| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: W32/Confick-O Datei rkqunq.z in System32Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
28.05.2015, 07:59
| #46 |
 |  W32/Confick-O Datei rkqunq.z in System32 Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by administrator at 2015-05-28 08:53:46
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3840907090-451933650-4095424516-500 - Administrator - Enabled)
Gast (S-1-5-21-3840907090-451933650-4095424516-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
usw
usw
usw
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.17 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0917-000001000000}) (Version: 9.17.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
Citrix Lizenzierung (HKLM-x32\...\{EE7A694A-15EE-4551-A267-EBF5904DD49D}) (Version: 7.1.10007 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix XenApp Plugin für gehostete Anwendungen (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
DocuWare (HKLM-x32\...\{4B77274C-532A-4324-A9A4-1CAFE884E652}) (Version: 6.1.838.4913 - DocuWare)
DocuWare 4 (HKLM-x32\...\DocuWare) (Version: - )
DocuWare Administration Tool (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Authentication Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client German Language Pack (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare COLD/READ (HKLM-x32\...\COLDREAD) (Version: - )
DocuWare ComponentInit (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Content Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Desktop (HKLM-x32\...\{A03EB08B-C706-4EC9-82FD-ACD9E372AFC4}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Full Text Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Imaging Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Internal Database (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Processor (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Notification Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR Service (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Platform (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Power Tools (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Service Control (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Settings (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare SettingsUI (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Stellent (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Thumbnail Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Update (HKLM-x32\...\{413E5334-A47C-48D9-8553-6389859443EE}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Upload Service (HKLM-x32\...\{582A3535-F4C7-4A58-A37F-1F84EBE0B8E7}) (Version: 6.1.838.4913 - DocuWare)
DocuWare VCET (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Services (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Viewer (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Windows Explorer Client 64 Bit (HKLM\...\{F0ED9BD6-22C4-4D07-89B8-BBC2B2876333}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Workflow Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Array Configuration Utility (HKLM-x32\...\{74C48700-A6A7-4B3D-BD3A-C4E131CDD8E8}) (Version: 8.50.5.0 - Hewlett Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{14A5045C-33EE-4596-AA69-8761611AE8EB}) (Version: 8.50.6.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 8.5.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{B7B52204-2CC8-477A-9C7A-382C31070A62}) (Version: 8.50.0.0 - Hewlett-Packard Company)
HP Lights-Out Online Configuration Utility (HKLM\...\{2E97856A-345A-475D-913C-B8A78406BDF6}) (Version: 3.1.0.0 - Hewlett-Packard Development Company, L.P.)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ProLiant iLO 3 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.0.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{CF222EB4-4EF7-40F4-A62B-A03E214C20DE}) (Version: 5.24.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{0F27A9B5-63FD-43DB-8230-FFE1E9CFE2C4}) (Version: 6.20.0.64 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 6.1.0 - Hewlett-Packard Company)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 6.1.0.842 - Hewlett Packard Development Company, L.P.)
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java SE Development Kit 7 Update 11 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021F0}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Web Platform Installer 2.0 (HKLM\...\{59996900-0E6C-45B7-8C39-C64CB98462E4}) (Version: 2.1.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
Network Scan (HKLM-x32\...\{98357EB8-C10E-414A-A6EC-F3392EA97D35}) (Version: - )
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.2 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Symantec Backup Exec (Hotfix 144101) (HKLM\...\{F2A04230-7059-4CC2-B6EE-EF94F3EBAAE2}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 147674) (HKLM\...\{8032B566-B386-413F-9A10-11F9A35C9B65}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 148347) (HKLM\...\{28602F3D-426C-4719-822F-BE550838034F}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 150096) (HKLM\...\{01FAED90-7E07-4F9D-912A-F5BE34036E3C}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 153090) (HKLM\...\{B248E5CA-CE2E-4BC4-925B-0B2181556C02}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 154003) (HKLM\...\{C51A8E2A-AA2E-4796-97BC-BA9935F607A6}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 155520) (HKLM\...\{3E049DBC-1D97-48EA-9FF4-35D5DFB89092}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 159293) (HKLM\...\{69F28399-DE3B-491F-8704-101B6FAE7210}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 162839) (HKLM\...\{52A3BF51-8937-4597-BEC1-7169F5C96295}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 164658) (HKLM\...\{25F384C2-0D2D-4CDF-B84D-1FE8E83001D0}) (Version: - Symantec Corporation)
Symantec Backup Exec (Service Pack 1) (HKLM\...\{D6F0513A-606E-44DA-B4FF-6BF542E3790F}) (Version: - Symantec Corporation)
Symantec Backup Exec (TM) 2010 R2 (HKLM\...\Symantec Backup Exec 13.0) (Version: 13.0.4164 - Symantec Corporation)
Symantec Backup Exec (Version: 13.0.4164 - Symantec Corporation) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trilead VM Explorer (HKLM-x32\...\{93836BB1-A704-4D3F-AB0A-CE990A2F5930}) (Version: 5.0.014.0 - Trilead AG)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.0.1087880 - VMware, Inc.)
