Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.

Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.


Log-Analyse und Auswertung: Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.09.2015, 12:43   #1
salvi1990
 
Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht. - Standard

Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.


Hallo Zusammen

Kann seit gestern mein Laptop nicht mehr starten. Nach dem Anmelden erhalte ich nur ein blauer Bildschirm. Ich komme zwar in den Task Manager und kann dort auch explorer.exe starten, jedoch sehe ich kein Desktop und nichts.

Ich habe bereits CCleaner gestartet und aufgeräumt. Ich habe auch schon FRST gestartet und mir ein LOG machen lassen. Wie kann ich nun aus diesem LOG eine "Aufräum-Datei" erstellen?
Das LOG findet ihr im Anhang.

Zur Info... Neu aufsetzen wäre die letzte Lösung. Natürlich könnte ich die Dateien einfach wegkopieren, mir wäre lieber, wenn nicht.

Danke vielmals für eure Hilfe.

Alt 06.09.2015, 13:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht. - Standard

Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.


Hi,

Logs bitte immer in codetags in den Thread posten
__________________

__________________
Alt 06.09.2015, 13:17   #3
salvi1990
 
Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht. - Standard

Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.


Sorry


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by SYSTEM on MININT-VJOCKKM (06-09-2015 13:23:54)
Running from E:\
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7173632 2013-09-10] (Broadcom Corporation)
HKLM\...\Run: [RemotelyAnywhere GUI] => C:\Program Files (x86)\RemotelyAnywhere\x64\RAGui.exe [58456 2013-02-13] (LogMeIn, Inc.)
HKLM-x32\...\Run: [StartColumbus] => C:\Windows\columbus.exe [17555456 2014-06-16] (Brainware)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-04-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2295992 2013-07-24] (Trend Micro Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\RunOnce: [DCERegBootClean64] => C:\Windows\RegBootClean64.exe [240176 2015-09-04] (Trend Micro Inc.)
HKLM\...\Winlogon: [Userinit] C:\Program Files (x86)\RES Software\Workspace Manager\pwrinit.exe,C:\Windows\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] C:\Program Files (x86)\RES Software\Workspace Manager\pwrstart.exe [67888 2014-12-10] (RES Software) <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\roars\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-20] (Microsoft Corporation)
HKU\roars\...\Run: [OneDrive] => C:\Users\roars\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-19] (Microsoft Corporation)
HKU\roars\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe [77824 2015-08-31] ()
HKU\rode\...\RunOnce: [Adobe Speed Launcher] => 1430308781
HKU\sys_ars\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\sys_ars\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [4647 2015-09-05] ()
Startup: C:\Users\roars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk [2015-04-20]
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\roars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk [2013-09-11]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
Startup: C:\Users\roars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-11]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *  bsmain

