|
Plagegeister aller Art und deren Bekämpfung: Zugriffsrechte entzogenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.10.2014, 16:44 | #1 | |
| Zugriffsrechte entzogen Hallo, nach Jahren der Virenfreiheit habe ich nun folgendes mir nicht mehr erklärbaren Problem: Ich habe einen PC in einer Windows 2008-Server Domäne und bin Mitglied der Administratoren. Seit gestern habe ich öfters Verbindungsprobleme zum Firmennetzwerk (lokal), daraufhin wollte ich mir die Netzwerkverbindung ansehen, habe hier aber keinen Zugriff mehr. Auch direkt als Admin angemeldet keine Berechtigung. Fehler beim Aufrufen der Eigenschaften der LAN-Verbindung: "Sie verfügen nicht über die erforderlichen Berechtigungen, um die Verbindungseigenschaften zu konfigurieren. Setzen Sie sich mit dem Administrator in Verbindung" Den Status des Adapters kann ich einsehen und da gehen permanent Daten hin und her. Auch kann ich keine Programme deinstallieren. Hier erhalte ich auch die Meldung mit den fehlenden Berechtigungen. Zudem kann ich nun gar nicht mehr auf das Firmennetzwerk zugreifen. Per Internet/Temaviewer bin ich aber auf dem Rechner. Einen neuen lokalen Benutzer kann ich auch nicht anlegen, erhalte auch hier die Meldung der fehlenden Rechte. Wir habe in der Firma ESET als Virenscanner und bisher auch keine Probleme, Lizenz wurde gestern verlängert und ich habe auf meinem Client die Version neu installiert. Mehr ist nicht passiert. Aber auch wenn ich nun ESET deinstalliere, habe ich die gleichen Probleme. Der Virenscanner findet natürlich nichts, aber irgendwie stinkt das nach Virus. Onlinescanner hat nichts gefunden und die Logfile-Auswertung von HijackThis zeigt mit meinem Wissen auch nichts auffälliges. Daher hoffe ich un auf Eure Hilfe. Vielen Dank, mit verzweifelten Gruß, Tom LOGFILE: Zitat:
|
24.10.2014, 16:54 | #2 |
/// the machine /// TB-Ausbilder | Zugriffsrechte entzogen Du weißt dass wir keine Firmenrechner bereinigen wenn es dafür ne IT-Abteilung gibt die dafür bezahlt wird?
__________________
__________________ |
24.10.2014, 16:59 | #3 |
| Zugriffsrechte entzogen Hey, leider gibt es die ja nicht. Vielleicht wenigstens ein Tipp?
__________________Bin echt am verzweifeln. |
24.10.2014, 17:03 | #4 |
/// the machine /// TB-Ausbilder | Zugriffsrechte entzogen Du administrierst das also im Alleingang? Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Aber die speziellen Regeln für ne Firma solltest du trotzdem lesen: http://www.trojaner-board.de/108422-...-anfragen.html
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.10.2014, 19:47 | #5 |
| Zugriffsrechte entzogen Hallo, administrieren trifft das nicht wirklich, als kleine Handwerkerbude haben wir eigentlich andere Pläne. Daher vielen Dank, anbei die Dateien. FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014 Ran by Administrator (ATTENTION: The logged in user is not administrator) on WKS21 on 24-10-2014 18:15:49 Running from C:\Users\administrator\Downloads Loaded Profile: Administrator (Available profiles: thomas.ritter & Administrator & Thomas.Ritter) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => Z:\app\oflagent.exe HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.) HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKU\S-1-5-21-3165033377-2692220064-3786346793-500\...\Policies\system: [HideLogoffScripts] 0 HKU\S-1-5-21-3165033377-2692220064-3786346793-500\...\Policies\system: [HideLogonScripts] 0 HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-19] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{6CFD93F0-8D66-43D4-BF24-20FDD40A5C10}: [NameServer] 192.168.92.3,192.168.92.121,192.168.92.6,192.168.19.250 FireFox: ======== FF ProfilePath: C:\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\963e31c1.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Bitdefender QuickScan - C:\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\963e31c1.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-10-24] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-06-19] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Security\Mozilla Thunderbird Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.) S2 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fb_inet_server.exe [3927040 2009-02-27] (Firebird Project) [File not signed] S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed] S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] () S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) S2 SageDeploymentService; C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe [428400 2013-07-09] (Sage Software) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 18:15 - 2014-10-24 18:16 - 00012022 _____ () C:\Users\administrator\Downloads\FRST.txt 