VMware Virtual Disk Development Kit (HKLM-x32\...\{547EB317-F9FC-4571-B66A-83B3C9D6A2C8}) (Version: 5.1.0.774844 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.12319 - VMware, Inc.)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.2669 - VMware, Inc.)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {056A75D3-FA1F-482E-857B-4BCC5BD26775} - System32\Tasks\At36 => Rundll32.exe daewte.wo,ttmvqox <==== ATTENTION
Task: {05CBE2F0-8899-4897-98D3-89EAE7B271A2} - System32\Tasks\At33 => Rundll32.exe daewte.wo,pitvaepz <==== ATTENTION
Task: {08A7A9FF-4AE9-43D5-B6E5-D93C3CD9F985} - System32\Tasks\At48 => Rundll32.exe daewte.wo,voeab <==== ATTENTION
Task: {0A6F7E92-28F3-4113-8DEB-5C7589807332} - System32\Tasks\At6 => Rundll32.exe daewte.wo,dwdla <==== ATTENTION
Task: {112C971A-02F1-41EB-8E40-0915266C0E99} - System32\Tasks\At53 => Rundll32.exe daewte.wo,owqilce <==== ATTENTION
Task: {12AA5A70-5711-4DAF-80C2-3602C4004966} - System32\Tasks\At26 => Rundll32.exe daewte.wo,vcxbr <==== ATTENTION
Task: {317B0836-256F-4E68-BED0-D9F50683B1E9} - System32\Tasks\At39 => Rundll32.exe daewte.wo,miuzi <==== ATTENTION
Task: {391947A7-C088-4F84-B078-7EFED76E9412} - System32\Tasks\At24 => Rundll32.exe daewte.wo,lhwshpws <==== ATTENTION
Task: {3D955AF1-A863-446C-892E-1E40B8377333} - System32\Tasks\At4 => Rundll32.exe daewte.wo,ippivjw <==== ATTENTION
Task: {424E871A-4007-4586-858D-428CBFC96867} - System32\Tasks\At27 => Rundll32.exe daewte.wo,dhlsrqra <==== ATTENTION
Task: {4614223E-A7EB-4A02-B23A-965E8D0ACB2F} - System32\Tasks\At38 => Rundll32.exe daewte.wo,qcnhclfy <==== ATTENTION
Task: {48C532AB-9BBD-47C8-94FC-05B9810AA952} - System32\Tasks\At17 => Rundll32.exe daewte.wo,dniwmqb <==== ATTENTION
Task: {4A98097D-C8C5-45F5-B72C-894D875F7BBD} - System32\Tasks\At41 => Rundll32.exe daewte.wo,zpmtiip <==== ATTENTION
Task: {4ADD549F-4E7E-4881-B49E-D5ADD9DF60D8} - System32\Tasks\At31 => Rundll32.exe daewte.wo,scotxhgm <==== ATTENTION
Task: {4B87BE30-1C5A-4F95-AB8B-368B7DF3F56A} - System32\Tasks\At10 => Rundll32.exe daewte.wo,ldtyfezf <==== ATTENTION
Task: {4C6DA700-D97E-471F-9796-56695D0D3A3A} - System32\Tasks\At52 => Rundll32.exe daewte.wo,wmbiafi <==== ATTENTION
Task: {4D9E4576-618A-4D71-A83C-219A4A674637} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {505B93D6-9E31-4505-A8B2-2D031AE4BD05} - System32\Tasks\At47 => Rundll32.exe daewte.wo,ipfpfztu <==== ATTENTION
Task: {509D90FF-6965-48F5-AD36-EA495E89AA58} - System32\Tasks\At45 => Rundll32.exe daewte.wo,hiirpe <==== ATTENTION
Task: {55C78AE1-5BBA-4E49-A585-119D08816811} - System32\Tasks\At5 => Rundll32.exe daewte.wo,pcfzkbg <==== ATTENTION
Task: {5A996109-E612-44DB-8095-31BF618904B1} - System32\Tasks\At2 => Rundll32.exe daewte.wo,lrwabc <==== ATTENTION
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {6E420389-1505-4453-AE1E-6BC7E68A85CB} - System32\Tasks\At49 => Rundll32.exe daewte.wo,wfojwtnj <==== ATTENTION
Task: {7341A156-23EA-49AE-8D80-1D8C64749539} - System32\Tasks\At35 => Rundll32.exe daewte.wo,qtdys <==== ATTENTION
Task: {76390A34-1304-4D39-876E-9D3E28E97081} - System32\Tasks\At43 => Rundll32.exe daewte.wo,oauarnl <==== ATTENTION
Task: {77D77C76-54AD-401F-9A29-41585ABBBF95} - System32\Tasks\At56 => Rundll32.exe daewte.wo,queciq <==== ATTENTION
Task: {888BF298-492B-4A6A-B7E5-7ADC217474D0} - System32\Tasks\At37 => Rundll32.exe daewte.wo,hxgnxmm <==== ATTENTION