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 bwColumbus; C:\Windows\columbus.exe [17555456 2014-06-16] (Brainware)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [696120 2013-05-22] (ESTOS GmbH)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\RemotelyAnywhere\x64\LMIGuardianSvc.exe [376192 2013-02-18] (LogMeIn, Inc.)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [370368 2014-02-20] (Microsoft Corporation)
S2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3404832 2013-09-17] (Trend Micro Inc.)
S2 RAMaint; C:\Program Files (x86)\RemotelyAnywhere\x64\RaMaint.exe [148864 2013-02-18] (LogMeIn, Inc.)
S2 RemotelyAnywhere; C:\Program Files (x86)\RemotelyAnywhere\x64\RemotelyAnywhere.exe [113600 2013-02-13] (LogMeIn, Inc.)
S2 RES; C:\Program Files (x86)\RES Software\Workspace Manager\svc\res.exe [1435952 2014-12-10] (RES Software)
S3 RESPESVC; C:\Program Files (x86)\RES Software\Workspace Manager\respesvc64.exe [48368 2014-12-10] (RES Software)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-20] (Microsoft Corporation)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-06-13] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3442640 2013-07-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917016 2013-07-01] (Trend Micro Inc.)
S2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2507344 2013-10-15] (VMware, Inc.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S2 WdsManPro; C:\ProgramData\iWdsManProi\WdsManPro.exe [709288 2015-09-04] (DTools LIMITED)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-19] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5858304 2013-09-10] (Broadcom Corporation)
S2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [688024 2012-05-31] (Ericsson AB)
S2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm.exe [474704 2013-11-01] (VMware, Inc.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-01] (Ericsson AB)
S1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-09-04] (Beijing Rising Information Technology Co., Ltd.)
S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-10-05] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-10-05] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-10-05] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-10-05] (MCCI Corporation)
S2 RAInfo; C:\Program Files (x86)\RemotelyAnywhere\x64\RaInfo.sys [16056 2013-02-13] (LogMeIn, Inc.)
S3 ramirr; C:\Windows\System32\DRIVERS\ramirr.sys [11576 2013-02-13] (LogMeIn, Inc.)
S4 RARfsClientNP; no ImagePath
S2 RARfsDriver; C:\Windows\system32\drivers\RARfsDriver.sys [72232 2013-02-13] (LogMeIn, Inc.)
S2 RES AppGuard; C:\Windows\SysWow64\DRIVERS\appguard_amd64.sys [48880 2014-12-10] (RES Software)
S2 RES ImgGuard; C:\Windows\SysWow64\DRIVERS\imgguard_amd64.sys [40688 2014-12-10] (RES Software)
S2 RES NetGuard; C:\Windows\SysWow64\DRIVERS\netguard_amd64.sys [37616 2014-12-10] (RES Software)
S2 RES RegGuard; C:\Windows\SysWow64\DRIVERS\regguard_amd64.sys [39152 2014-12-10] (RES Software)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-20] (Microsoft Corporation)
S1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-09-04] (Beijing Rising Information Technology Co., Ltd.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
S0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119168 2015-09-04] (Beijing Rising Information Technology Co., Ltd.)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [85376 2013-06-13] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173992 2013-06-26] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65336 2013-06-13] (Trend Micro Inc.)
S2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.)
S2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.)
S2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279312 2012-04-27] (Ericsson AB)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 radpms; system32\DRIVERS\radpms.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 03:08 - 2015-09-06 03:08 - 00000122 _____ C:\Windows\BWPatchDeploy.log
2015-09-06 03:06 - 2015-09-06 03:06 - 00000067 _____ C:\Windows\TMFilter.log
2015-09-06 03:05 - 2015-09-06 03:05 - 00448816 _____ C:\Windows\System32\FNTCACHE.DAT
2015-09-06 03:05 - 2015-09-06 03:05 - 00000056 _____ C:\Windows\setupact.log
2015-09-06 03:05 - 2015-09-06 03:05 - 00000000 _____ C:\Windows\setuperr.log
2015-09-06 03:05 - 2015-09-06 03:05 - 00000000 _____ C:\Windows\Brainware_4.log
2015-09-06 03:05 - 2015-09-06 03:05 - 00000000 _____ C:\Windows\Brainware_3.log
2015-09-06 03:05 - 2015-09-06 03:05 - 00000000 _____ C:\Windows\Brainware_2.log
2015-09-06 03:05 - 2015-09-06 03:05 - 00000000 _____ C:\Windows\Brainware_1.log
2015-09-06 03:05 - 2015-09-06 03:05 - 00000000 _____ C:\Windows\Brainware_0.log
2015-09-06 02:58 - 2015-09-06 02:58 - 00616130 _____ C:\Users\sys_ars\Desktop\cc_20150906_125820.reg