2014-10-24 18:15 - 2014-10-24 18:15 - 00000000 ____D () C:\FRST 2014-10-24 18:14 - 2014-10-24 18:14 - 02112000 _____ (Farbar) C:\Users\administrator\Downloads\FRST64.exe 2014-10-24 17:29 - 2014-10-24 17:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\administrator\Downloads\HiJackThis204(1).exe 2014-10-24 11:23 - 2014-10-24 11:23 - 00000000 ____D () C:\Program Files\ESET 2014-10-24 11:05 - 2014-10-24 17:35 - 00010296 _____ () C:\Users\administrator\Downloads\hijackthis.log 2014-10-24 11:05 - 2014-10-24 11:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\administrator\Downloads\HiJackThis204.exe 2014-10-24 11:04 - 2014-10-24 11:04 - 01125200 _____ () C:\Users\administrator\Downloads\HijackThis - CHIP-Installer.exe 2014-10-24 10:42 - 2014-10-24 10:42 - 00000386 _____ () C:\Users\administrator\Desktop\LAN-Verbindung - Verknüpfung.lnk 2014-10-24 10:42 - 2014-10-24 10:42 - 00000386 _____ () C:\Users\administrator\Desktop\LAN-Verbindung - Verknüpfung (2).lnk 2014-10-24 10:40 - 2014-10-24 17:30 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\QuickScan 2014-10-24 10:13 - 2014-10-24 10:14 - 02365840 _____ () C:\Users\administrator\Downloads\SecurityTaskManager_Setup.exe 2014-10-24 09:01 - 2014-10-24 09:01 - 00000000 ____D () C:\Users\administrator\AppData\Local\ESET 2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\Mozilla 2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Users\administrator\AppData\Local\Mozilla 2014-10-23 18:56 - 2014-10-23 18:56 - 00000000 ____D () C:\Users\administrator\AppData\Local\Macromedia 2014-10-23 18:55 - 2014-10-23 18:56 - 00000000 ____D () C:\Users\administrator\AppData\Local\NVIDIA Corporation 2014-10-20 13:32 - 2014-10-20 13:32 - 00001016 _____ () C:\Users\Public\Desktop\WinMerge.lnk 2014-10-20 13:32 - 2014-10-20 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge 2014-10-20 13:32 - 2014-10-20 13:32 - 00000000 ____D () C:\Program Files (x86)\WinMerge 2014-10-16 13:32 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 13:32 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 13:32 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 13:32 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 13:32 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-16 13:32 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 13:32 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 13:32 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-16 13:32 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-16 13:32 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-16 13:32 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-16 13:32 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-16 13:32 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 13:32 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 13:32 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 13:32 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 13:32 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-16 13:32 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 13:32 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 13:32 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 13:32 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 13:32 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 13:32 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 13:32 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 13:32 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 13:32 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 13:32 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 13:32 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-16 13:32 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 13:32 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 13:32 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 13:32 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-16 13:32 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 13:32 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 13:32 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-16 13:32 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 13:32 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-16 13:32 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-16 13:32 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 13:32 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-16 13:32 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 13:32 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-16 13:32 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-16 13:32 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-16 13:32 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-16 