Task: {8D5792A0-8C5C-4588-801A-C2866B0B2FA1} - System32\Tasks\At20 => Rundll32.exe daewte.wo,kjvmznq <==== ATTENTION
Task: {8EC1798F-8AA3-4DD7-9A51-C08A3311A0A1} - System32\Tasks\At28 => Rundll32.exe daewte.wo,lgdjpx <==== ATTENTION
Task: {8F7D15ED-DC33-4BD6-9D93-5E660D520190} - System32\Tasks\At46 => Rundll32.exe daewte.wo,qjproa <==== ATTENTION
Task: {9584C4C8-679A-45C0-9981-7E11FF113F4A} - System32\Tasks\At34 => Rundll32.exe daewte.wo,badoq <==== ATTENTION
Task: {98A95F59-20CD-4E35-9D21-F20F9141264F} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [2010-11-20] (Microsoft Corporation)
Task: {A249F3EE-7711-4A95-80FF-BFBFFBCD9726} - System32\Tasks\At7 => Rundll32.exe daewte.wo,xdjksrm <==== ATTENTION
Task: {A7666115-F8A8-48F1-83ED-1F0A5305C6A6} - System32\Tasks\At50 => Rundll32.exe daewte.wo,yiibu <==== ATTENTION
Task: {A89A8380-E675-49AD-B90F-36E4A884F69A} - System32\Tasks\At22 => Rundll32.exe daewte.wo,izjxv <==== ATTENTION
Task: {AA8333E2-1D63-4FA6-8AF0-37CC32AC3370} - System32\Tasks\At16 => Rundll32.exe daewte.wo,zgfnlm <==== ATTENTION
Task: {AD7B710E-D7A3-4D88-ADFA-6CFA39826123} - System32\Tasks\At55 => Rundll32.exe daewte.wo,ljqskv <==== ATTENTION
Task: {AE745382-218B-4AD8-8007-96FEA29E91CF} - System32\Tasks\At21 => Rundll32.exe daewte.wo,ztbbojh <==== ATTENTION
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)
Task: {B2947853-DD78-4BFA-B418-32E89E88BEDB} - System32\Tasks\At13 => Rundll32.exe daewte.wo,kgwpb <==== ATTENTION
Task: {B3D3F7A6-4064-4DA7-8360-071ED748E7FE} - System32\Tasks\At25 => Rundll32.exe daewte.wo,olkccpyf <==== ATTENTION
Task: {B6A89C52-D95A-4FAB-A000-D216DB623561} - System32\Tasks\At12 => Rundll32.exe daewte.wo,ssfzai <==== ATTENTION
Task: {C445172F-BB72-4660-AC4B-F9ADE7732B08} - System32\Tasks\At18 => Rundll32.exe daewte.wo,fgpxrjen <==== ATTENTION
Task: {C6431945-7848-4193-B4F8-BDF59100FEB7} - System32\Tasks\At15 => Rundll32.exe daewte.wo,yxyoetrm <==== ATTENTION
Task: {C6DD51DA-4888-49E2-B863-F8B9059519E3} - System32\Tasks\At32 => Rundll32.exe daewte.wo,tzwaxo <==== ATTENTION
Task: {CF26341E-1E99-4D00-B8C5-DAE7F81CB071} - System32\Tasks\At19 => Rundll32.exe daewte.wo,vggquu <==== ATTENTION
Task: {D1C0087F-07C9-4952-84C7-55B3AA79C7F1} - System32\Tasks\At30 => Rundll32.exe daewte.wo,osvqjof <==== ATTENTION
Task: {D3E78C68-B729-49DA-9CA5-A6EC07CFABCB} - System32\Tasks\At40 => Rundll32.exe daewte.wo,iylpjt <==== ATTENTION
Task: {D3F5153E-1883-45F2-A816-9C2A0B198473} - System32\Tasks\DocuWare Update => C:\Program Files (x86)\DocuWare\Update\DocuWare.Update.exe [2013-07-16] (DocuWare AG)
Task: {D4842CCE-B442-4D6D-8BF6-67AFDB318ECD} - System32\Tasks\At44 => Rundll32.exe daewte.wo,ugqpj <==== ATTENTION
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {D96F0C38-45F4-4E37-AA32-9532F2E510C6} - System32\Tasks\At57 => Rundll32.exe daewte.wo,ftjniy <==== ATTENTION
Task: {D983EFDB-8DCC-4CD4-8D8B-C82A7915AF5E} - System32\Tasks\At9 => Rundll32.exe daewte.wo,ttafwcln <==== ATTENTION
Task: {E28DBF75-37A5-4CC1-8C71-6A4E305D768A} - System32\Tasks\At1 => Rundll32.exe daewte.wo,qghdosgr <==== ATTENTION
Task: {E393DAC3-546C-446A-AE36-5525E0C68B26} - System32\Tasks\At29 => Rundll32.exe daewte.wo,ictoj <==== ATTENTION
Task: {E403B6BE-428E-40E2-807B-911569554DA8} - System32\Tasks\At23 => Rundll32.exe daewte.wo,srwzfxk <==== ATTENTION