2015-09-06 02:51 - 2015-09-06 02:51 - 00000000 ____D C:\Users\sys_ars\AppData\Roaming\Adobe
2015-09-06 02:50 - 2015-09-06 02:50 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-09-06 02:49 - 2015-09-06 02:50 - 00000000 ____D C:\Program Files\CCleaner
2015-09-06 02:49 - 2015-09-06 02:49 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-05 06:57 - 2015-09-05 06:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-05 06:56 - 2015-09-05 06:56 - 00000000 ___RD C:\Users\sys_ars\OneDrive
2015-09-05 06:31 - 2015-09-06 13:23 - 00000000 ____D C:\FRST
2015-09-05 06:27 - 2015-09-05 06:29 - 00000000 ____D C:\AdwCleaner
2015-09-05 06:17 - 2015-09-06 02:57 - 00000000 ____D C:\Users\sys_ars\AppData\Roaming\Notepad++
2015-09-05 01:55 - 2015-09-05 06:56 - 00000000 ____D C:\users\sys_ars
2015-09-05 01:55 - 2015-09-05 01:55 - 00018180 __RSH C:\Users\sys_ars\ntuser.pol
2015-09-05 01:55 - 2015-09-05 01:55 - 00000020 ___SH C:\Users\sys_ars\ntuser.ini
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Vorlagen
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Startmenü
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Netzwerkumgebung
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Lokale Einstellungen
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Eigene Dateien
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Druckumgebung
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Documents\Eigene Musik
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Documents\Eigene Bilder
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\AppData\Local\Verlauf
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\AppData\Local\Anwendungsdaten
2015-09-05 01:55 - 2015-09-05 01:55 - 00000000 _SHDL C:\Users\sys_ars\Anwendungsdaten
2015-09-05 01:55 - 2015-08-24 21:04 - 00000000 ____D C:\Users\sys_ars\AppData\Roaming\Sun
2015-09-05 01:55 - 2013-09-10 23:39 - 00000000 ____D C:\Users\sys_ars\AppData\Local\Trend Micro
2015-09-05 01:55 - 2013-09-10 23:32 - 00000000 ____D C:\Users\sys_ars\AppData\Local\VMware
2015-09-05 01:55 - 2013-09-10 23:32 - 00000000 ____D C:\Users\sys_ars\AppData\Local\ESTOS
2015-09-05 01:55 - 2013-09-10 22:55 - 00000000 ____D C:\Users\sys_ars\AppData\Local\Microsoft Help
2015-09-05 01:55 - 2013-09-10 22:22 - 00000000 ____D C:\Users\sys_ars\AppData\Roaming\hpqLog
2015-09-05 01:49 - 2015-09-05 01:49 - 00035580 __RSH C:\Users\roars\ntuser.pol
2015-09-05 01:41 - 2015-09-05 01:41 - 00003148 _____ C:\Windows\System32\Tasks\{AB65B45A-E0D9-4BC9-B842-58CD5B3C2CAA}
2015-09-04 09:32 - 2015-09-04 09:29 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\System32\Drivers\hvm.sys
2015-09-04 07:35 - 2015-09-05 01:49 - 00000000 ___RD C:\RavBin
2015-09-04 07:35 - 2015-09-04 07:35 - 00000150 __RSH C:\rising.ini
2015-09-04 07:35 - 2015-09-04 07:35 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-09-04 07:35 - 2014-07-29 18:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-09-04 07:35 - 2014-01-01 23:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\System32\ravext64.dll
2015-09-04 07:35 - 2013-12-29 23:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-09-04 07:35 - 2012-09-05 16:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-09-04 07:34 - 2015-09-04 09:28 - 00119168 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\System32\Drivers\sysmon.sys
2015-09-04 07:34 - 2015-09-04 09:28 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\System32\Drivers\rsutils.sys
2015-09-04 07:34 - 2012-02-28 23:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\System32\Drivers\rsndisp.sys
2015-09-04 07:32 - 2015-09-04 07:34 - 00000000 ____D C:\Users\roars\AppData\Roaming\Tencent
2015-09-04 07:18 - 2015-09-04 07:18 - 00007436 _____ C:\Windows\RegBootClean64.CFG
2015-09-04 07:01 - 2015-09-04 07:01 - 00000000 ____D C:\Users\roars\AppData\Local\SysassistByHotWheel
2015-09-04 07:00 - 2015-09-05 01:40 - 00000000 ____D C:\Users\roars\AppData\Local\Unity
2015-09-04 07:00 - 2015-09-04 07:00 - 00000000 ____D C:\Users\roars\AppData\Roaming\IQIYI Video
2015-09-04 07:00 - 2015-09-04 07:00 - 00000000 ____D C:\Users\Public\QiYi
2015-09-04 06:59 - 2015-09-04 06:59 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-04 06:59 - 2015-09-04 06:59 - 00000000 ____D C:\ProgramData\iWdsManProi
2015-09-04 06:59 - 2015-09-04 06:59 - 00000000 ____D C:\Program Files (x86)\baidu
2015-09-04 06:57 - 2015-09-06 02:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2015-09-04 06:00 - 2015-09-04 06:00 - 00000000 ____D C:\swsetup
2015-08-31 21:27 - 2015-08-31 21:27 - 00000000 ____D C:\Users\roars\AppData\Roaming\Sun
2015-08-31 21:27 - 2015-08-31 21:27 - 00000000 ____D C:\Users\roars\.oracle_jre_usage
2015-08-25 00:46 - 2015-08-25 00:46 - 00005844 _____ C:\Users\roars\AppData\Local\axsysEN-GB-6.2.1000.8001.kti
