManagement
2016-11-18 16:49 - 2016-11-18 16:49 - 00000000 ____D C:\WINDOWS\OCR
2016-11-18 16:49 - 2016-11-18 16:49 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-11-18 16:49 - 2016-11-18 16:49 - 00000000 ____D C:\Program Files\MSBuild
2016-11-18 16:49 - 2016-11-18 16:49 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-18 16:49 - 2016-11-18 16:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\system32\sk
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\system32\0409
2016-11-18 16:48 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-11-18 16:44 - 2016-10-29 00:56 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-11-18 16:44 - 2016-10-29 00:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-18 16:42 - 2016-12-12 10:53 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-18 16:42 - 2016-12-10 17:18 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-18 16:42 - 2016-12-09 18:47 - 00000000 ____D C:\WINDOWS\TAPI
2016-11-18 16:42 - 2016-12-09 17:14 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-18 16:42 - 2016-11-29 17:19 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-18 16:42 - 2016-11-28 22:40 - 00000000 ____D C:\WINDOWS\rescache
2016-11-18 16:42 - 2016-11-28 22:25 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-18 16:42 - 2016-11-28 22:25 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ___RD C:\Program Files\Windows Defender
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\Provisioning
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-18 16:42 - 2016-11-28 17:06 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-18 16:42 - 2016-11-28 17:05 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-18 16:42 - 2016-11-28 15:55 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-11-18 16:42 - 2016-11-28 15:55 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-11-18 16:42 - 2016-11-28 15:55 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-11-18 16:42 - 2016-11-28 15:55 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-11-18 16:42 - 2016-11-28 15:55 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-11-18 16:42 - 2016-11-28 15:55 - 00000000 ____D C:\WINDOWS\system32\DDFs
2016-11-18 16:42 - 2016-11-28 15:55 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-11-18 16:42 - 2016-11-28 15:54 - 00000000 __RSD C:\WINDOWS\Media
2016-11-18 16:42 - 2016-11-28 15:54 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-11-18 16:42 - 2016-11-28 15:54 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-11-18 16:42 - 2016-11-28 15:52 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-11-18 16:42 - 2016-11-28 15:52 - 00000000 ____D C:\WINDOWS\system32\IME
2016-11-18 16:42 - 2016-11-28 15:51 - 00000000 ____D C:\WINDOWS\Globalization
2016-11-18 16:42 - 2016-11-28 15:51 - 00000000 ____D C:\WINDOWS\appcompat
2016-11-18 16:42 - 2016-11-28 15:35 - 00000000 ____D C:\WINDOWS\registration
2016-11-18 16:42 - 2016-11-18 17:18 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-11-18 16:42 - 2016-11-18 17:17 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-18 16:42 - 2016-11-18 17:11 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-18 16:42 - 2016-11-18 17:11 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-11-18 16:42 - 2016-11-18 17:07 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-11-18 16:42 - 2016-11-18 17:07 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-11-18 16:42 - 2016-11-18 16:56 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-11-18 16:42 - 2016-11-18 16:49 - 00000000 ____D C:\WINDOWS\SystemApps
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\system32\Com
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\IME
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\Help
2016-11-18 16:42 - 2016-11-18 16:48 - 00000000 ____D C:\Program Files\Common Files\System
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\Web
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\Vss
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\tracing
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SystemResources
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\ras
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\ias
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\System
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SKB
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\schemas
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\SchCache
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\security
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\Resources
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\PLA
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\Performance
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\InputMethod
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\Cursors
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\Branding
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\addins
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\Program Files\Windows NT
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\Program Files\Common Files\Services
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-18 16:42 - 2016-11-18 16:42 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-18 16:42 - 2016-11-18 16:38 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-11-18 16:42 - 2016-11-18 16:38 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-11-18 16:42 - 2016-11-18 16:38 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-11-18 16:42 - 2016-11-18 16:37 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-11-18 16:42 - 2016-11-18 16:37 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-11-18 16:42 - 2016-11-18 16:37 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-11-18 16:42 - 2016-11-18 16:37 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK
2016-11-18 16:42 - 2016-11-18 16:37 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-11-18 16:42 - 2016-11-18 16:37 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-11-18 16:42 - 2016-11-18 16:37 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-11-18 16:42 - 2016-11-18 16:37 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-11-18 16:42 - 2016-11-18 16:37 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-11-18 16:42 - 2016-11-18 16:37 - 00000219 _____ C:\WINDOWS\system.ini
2016-11-18 16:42 - 2016-11-18 16:37 - 00000092 _____ C:\WINDOWS\win.ini
2016-11-18 16:40 - 2016-12-08 16:31 - 00000000 ____D C:\WINDOWS\INF
2016-11-18 16:27 - 2016-12-11 17:29 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-18 16:20 - 2016-12-11 14:21 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-18 16:20 - 2016-11-18 17:00 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-18 16:20 - 2016-11-18 16:48 - 00000000 ____D C:\WINDOWS\servicing
2016-11-18 16:20 - 2016-11-18 16:42 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-11-15 19:57 - 2016-12-12 14:27 - 00000000 ____D C:\Users\saullerist\AppData\LocalLow\Mozilla