Task: {E6DAE39F-1A66-44E5-9D7A-910A03AE33BF} - System32\Tasks\At51 => Rundll32.exe daewte.wo,fqjenq <==== ATTENTION
Task: {E6E66B7A-F72D-4254-AF14-E967388B70ED} - System32\Tasks\At3 => Rundll32.exe daewte.wo,oadnykko <==== ATTENTION
Task: {F10E3252-40E0-453D-B716-66391DEFF7CB} - System32\Tasks\At11 => Rundll32.exe daewte.wo,lhmdvpva <==== ATTENTION
Task: {F616B617-75AE-4A8B-A2B9-C4753CD80914} - System32\Tasks\At14 => Rundll32.exe daewte.wo,bddvsv <==== ATTENTION
Task: {F6E52CDF-2347-4A5B-B429-D5F9A2963C24} - System32\Tasks\At8 => Rundll32.exe daewte.wo,lkqqak <==== ATTENTION
Task: {F8FA67E5-99BB-47F1-BD74-C85373A03BB5} - System32\Tasks\At54 => Rundll32.exe daewte.wo,tlkygk <==== ATTENTION
Task: {FE78F7D0-1F3E-48D0-88E2-EF21E596BD4B} - System32\Tasks\At42 => Rundll32.exe daewte.wo,ntpaw <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => UN rundll32 exe daewte wo qghdosgr SYSTEM Erstellt von NetScheduleJobAdd Ld Ti OQ
Task: C:\Windows\Tasks\At10.job => Dt rD nF rundll32 exe daewte wo ldtyfezf SYSTEM Erstellt von NetScheduleJobAdd EWG VC 6Q jy
Task: C:\Windows\Tasks\At11.job => H4K \vF rundll32 exe daewte wo lhmdvpva SYSTEM Erstellt von NetScheduleJobAdd qT fw emN Pt bl
Task: C:\Windows\Tasks\At12.job => Ul TF rundll32 exe daewte wo ssfzai SYSTEM Erstellt von NetScheduleJobAdd Px 2r 6i
Task: C:\Windows\Tasks\At13.job => / lK rundll32 exe daewte wo kgwpb SYSTEM Erstellt von NetScheduleJobAdd
Task: C:\Windows\Tasks\At14.job => eF rundll32 exe daewte wo bddvsv SYSTEM Erstellt von NetScheduleJobAdd bl Ri \
Task: C:\Windows\Tasks\At15.job => wA rundll32 exe daewte wo yxyoetrm SYSTEM Erstellt von NetScheduleJobAdd z6 qs 5N Fy \
Task: C:\Windows\Tasks\At16.job => rundll32 exe daewte wo zgfnlm SYSTEM Erstellt von NetScheduleJobAdd \ 05J vg ? R9
Task: C:\Windows\Tasks\At17.job => rundll32 exe daewte wo dniwmqb SYSTEM Erstellt von NetScheduleJobAdd ? yx 0Sz
Task: C:\Windows\Tasks\At18.job => rundll32 exe daewte wo fgpxrjen SYSTEM Erstellt von NetScheduleJobAdd PE Nnso Bm_ ?
Task: C:\Windows\Tasks\At19.job => p6 rundll32 exe daewte wo vggquu SYSTEM Erstellt von NetScheduleJobAdd A1 Ak 8y \ KZ
Task: C:\Windows\Tasks\At2.job => xF rundll32 exe daewte wo lrwabc SYSTEM Erstellt von NetScheduleJobAdd 05 e7 6uxZc eC
Task: C:\Windows\Tasks\At20.job => \ rundll32 exe daewte wo kjvmznq SYSTEM Erstellt von NetScheduleJobAdd hJ _u EUz
Task: C:\Windows\Tasks\At21.job => xG rundll32 exe daewte wo ztbbojh SYSTEM Erstellt von NetScheduleJobAdd vp 7 jo
Task: C:\Windows\Tasks\At22.job => rundll32 exe daewte wo izjxv SYSTEM Erstellt von NetScheduleJobAdd fI \ ? RAn / /Iz y5kv
Task: C:\Windows\Tasks\At23.job => rundll32 exe daewte wo srwzfxk SYSTEM Erstellt von NetScheduleJobAdd rJ hWX lQ
Task: C:\Windows\Tasks\At24.job => xs rundll32 exe daewte wo lhwshpws SYSTEM Erstellt von NetScheduleJobAdd QA Xh\
Task: C:\Windows\Tasks\At25.job => rundll32 exe daewte wo olkccpyf SYSTEM Erstellt von NetScheduleJobAdd 3A hc Sb
Task: C:\Windows\Tasks\At26.job => Uw rundll32 exe daewte wo vcxbr SYSTEM Erstellt von NetScheduleJobAdd SnU qdi / / Fz
Task: C:\Windows\Tasks\At27.job => ? rundll32 exe daewte wo dhlsrqra SYSTEM Erstellt von NetScheduleJobAdd a0 0D0Z qj4F uq
Task: C:\Windows\Tasks\At28.job => th rundll32 exe daewte wo lgdjpx SYSTEM Erstellt von NetScheduleJobAdd ? 0z ? wp /o
Task: C:\Windows\Tasks\At29.job => ? rundll32 exe daewte wo ictoj SYSTEM Erstellt von NetScheduleJobAdd S1a