13:32 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-16 13:32 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-16 13:32 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 13:32 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 13:32 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 13:32 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 13:32 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 13:32 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-16 13:32 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-16 13:32 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-16 13:32 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 13:32 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-16 13:32 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 13:32 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-16 13:32 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-16 13:32 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 13:32 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-16 13:32 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-16 13:32 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 13:32 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-16 13:32 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 13:31 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 13:31 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-16 13:31 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 13:31 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-16 13:31 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 13:31 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-16 13:31 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 13:31 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 13:31 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 13:31 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 13:31 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 13:31 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 13:31 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 13:31 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 13:31 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-16 13:31 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-16 13:31 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-16 13:31 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-16 13:31 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-16 13:31 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-16 13:31 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 13:31 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-13 18:10 - 2014-10-13 18:10 - 00002741 _____ () C:\Users\Public\Desktop\Bizagi Modeler.lnk 2014-10-13 18:10 - 2014-10-13 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bizagi 2014-10-13 18:10 - 2014-10-13 18:10 - 00000000 ____D () C:\Program Files\Bizagi 2014-10-13 15:39 - 2014-10-13 15:39 - 00001031 _____ () C:\Users\Public\Desktop\MozBackup.lnk 2014-10-13 15:39 - 2014-10-13 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2014-10-13 15:39 - 2014-10-13 15:39 - 00000000 ____D () C:\Program Files (x86)\MozBackup 2014-10-13 09:35 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-10-13 09:35 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-10-09 16:23 - 2014-10-13 09:34 - 00000000 ____D () C:\Users\Thomas.Ritter.GLEICHFELD\AppData\Local\NVIDIA Corporation 2014-10-09 16:23 - 2014-10-09 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-10-09 16:23 - 2014-10-09 16:23 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-10-09 16:23 - 2014-09-17 04:13 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-10-09 16:23 - 2014-09-17 04:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-10-09 16:23 - 2014-09-17 04:12 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-10-09 16:23 - 2014-09-17 04:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-10-09 16:22 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-10-09 16:22 - 2014-07-02 12:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin 2014-10-09 16:20 - 2014-09-04 21:14 - 00034976 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-10-09 16:20 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-10-09 16:20 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-10-09 16:17 - 2014-10-09 16:17 - 00000000 ____D () C:\NVIDIA 2014-10-01 09:13 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 09:13 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-25 10:16 - 2014-09-25 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-24 09:28 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 09:28 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 