2015-08-24 21:04 - 2015-08-24 21:04 - 00110688 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2015-08-24 21:04 - 2015-08-24 21:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2015-08-24 21:04 - 2015-08-24 21:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2015-08-23 20:51 - 2015-08-23 20:51 - 25191936 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-08-23 20:51 - 2015-08-23 20:51 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-23 20:51 - 2015-08-23 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-23 20:51 - 2015-08-23 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-08-23 20:48 - 2015-08-23 20:48 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-08-23 20:48 - 2015-08-23 20:48 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 03208192 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-08-23 20:47 - 2015-08-23 20:47 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-08-23 20:47 - 2015-08-23 20:47 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 14451200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 05923328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 02427904 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-08-23 20:46 - 2015-08-23 20:46 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-23 20:46 - 2015-08-23 20:46 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-08-23 20:46 - 2015-08-23 20:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-08-23 20:46 - 2015-08-23 20:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-08-23 20:46 - 2015-08-23 20:46 - 00389840 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-23 20:46 - 2015-08-23 20:46 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00260096 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-08-23 20:46 - 2015-08-23 20:46 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-23 20:46 - 2015-08-23 20:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-08-23 20:46 - 2015-08-23 20:46 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-23 20:46 - 2015-08-23 20:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 03722752 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 02004992 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2015-08-23 20:45 - 2015-08-23 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-08-23 20:44 - 2015-08-23 20:44 - 00124624 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-23 20:44 - 2015-08-23 20:44 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 05568960 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 01743360 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-08-23 20:42 - 2015-08-23 20:42 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-08-23 20:42 - 2015-08-23 20:42 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-08-23 20:42 - 2015-08-23 20:42 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-08-23 20:42 - 2015-08-23 20:42 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-08-23 20:42 - 2015-08-23 20:42 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-08-23 20:42 - 2015-08-23 20:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-23 20:42 - 2015-08-23 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-08-23 20:42 - 2015-08-23 20:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-23 20:39 - 2015-08-23 20:39 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\basesrv.dll
2015-08-23 20:38 - 2015-08-23 20:38 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2015-08-23 20:38 - 2015-08-23 20:38 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-23 20:38 - 2015-08-23 20:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 03:13 - 2013-09-10 22:09 - 00166742 _____ C:\Windows\Brainware.Log
2015-09-06 03:12 - 2011-11-10 01:19 - 00935650 _____ C:\Windows\System32\perfh010.dat
2015-09-06 03:12 - 2011-11-10 01:19 - 00224244 _____ C:\Windows\System32\perfc010.dat
2015-09-06 03:12 - 2011-11-10 01:11 - 00941320 _____ C:\Windows\System32\perfh00C.dat
2015-09-06 03:12 - 2011-11-10 01:11 - 00226978 _____ C:\Windows\System32\perfc00C.dat
2015-09-06 03:12 - 2011-11-10 01:04 - 00903748 _____ C:\Windows\System32\perfh007.dat
2015-09-06 03:12 - 2011-11-10 01:04 - 00227146 _____ C:\Windows\System32\perfc007.dat
2015-09-06 03:12 - 2009-07-13 21:13 - 04531516 _____ C:\Windows\System32\PerfStringBackup.INI
2015-09-06 03:12 - 2009-07-13 20:45 - 00019104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-06 03:12 - 2009-07-13 20:45 - 00019104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-06 03:08 - 2013-09-10 22:12 - 01379240 _____ C:\Windows\WindowsUpdate.log
2015-09-06 03:07 - 2013-09-10 23:39 - 11240760 _____ C:\Windows\SysWOW64\TmInstall.log
2015-09-06 03:07 - 2013-09-10 23:39 - 06034312 _____ C:\Windows\System32\TmInstall.log
2015-09-06 03:05 - 2013-09-10 22:30 - 00000000 ____D C:\Windows\Columbus Debug Files