Task: C:\Windows\Tasks\At3.job => EH rundll32 exe daewte wo oadnykko SYSTEM Erstellt von NetScheduleJobAdd yo vp
Task: C:\Windows\Tasks\At30.job => dG rundll32 exe daewte wo osvqjof SYSTEM Erstellt von NetScheduleJobAdd ENM \
Task: C:\Windows\Tasks\At31.job => rundll32 exe daewte wo scotxhgm SYSTEM Erstellt von NetScheduleJobAdd hq fi 2D lk4
Task: C:\Windows\Tasks\At32.job => rundll32 exe daewte wo tzwaxo SYSTEM Erstellt von NetScheduleJobAdd RW U5
Task: C:\Windows\Tasks\At33.job => rundll32 exe daewte wo pitvaepz SYSTEM Erstellt von NetScheduleJobAdd Mit 7X H7 oZ / ix
Task: C:\Windows\Tasks\At34.job => rundll32 exe daewte wo badoq SYSTEM Erstellt von NetScheduleJobAdd oo
Task: C:\Windows\Tasks\At35.job => gH rundll32 exe daewte wo qtdys SYSTEM Erstellt von NetScheduleJobAdd / gs
Task: C:\Windows\Tasks\At36.job => rundll32 exe daewte wo ttmvqox SYSTEM Erstellt von NetScheduleJobAdd 3Oc RY yg
Task: C:\Windows\Tasks\At37.job => ?/ XC rundll32 exe daewte wo hxgnxmm SYSTEM Erstellt von NetScheduleJobAdd pz eOp gy Ql
Task: C:\Windows\Tasks\At38.job => 7E rundll32 exe daewte wo qcnhclfy SYSTEM Erstellt von NetScheduleJobAdd / O1o 3c Jz
Task: C:\Windows\Tasks\At39.job => rundll32 exe daewte wo miuzi SYSTEM Erstellt von NetScheduleJobAdd im ta PG
Task: C:\Windows\Tasks\At4.job => jo rundll32 exe daewte wo ippivjw SYSTEM Erstellt von NetScheduleJobAdd gb dp
Task: C:\Windows\Tasks\At40.job => p5NF rundll32 exe daewte wo iylpjt SYSTEM Erstellt von NetScheduleJobAdd ip 9x HL DB Mm \ AlG
Task: C:\Windows\Tasks\At41.job => rundll32 exe daewte wo zpmtiiwSYSTEM Erstellt von NetScheduleJobAdd CP fr 4F
Task: C:\Windows\Tasks\At42.job => rundll32 exe daewte wo ntpaw SYSTEM Erstellt von NetScheduleJobAdd sh \ rP
Task: C:\Windows\Tasks\At43.job => rundll32 exe daewte wo oauarnl SYSTEM Erstellt von NetScheduleJobAdd j3 aa2 WY aX 7D sJW
Task: C:\Windows\Tasks\At44.job => i2 rundll32 exe daewte wo ugqpj SYSTEM Erstellt von NetScheduleJobAdd 3o D6
Task: C:\Windows\Tasks\At45.job => rundll32 exe daewte wo hiirpe SYSTEM Erstellt von NetScheduleJobAdd N7 VP bD KvG
Task: C:\Windows\Tasks\At46.job => nF rundll32 exe daewte wo qjproa SYSTEM Erstellt von NetScheduleJobAdd 5N FI 0La
Task: C:\Windows\Tasks\At47.job => rundll32 exe daewte wo ipfpfztu SYSTEM Erstellt von NetScheduleJobAdd ?l1 Hj ? hf pt
Task: C:\Windows\Tasks\At48.job => xS KJc rundll32 exe daewte wo voeab SYSTEM Erstellt von NetScheduleJobAdd gH
Task: C:\Windows\Tasks\At49.job => rundll32 exe daewte wo wfojwtnj SYSTEM Erstellt von NetScheduleJobAdd ? VGrB GP
Task: C:\Windows\Tasks\At5.job => eA rundll32 exe daewte wo pcfzkbg SYSTEM Erstellt von NetScheduleJobAdd rj zof Ahj \5y yh AT
Task: C:\Windows\Tasks\At50.job => rundll32 exe daewte wo yiibu SYSTEM Erstellt von NetScheduleJobAdd jN vz \
Task: C:\Windows\Tasks\At51.job => Ss CF rundll32 exe daewte wo fqjenq SYSTEM Erstellt von NetScheduleJobAdd \
Task: C:\Windows\Tasks\At52.job => lF rundll32 exe daewte wo wmbiafi SYSTEM Erstellt von NetScheduleJobAdd / TT Vbb
Task: C:\Windows\Tasks\At53.job => 2b rundll32 exe daewte wo owqilce SYSTEM Erstellt von NetScheduleJobAdd nOk vu 9I jr
Task: C:\Windows\Tasks\At54.job => rundll32 exe daewte wo tlkygk SYSTEM Erstellt von NetScheduleJobAdd ni rz bs hc
Task: C:\Windows\Tasks\At55.job => Ft9L rundll32 exe daewte wo ljqskv SYSTEM Erstellt von NetScheduleJobAdd 93 kGBK gd hK / ?