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-08 20:33 - 2016-01-12 10:47 - 00000000 ___RD C:\Users\saullerist\Disk Google
2016-11-28 22:27 - 2016-01-05 16:06 - 00000000 ___RD C:\Users\saullerist\OneDrive
2016-11-28 17:18 - 2016-01-05 16:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-23 01:53 - 2015-06-12 03:34 - 01813392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2016-11-23 01:53 - 2015-06-12 03:34 - 00773312 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2016-11-23 01:53 - 2015-06-12 03:34 - 00627392 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2016-11-23 01:53 - 2015-06-12 03:34 - 00277696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2016-11-23 01:53 - 2015-06-12 03:34 - 00051392 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2016-11-18 17:05 - 2016-01-06 00:47 - 00000000 ____D C:\AMD

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-02 17:06

==================== End of FRST.txt ============================

#6 Příspěvek od **Rudy** » 12 pro 2016 19:00

Doporučuji MBAM. Měl byste ale mít v PC antivir. Ten mívá skener a navíc ještě rezidentní ochranu. Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

5manager5 · #7 Příspěvek od **5manager5** » 13 pro 2016 19:34

log sám nenabehol, musel som ho otvoriť sám

antivírusom neverím, je to len platený vírus nič iné

a často antivírus aj tak kopu veci neodhalí, tak načo

radšej prídem sem

a po aférach aké mala napr. spoločnosť Eset je mi smiešno, že si nájmu ľudí čo vytvoria vírus a akože prví prídu s riešením

a ešte otázka aký skener odporúčate na keyloggery?

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by saullerist (13-12-2016 19:16:52) Run:1
Running from C:\Users\saullerist\Desktop
Loaded Profiles: saullerist (Available Profiles: saullerist)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27492176 B
Java, Flash, Steam htmlcache => 684 B
Windows/system/drivers => 158816 B
Edge => 838616 B
Chrome => 111616 B
Firefox => 53328966 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
saullerist => 43984799 B

RecycleBin => 51970132 B
EmptyTemp: => 169.6 MB temporary data Removed.

================================

The system needed a reboot.

#8 Příspěvek od **Rudy** » 13 pro 2016 19:50

Smazáno. Log by již měl být OK.

5manager5 · #9 Příspěvek od **5manager5** » 13 pro 2016 20:10

Ok, dakujem za pomoc a môžete mi odporučiť ten scanner?

#10 Příspěvek od **Rudy** » 13 pro 2016 20:43

My používáme MBAM a mohu ho doporučit i laikům.

5manager5 · #11 Příspěvek od **5manager5** » 14 pro 2016 11:53

dakujem, to je všetko !

#12 Příspěvek od **Rudy** » 14 pro 2016 21:00

Nemáte zač!

VIRY.CZ

chyby v registroch

chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch

Re: chyby v registroch