17:24 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-24 17:24 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-24 17:24 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-24 17:17 - 2014-08-05 09:29 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-10-24 17:16 - 2014-06-18 19:51 - 02030191 _____ () C:\Windows\WindowsUpdate.log 2014-10-24 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-10-24 17:06 - 2014-06-19 09:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-24 17:01 - 2009-07-14 06:45 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-24 17:01 - 2009-07-14 06:45 - 00026128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-24 16:54 - 2014-06-19 12:18 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-24 16:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-24 16:54 - 2009-07-14 06:51 - 00036115 _____ () C:\Windows\setupact.log 2014-10-24 16:31 - 2014-06-19 15:39 - 00000000 ____D () C:\ProgramData\ESET 2014-10-24 16:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-24 11:24 - 2014-06-23 12:12 - 00000000 ____D () C:\Users\Thomas.Ritter.GLEICHFELD\AppData\Local\ESET 2014-10-24 11:09 - 2014-06-18 19:54 - 00000000 ____D () C:\Users\Thomas.Ritter.GLEICHFELD 2014-10-24 10:24 - 2014-06-18 20:08 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-10-24 10:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration 2014-10-24 10:00 - 2014-06-19 09:38 - 00000000 ____D () C:\Users\Thomas.Ritter.GLEICHFELD\AppData\Local\Adobe 2014-10-24 09:17 - 2014-06-19 13:42 - 00000000 ____D () C:\Program Files (x86)\Sage HR 2014-10-23 09:06 - 2014-06-19 09:00 - 00264988 _____ () C:\Windows\PFRO.log 2014-10-22 09:08 - 2014-06-19 09:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-21 08:59 - 2009-07-14 06:45 - 04963936 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-20 14:49 - 2014-06-19 10:02 - 00081336 _____ () C:\Users\Thomas.Ritter.GLEICHFELD\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-17 10:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-10-17 08:18 - 2014-06-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 19:03 - 2014-06-19 12:41 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-16 19:01 - 2014-06-19 12:41 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-13 18:10 - 2014-06-19 09:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-13 18:09 - 2014-06-19 13:30 - 00000000 ____D () C:\Users\Thomas.Ritter.GLEICHFELD\AppData\Local\Downloaded Installations 2014-10-13 09:35 - 2014-06-19 12:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-10-13 09:34 - 2014-06-19 13:00 - 00000000 ____D () C:\Users\Thomas.Ritter.GLEICHFELD\AppData\Local\NVIDIA 2014-10-13 09:34 - 2014-06-19 12:18 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-10-09 16:23 - 2014-06-19 12:48 - 00000000 ____D () C:\temp 2014-10-09 16:23 - 2014-06-19 12:18 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-10-02 15:53 - 2014-06-18 20:10 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-29 09:18 - 2014-06-19 09:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014 Ran by Administrator at 2014-10-24 18:16:21 Running from C:\Users\administrator\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden Advanced Office Password Recovery (HKLM-x32\...\{C2476EB8-FF5C-4E57-8057-9B39B72982CA}) (Version: 6.01.632.1887 - Elcomsoft Co. Ltd.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bizagi Modeler (HKLM-x32\...\InstallShield_{6FF58C73-C190-4801-9977-DFFA047767D8}) (Version: 2.8.08 - Bizagi Limited) Bizagi Modeler (Version: 2.8.08 - Bizagi Limited) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CDDRV_Installer (Version: 4.60 - Logitech) Hidden cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT) DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.) DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.) FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse) Firebird 2.1.2.18118 (x64) (HKLM\...\FBDBServer_2_1_x64_is1) (Version: 2.1.2.18118 - Firebird Project) German Module for Microsoft Dynamics NAV Classic Client (HKLM-x32\...\{00000000-0000-6002-3600-FDACB85853AF}) (Version: 6.0.32012.0 - Microsoft Corporation) German Module for Microsoft Dynamics NAV Role Tailored Client (HKLM-x32\...\{00000000-0000-6002-3600-0CE90DA3512B}) (Version: 6.0.32012.0 - Microsoft Corporation) HiPath TAPI 120 SP V2 (HKLM-x32\...\{EF5A4660-5C9F-4D37-8F77-9469647CB1C3}) (Version: 2.0.58.0000 - Siemens Enterprise Communications GmbH & Co. KG) Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Jet Express 2013 for Dynamics NAV (HKLM-x32\...