Task: C:\Windows\Tasks\At56.job => rundll32 exe daewte wo queciq SYSTEM Erstellt von NetScheduleJobAdd \ X2 11 slJ _I /
Task: C:\Windows\Tasks\At57.job => Ez nnC YH rundll32 exe daewte wo ftjniy SYSTEM Erstellt von NetScheduleJobAdd / yP Cax /
Task: C:\Windows\Tasks\At6.job => PZ 7r rundll32 exe daewte wo dwdla SYSTEM Erstellt von NetScheduleJobAdd f1 r m2
Task: C:\Windows\Tasks\At7.job => 2y YF rundll32 exe daewte wo xdjksrm SYSTEM Erstellt von NetScheduleJobAdd Yz /af k4 /
Task: C:\Windows\Tasks\At8.job => 7E rundll32 exe daewte wo lkqqak SYSTEM Erstellt von NetScheduleJobAdd 0j oz8 AY
Task: C:\Windows\Tasks\At9.job => rundll32 exe daewte wo ttafwcln SYSTEM Erstellt von NetScheduleJobAdd Fk G_ ?
==================== Loaded Modules (Whitelisted) ==============
2012-11-06 11:42 - 2012-11-06 11:40 - 00015360 _____ () C:\Windows\System32\KOAYXJ_L.DLL
2012-11-06 11:41 - 2012-11-06 11:36 - 00015360 _____ () C:\Windows\System32\KOAYQJ_L.DLL
2007-11-06 14:22 - 2010-10-01 14:58 - 00014848 _____ () C:\Windows\System32\KOBZQABL.dll
2011-02-11 11:27 - 2007-11-06 15:22 - 00014848 _____ () C:\Windows\System32\KOBZQJBL.dll
2012-12-03 15:23 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\sp6__l.dll
2012-12-03 16:01 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2012-12-03 13:22 - 2011-12-22 10:59 - 00034304 _____ () C:\Windows\System32\sx655lm.dll
2012-11-06 11:42 - 2012-11-06 11:40 - 00648704 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYXJ_O.DLL
2009-07-02 15:11 - 2009-07-02 15:11 - 06907144 _____ () C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
2009-06-25 15:54 - 2009-06-25 15:54 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 00255488 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\SSLEAY32.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 01362944 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\LIBEAY32.dll
2009-07-08 11:56 - 2009-07-08 11:56 - 05799936 _____ () D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
2013-06-26 12:06 - 2012-10-03 08:17 - 01786368 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMUD1P4Z.DLL
2010-04-28 16:37 - 2010-04-28 16:37 - 00048128 _____ () C:\Windows\system32\CpqNiMgt\CPQNIMIB.DLL
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\cpqnimgt\w2kmgdll.dll
2010-04-28 16:33 - 2010-04-28 16:33 - 00018432 _____ () C:\Windows\system32\cpqnimgt\cqnisnmp.dll
2010-04-28 16:37 - 2010-04-28 16:37 - 00025088 _____ () C:\Windows\system32\CpqNiMgt\NICMIB.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00193024 _____ () C:\Windows\system32\CpqMgmt\Cqmgstor\stormib.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\cqstrutl.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00007168 _____ () C:\Windows\system32\cpqmgmt\cqmgstor\storsnmp.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00027648 _____ () C:\Windows\system32\CpqMgmt\CqmgStor\iscsimib.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\bin\libxml2.dll
2010-09-16 11:57 - 2009-03-09 18:08 - 00072704 _____ () C:\hp\hpsmh\bin\zlib1.dll
2010-09-16 11:57 - 2010-01-28 11:10 - 01411584 _____ () C:\hp\hpsmh\bin\LIBEAY32.dll
2010-09-16 11:57 - 2010-01-28 11:04 - 00266240 _____ () C:\hp\hpsmh\bin\SSLEAY32.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\modules\libxml2.dll
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\CPQNiMgt\w2kmgdll.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00032768 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00043008 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQIDE.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00041472 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMDISK.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00057856 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMSCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00091136 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMIDA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00115200 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQFCA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQISCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\STORALRT.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQSAS.DLL
2015-05-27 14:55 - 2015-05-27 14:55 - 00008192 _____ () C:\ProgramData\Symantec\CRF\ASP Temporary Files\crf\dd9c2077\4634f6f\assembly\dl3\730989c4\517f8569_7c98d001\App_Web_chbiwuej.DLL