2015-09-06 03:05 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-06 02:57 - 2013-09-11 08:06 - 00000000 ____D C:\Windows\Panther
2015-09-06 02:56 - 2013-12-27 22:04 - 00000000 ____D C:\Windows\Minidump
2015-09-06 02:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2015-09-06 02:35 - 2013-09-10 23:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-06 02:26 - 2015-01-22 22:13 - 00000000 ____D C:\ProgramData\RemotelyAnywhere
2015-09-05 06:46 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2015-09-05 06:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-09-05 01:55 - 2013-09-10 22:29 - 00000128 _____ C:\Windows\System32\config\netlogon.ftl
2015-09-05 01:53 - 2013-09-10 22:32 - 00000000 ____D C:\Windows\Columbus Log Files
2015-09-05 01:49 - 2013-09-11 00:56 - 00000000 ____D C:\users\roars
2015-09-05 01:49 - 2013-09-10 23:44 - 00010000 _____ C:\Windows\cfgall.ini
2015-09-05 01:33 - 2015-03-20 07:18 - 00000000 ____D C:\OneDrive
2015-09-05 00:54 - 2013-09-11 00:57 - 00000000 ____D C:\Users\roars\AppData\Roaming\Columbus
2015-09-04 07:35 - 2013-09-18 06:06 - 00129424 _____ C:\Users\roars\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-04 07:18 - 2014-11-24 22:01 - 00240176 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-09-04 07:00 - 2013-09-10 22:30 - 00029466 __RSH C:\ProgramData\ntuser.pol
2015-09-04 05:01 - 2013-09-11 04:02 - 00000000 ____D C:\Users\roars\AppData\Roaming\VMware
2015-09-03 23:23 - 2013-10-24 21:40 - 00007563 _____ C:\Users\roars\AppData\Local\RAExpertHistory.xml
2015-09-02 00:16 - 2014-09-30 22:07 - 00000000 ____D C:\Users\roars\AppData\Roaming\TeamViewer
2015-09-01 04:16 - 2015-01-20 07:18 - 00051712 _____ C:\Users\roars\java0.log
2015-09-01 04:16 - 2015-01-20 07:18 - 00003850 _____ C:\Users\roars\.ganttproject
2015-09-01 04:16 - 2015-01-20 06:40 - 00001774 _____ C:\Users\roars\ganttproject.log
2015-08-31 03:32 - 2013-09-10 23:04 - 00000000 ____D C:\Software
2015-08-30 20:48 - 2014-07-17 01:39 - 04364467 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT42.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 01099373 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT45.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00837271 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT41.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00524561 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT44.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00507367 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT43.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00272437 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT40.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00020679 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT36.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00016797 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT35.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00003291 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT15.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00000687 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT66.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00000473 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT113.auc
2015-08-30 20:48 - 2014-07-17 01:39 - 00000021 _____ C:\Users\roars\AppData\Local\ax_GUI_{1076109D-1FEF-4204-A761-567A0355EA64}_CRT39.auc
2015-08-26 21:33 - 2013-11-11 10:06 - 00000000 ____D C:\temp
2015-08-26 20:56 - 2013-09-10 23:31 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2015-08-25 21:01 - 2013-09-10 23:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-25 02:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-08-24 21:05 - 2015-06-02 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-24 21:05 - 2014-04-23 05:15 - 00000000 ____D C:\Program Files\Java
2015-08-24 21:05 - 2013-09-10 22:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-08-24 21:05 - 2013-09-10 22:47 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-08-24 21:05 - 2013-09-10 22:11 - 00000000 ____D C:\Windows\Cache
2015-08-24 21:01 - 2014-11-13 07:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-24 21:01 - 2014-11-13 07:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-23 20:33 - 2015-01-27 22:06 - 00000228 _____ C:\Windows\C
2015-08-23 20:33 - 2013-09-10 23:48 - 00004854 _____ C:\Windows\coladmin.cfg
2015-08-11 23:35 - 2013-09-10 23:48 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 23:35 - 2013-09-10 23:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 23:35 - 2013-09-10 22:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point date: 2015-08-20 02:53:06
Restore point date: 2015-08-23 20:38:39
Restore point date: 2015-08-23 20:39:07
Restore point date: 2015-08-23 22:32:36
Restore point date: 2015-08-31 00:28:54
Restore point date: 2015-09-05 06:46:55
Restore point date: 2015-09-06 03:00:04