\InstallShield_{E2BF381B-1A62-4D46-802A-A4B30A054199}) (Version: 14.1.14133.0 - Jet Reports) Jet Express 2013 for Dynamics NAV (x32 Version: 14.1.14133.0 - Jet Reports) Hidden KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden LanSend version 2.0.0.44 (HKLM-x32\...\LanSend_is1) (Version: 2.0.0.44 - LizardSystems) LanSpy (HKLM-x32\...\LanSpy_is1) (Version: - LanTricks.com) Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Dynamics NAV 2009 Classic (HKLM-x32\...\{00000000-0000-6002-0000-0000836BD2D2}) (Version: 6.0.32012.0 - Microsoft Corporation) Microsoft Dynamics NAV 2009 RoleTailored Client (HKLM-x32\...\{00000000-0000-6002-0020-0000836BD2D2}) (Version: 6.0.32012.0 - Microsoft Corporation) Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 SP1) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Analysis Services ADOMD.NET (HKLM\...\{3263AF75-148E-40A0-8623-7AE38D5906BA}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{36A207E4-8390-423F-9543-C964EECE34E3}) (Version: 10.52.4276.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Personalwirtschaft (x32 Version: 14.1.100 - Sage HR Solutions AG) Hidden QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.2.1.0722 - QNAP Systems, Inc.) Sage HR 2014.1 (HKLM-x32\...\InstallShield_{1000628F-EF8C-41ED-B54B-018C9BAC7A54}) (Version: 14.1.100 - Sage HR Solutions AG) Service Pack 2 for Microsoft Access 2010 Runtime (KB2687444) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version: - Microsoft) Service Pack 2 for Microsoft Access 2010 Runtime (KB2687444) 32-Bit Edition (x32 Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden StarMoney Business 6.0 (HKLM-x32\...\{C168361E-F843-4A41-A74C-54F7735A81B8}) (Version: 6.0 - Star Finanz GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-06-19 13:22 - 00001028 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? ==================== Loaded Modules (whitelisted) ============= 2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-06-19 13:23 - 2009-08-16 17:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:BA0A3F25 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3352218186-185253071-3996334923-500 - Administrator - Disabled) Gast (S-1-5-21-3352218186-185253071-3996334923-501 - Limited - Disabled) Thomas.Ritter (S-1-5-21-3352218186-185253071-3996334923-1000 - Administrator - Enabled) => C:\Users\Thomas.Ritter ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/24/2014 05:08:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0xbfc Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (10/24/2014 04:31:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: egui.exe, Version: 5.0.2237.0, Zeitstempel: 0x5422bd02 Name des fehlerhaften Moduls: MFC80U.DLL, Version: 8.0.50727.6195, Zeitstempel: 0x4dcde196 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000047ded ID des fehlerhaften Prozesses: 0xfb8 Startzeit der fehlerhaften Anwendung: 0xegui.exe0 Pfad der fehlerhaften Anwendung: egui.exe1 Pfad des fehlerhaften Moduls: egui.exe2 Berichtskennung: egui.exe3 Error: (10/24/2014 04:08:57 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1521) (User: GLEICHFELD) Description: Die Serverkopie des servergespeicherten Profils wurde nicht gefunden. Sie werden mit einem lokalen Benutzerprofil angemeldet. Änderungen an dem Profil werden nach der Abmeldung nicht auf den Server kopiert. Mögliche Fehlerursachen sind Netzwerkprobleme oder nicht ausreichende Sicherheitsrechte. Details - Der Netzwerkpfad wurde nicht gefunden. Error: (10/24/2014 11:33:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1521) (User: GLEICHFELD) Description: Die Serverkopie des servergespeicherten Profils wurde nicht gefunden. Sie werden mit einem lokalen Benutzerprofil angemeldet. Änderungen an dem Profil werden nach der Abmeldung nicht auf den Server kopiert. Mögliche Fehlerursachen sind Netzwerkprobleme oder nicht ausreichende Sicherheitsrechte. Details - Der Netzwerkpfad wurde nicht gefunden. Error: (10/24/2014 11:31:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1504) (User: GLEICHFELD) Description: Das servergespeicherte Profil konnte nicht vollständig aktualisiert werden. Details erhalten Sie in den vorhergehenden Ereignissen. Error: (10/24/2014 11:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: ekrn.exe, Version: 5.0.2237.0, Zeitstempel: 0x5422bc96 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften Prozesses: 0x15f0 Startzeit der fehlerhaften Anwendung: 0xekrn.exe0 Pfad der fehlerhaften Anwendung: ekrn.exe1 Pfad des fehlerhaften Moduls: ekrn.exe2 Berichtskennung: ekrn.exe3 Error: (10/24/2014 09:56:24 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm MSACCESS.EXE, Version 14.0.7015.