2015-05-26 14:05 - 2015-05-26 14:05 - 01276712 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 01094440 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00347432 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00465192 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_AnyTypeCode.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00087848 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00254248 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00511784 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00059176 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_CodecFactory.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00149800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00832296 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00044840 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Svc_Utils.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00075048 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00069416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI_Server.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00052520 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Codeset.dll
2013-04-09 08:49 - 2013-04-09 08:49 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMINI~1\AppData\Local\Temp\2\BGInfo.bmp
DNS Servers: 127.0.0.1 - 10.x.x.x
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [FSRM-SrmReports-In (RPC)] => (Allow) %systemroot%\system32\srmhost.exe
FirewallRules: [WINS-Service-In-TCP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-TCP] => (Allow) %systemroot%\System32\wins.exe
FirewallRules: [WINS-Service-In-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-In-RPC] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [{239A9729-E4B5-4A26-9E2A-4C638EE1F07C}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
FirewallRules: [{23CAB9E5-EBA1-4714-AC3F-93AAEE1FE06F}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
FirewallRules: [{261AED0A-51CC-4EFF-A902-B55A7D4182DB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{1DE329C8-74B8-4DBC-A604-549F3D4CDF29}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{3E67F204-39FD-42CA-9DB0-BFCCC20C1909}] => (Allow) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
FirewallRules: [{5BBE261D-BB69-4B62-A563-8CB4BEE2E566}] => (Allow) C:\Program Files\Symantec\Backup Exec\beserver.exe
FirewallRules: [{070B7B6E-BBC9-41AB-88CB-EC83C00354EE}] => (Allow) C:\Program Files\Symantec\Backup Exec\bengine.exe
FirewallRules: [{0DCA8D4A-0D0F-4660-A674-04C4C085157F}] => (Allow) C:\Program Files\Symantec\Backup Exec\beremote.exe
FirewallRules: [{C80DD1C4-4B87-4CDD-ADE6-630BE329BACC}] => (Allow) C:\Program Files\Symantec\Backup Exec\benetns.exe
FirewallRules: [{D3112E44-268F-4CB3-B7FF-5954419C42F4}] => (Allow) C:\Program Files\Symantec\Backup Exec\alertServer.exe
FirewallRules: [{5A68BD95-ABB4-427C-881E-83BF6F73FB5A}] => (Allow) C:\Program Files\Symantec\Backup Exec\spoold.exe
FirewallRules: [{4ED9E685-75B6-4C71-9C8F-F3F55710F7BB}] => (Allow) C:\Program Files\Symantec\Backup Exec\spad.exe
FirewallRules: [{F3203ED3-B989-4A87-B1E2-EAA1E46A82A6}] => (Allow) LPort=6160
FirewallRules: [{6B936BBC-6FB4-444E-9C2F-253FFE554AA4}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{45672FCB-6855-4F7A-8789-BB45490D64E8}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{AB8EA5A9-8B8A-4D33-8528-43DC16C795E0}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{A83ADABB-C55C-45A4-84E9-901737FD2690}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DF8A241E-9418-4BB2-B2E5-51562D546ED6}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7F976E60-71BE-4027-879B-74CE7CDDE412}] => (Allow) LPort=9089
FirewallRules: [{B4E5C7F0-EA9A-4ABC-8ED1-5ED454C1F42D}] => (Allow) LPort=8083
FirewallRules: [{2CBF83D0-17F3-4027-ABF0-6C55581AD46D}] => (Allow) LPort=111
FirewallRules: [{C2D35C1F-C81E-40CB-927D-9AB454B18456}] => (Allow) LPort=4242
FirewallRules: [{9B28BAD0-2510-4D25-8522-963C7893BF1A}] => (Allow) LPort=2049
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/27/2015 03:13:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {c57b4a10-2ae6-49ad-becb-2533057d9f2d}
Error: (05/27/2015 03:13:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {f08c1483-8407-4a26-8c26-6c267a629741}
Generatorname: WINS Jet Writer
Generatorinstanz-ID: {fd599f8f-e5fd-4bcc-b36e-215ee2d14624}
Error: (05/27/2015 03:13:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {5382579c-98df-47a7-ac6c-98a6d7106e09}
Generatorname: TermServLicensing
Generatorinstanz-ID: {0df08eb7-8bc5-4b7c-b6eb-585978e82076}
Error: (05/27/2015 03:13:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {be9ac81e-3619-421f-920f-4c6fea9e93ad}
Generatorname: Dhcp Jet Writer
Generatorinstanz-ID: {f46dfb3a-4722-4801-a74f-e5b2c97209d8}
Error: (05/27/2015 02:59:26 PM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/27/2015 02:58:16 PM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 02:58:14 PM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 02:57:15 PM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 02:57:13 PM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 02:56:14 PM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
System errors:
=============
Error: (05/27/2015 04:49:40 PM) (Source: NETLOGON) (EventID: 5805) (User: )
Description: Die Sitzungseinrichtung von Computer VERKAUF17 konnte nicht authentifiziert werden.