==================== Memory info =========================== 

Percentage of memory in use: 7%
Total physical RAM: 16265.51 MB
Available physical RAM: 15040.99 MB
Total Virtual: 16263.71 MB
Available Virtual: 15042.78 MB

==================== Drives ================================

Drive c: (N7RO062) (Fixed) (Total:223.57 GB) (Free:119.47 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Bootfähig Windows 8 Pro) (Removable) (Total:7.5 GB) (Free:3.76 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6974E775)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 02162085)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)


LastRegBack: 2015-08-31 22:45

==================== End of FRST.txt ============================
--- --- ---
__________________
Alt 07.09.2015, 09:26   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht. - Standard

Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.


kommst Du gar nicht mehr auf den Desktop? Wenn möglich FRST bitte vom Desktop aus im normalen oder abgesicherten Modus.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.09.2015, 15:01   #5
salvi1990
 
Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht. - Standard

Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.


Hallo

Danke für Deine Antwort.

Ich habe mittlerweile mein Laptop neu aufgesetzt. Konnte nicht mehr warten.

Nein, ich kam nicht mehr auf meinen Desktop. Ich hatte nur einen blauen Bildschirm nach dem anmelden. Keine Taskleiste, keine Icons, gar nichts nur die Maus.
Ich konnte über CTRL+ALT+Delete den Task Manager starten und von dort aus den Explorer.

Das LOG hab ich durch "Computer reparieren" in der Eingabeauforderungsmaske erstellt.

Via Explorer hab ich mir meine wichtige Dateien auf den USB-Stick kopiert und dann halt alles neu aufgesetzt.

Danke trotzdem für deine Hilfe und einen schönen Tag wünsche ich Dir.


Alt 08.09.2015, 07:18   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht. - Standard

Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.


ok
__________________
--> Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.

Antwort

Themen zu Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.
anmelden, aufsetzen, bildschirm, blauer, blauer bildschirm, ccleaner, dateien, desktop, einfach, erhalte, erstellen, explorer.exe, gestartet, gestern, laptop, lieber, log, manager, melde, melden, natürlich, neu, nicht mehr, starte, task manager


« Mehrere Virenfunde und Virensoftware stürzt beim Suchlauf ab | Win 7 64 Bit Programme schließen/ Lassen sich nicht öffnen »


Ähnliche Themen: Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht.


  1. Beim starten von Windows 7 erscheint kurz ein Blauer Bildschirm mit englischem Text
    Plagegeister aller Art und deren Bekämpfung - 15.11.2015 (11)
  2. Windows 7 nach Anmelden Schwarzer Bildschirm mit Maus / nach einer Zeit Windows Funktioniert nicht mehr
    Alles rund um Windows - 09.02.2015 (1)
  3. Win7: Laptop stürzt immer wieder ab, danach blauer Bildschirm
    Log-Analyse und Auswertung - 09.05.2014 (17)
  4. Blauer Bildschirm=Laptop oder PC Absturz
    Alles rund um Windows - 25.04.2014 (1)
  5. Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (22)
  6. Windows XP - Nach dem Anmelden wird der Bildschirm komplett weiß
    Plagegeister aller Art und deren Bekämpfung - 29.12.2013 (5)
  7. Blauer Bildschirm nach Anmeldung
    Alles rund um Windows - 03.10.2013 (3)
  8. Weißer Bildschirm nach anmelden PC Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (6)
  9. Systemabsturz bei Firerfox,Thunderbird,Picasa, blauer Bildschirm erscheint
    Log-Analyse und Auswertung - 30.04.2013 (3)
  10. 2x | Weißer Bildschirm nach anmelden
    Mülltonne - 02.02.2013 (1)
  11. weißer bildschirm nach anmelden
    Log-Analyse und Auswertung - 02.02.2013 (1)
  12. Blauer Screen nach booten , kein Zugriff auf Desktop etc
    Plagegeister aller Art und deren Bekämpfung - 31.12.2012 (28)
  13. (2x) Trojaner: Grauer Bildschirm nach dem Anmelden...
    Mülltonne - 24.06.2012 (1)
  14. Grauer Bildschirm nach dem Anmelden...Meldung: Nach Problemlösung im Internet suchen
    Log-Analyse und Auswertung - 22.06.2012 (1)
  15. Nach absturz blauer bildschirm.
    Log-Analyse und Auswertung - 05.03.2010 (0)
  16. nach desktop blauer screen
    Alles rund um Windows - 28.10.2008 (6)
  17. Blauer Bildschirm nach dem Hochfahren
    Alles rund um Windows - 09.03.2008 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht. - Hallo Zusammen Kann seit gestern mein Laptop nicht mehr starten. Nach dem Anmelden erhalte ich nur ein blauer Bildschirm. Ich komme zwar in den Task Manager und kann dort auch - Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht....
Archiv
Du betrachtest: Blauer Bildschirm nach dem Anmelden auf dem Laptop. Desktop erscheint nicht. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130