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f04 Startzeit: 01cfef5b06d70eb4 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE Berichts-ID: 3a04afe9-5b53-11e4-8466-001d099ccab5 Error: (10/23/2014 11:47:37 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (10/23/2014 11:47:37 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (10/23/2014 05:28:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: MSACCESS.EXE, Version: 14.0.7015.1000, Zeitstempel: 0x51ccb78c Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x1774 Startzeit der fehlerhaften Anwendung: 0xMSACCESS.EXE0 Pfad der fehlerhaften Anwendung: MSACCESS.EXE1 Pfad des fehlerhaften Moduls: MSACCESS.EXE2 Berichtskennung: MSACCESS.EXE3 System errors: ============= Error: (10/24/2014 06:16:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:16:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:16:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:14:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:14:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:14:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:14:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:14:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:14:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (10/24/2014 06:09:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (10/24/2014 05:08:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141bbfc01cfef9c68498ddfC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllac0bdcec-5b8f-11e4-a445-001d099ccab5 Error: (10/24/2014 04:31:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: egui.exe5.0.2237.05422bd02MFC80U.DLL8.0.50727.61954dcde196c00000050000000000047dedfb801cfef940ebdd395C:\Program Files\ESET\ESET Endpoint Security\egui.exeC:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL64fe6fa5-5b8a-11e4-8347-001d099ccab5 Error: (10/24/2014 04:08:57 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1521) (User: GLEICHFELD) Description: Der Netzwerkpfad wurde nicht gefunden. Error: (10/24/2014 11:33:48 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1521) (User: GLEICHFELD) Description: Der Netzwerkpfad wurde nicht gefunden. Error: (10/24/2014 11:31:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1504) (User: GLEICHFELD) Description: Error: (10/24/2014 11:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ekrn.exe5.0.2237.05422bc96ntdll.dll6.1.7601.18247521ea8e7c00000050002e3be15f001cfef6c42e3dce2C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exeC:\Windows\SysWOW64\ntdll.dll88cd056b-5b5f-11e4-b4cf-001d099ccab5 Error: (10/24/2014 09:56:24 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: MSACCESS.EXE14.0.7015.1000f0401cfef5b06d70eb415C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE3a04afe9-5b53-11e4-8466-001d099ccab5 Error: (10/23/2014 11:47:37 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: c:\program files (x86)\Sage HR\DMS\dViewWeb.dllc:\program files (x86)\Sage HR\DMS\dViewWeb.dll8 Error: (10/23/2014 11:47:37 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: c:\program files (x86)\Sage HR\DMS\dViewRap.dllc:\program files (x86)\Sage HR\DMS\dViewRap.dll8 Error: (10/23/2014 05:28:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MSACCESS.EXE14.0.7015.100051ccb78cKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d177401cfeecef6caa06fC:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXEC:\Windows\syswow64\KERNELBASE.dll405636de-5ac9-11e4-bc01-001d099ccab5 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Percentage of memory in use: 15% Total physical RAM: 8190.18 MB Available physical RAM: 6941.75 MB Total Pagefile: 16378.53 MB Available Pagefile: 15172.5 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:22.06 GB) NTFS Drive j: (DATA) (Fixed) (Total:455.68 GB) (Free:249.66 GB) NTFS Drive k: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.55 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ Die lässt sich aber nicht installieren. Ein nicht behebbarer Fehler sit aufgetreten... Ich werde echt verrückt, eigentlich muss ich jetzt die Arbeitssachen für morgen packen Noch eine Sache aufgefallen. Ich kann nicht mal msconfig etc aufrufen. Hier kommt auch immer der Fehler "Sie sind nicht dazu berechtigt..." |
25.10.2014, 14:58 | #6 |
/// the machine /// TB-Ausbilder | Zugriffsrechte entzogen FRST bitte aus dem normalen Modus laufen lassen. Und unbedingt mit Adminrechten, also im Adminkonto.
__________________ --> Zugriffsrechte entzogen |
Themen zu Zugriffsrechte entzogen |
adobe flash player, bho, escan, explorer, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode 0xe0434352, fehlercode 24, firefox, flash player, hijack, hijackthis, hkus\s-1-5-18, hotspot, internet explorer, lizenz, microsoft, netzwerk, nvidia, problem, programme, software, windows |