Der folgende Fehler ist aufgetreten:
%%5
Error: (05/27/2015 04:38:14 PM) (Source: NETLOGON) (EventID: 5723) (User: )
Description: Die Sitzung konnte vom Computer "VERKAUF17" nicht eingerichtet werden, da die Sicherheitsdatenbank
kein Vertrauenskonto "VERKAUF17$" entsprechend
dem angegebenen Computer enthält.
USER ACTION
Wenn dieses Ereignis das erste Mal für den angegebenen Computer
vorkommt, ist das eventuell ein vorübergehendes Problem, auf das
zurzeit nicht geachtet werden muss.
Wenn dies ein schreibgeschützter Domänencontroller ist und "VERKAUF17$" das legitime Computerkonto
für den Computer "VERKAUF17" ist, dann sollte "VERKAUF17" für diesen Standort
für die Zwischenspeicherung gewählt werden, falls erforderlich, oder gewährleisten Sie die Konnektivität mit einem
Domänencontroller, der die Anforderung bearbeiten kann (z.B. ein beschreibbarer Domänencontroller).
Andernfalls kann dieses Problem anhand der folgenden Schritte gelöst werden:
Wenn "VERKAUF17$" das legitime Computerkonto für den Computer "VERKAUF17" ist, sollte "VERKAUF17"
erneut der Domäne hinzugefügt werden.
Wenn "VERKAUF17$" das legitime domänenübergreifende Vertrauenskonto
ist, sollte die Vertrauensstellung neu erstellt werden.
Im Falle, dass "VERKAUF17$" kein legitimes Konto ist, sollte Folgendes
für "VERKAUF17" veranlasst werden:
Wenn "VERKAUF17" ein Domänencontroller ist, sollte die hiermit
verbundene Vertrauensstellung "VERKAUF17$" gelöscht werden.
Wenn "VERKAUF17" kein Domänencontroller ist, sollte es von der
Domäne entfernt werden.
Error: (05/27/2015 04:17:19 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (05/27/2015 02:58:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (05/27/2015 02:58:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Workflow Server" wurde nicht richtig gestartet.
Error: (05/27/2015 02:58:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Thumbnail Server" wurde nicht richtig gestartet.
Error: (05/27/2015 02:58:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Notification Server" wurde nicht richtig gestartet.
Error: (05/27/2015 02:57:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Job Processor" wurde nicht richtig gestartet.
Error: (05/27/2015 02:57:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Imaging Server" wurde nicht richtig gestartet.
Error: (05/27/2015 02:57:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Content Server" wurde nicht richtig gestartet.
Microsoft Office:
=========================
Error: (05/27/2015 03:13:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {c57b4a10-2ae6-49ad-becb-2533057d9f2d}
Error: (05/27/2015 03:13:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {f08c1483-8407-4a26-8c26-6c267a629741}
Generatorname: WINS Jet Writer
Generatorinstanz-ID: {fd599f8f-e5fd-4bcc-b36e-215ee2d14624}
Error: (05/27/2015 03:13:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {5382579c-98df-47a7-ac6c-98a6d7106e09}
Generatorname: TermServLicensing
Generatorinstanz-ID: {0df08eb7-8bc5-4b7c-b6eb-585978e82076}
Error: (05/27/2015 03:13:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {be9ac81e-3619-421f-920f-4c6fea9e93ad}
Generatorname: Dhcp Jet Writer
Generatorinstanz-ID: {f46dfb3a-4722-4801-a74f-e5b2c97209d8}
Error: (05/27/2015 02:59:26 PM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/27/2015 02:58:16 PM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 02:58:14 PM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 02:57:15 PM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 02:57:13 PM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 02:56:14 PM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5640 @ 2.67GHz
Percentage of memory in use: 49%
Total physical RAM: 8181.8 MB
Available physical RAM: 4100.2 MB
Total Pagefile: 16361.78 MB
Available Pagefile: 11951.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:68.33 GB) (Free:19.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:838.09 GB) (Free:335.02 GB) NTFS
Drive g: (INTEX) (Network) (Total:279.36 GB) (Free:33.08 GB) NTFS
Drive h: (DATEN) (Network) (Total:838.09 GB) (Free:335.02 GB) NTFS
Drive l: (DATEN) (Network) (Total:838.09 GB) (Free:335.02 GB) NTFS
Drive s: (DATEN) (Network) (Total:838.09 GB) (Free:335.02 GB) NTFS
Drive t: (DATEN) (Network) (Total:838.09 GB) (Free:335.02 GB) NTFS
Drive v: (DATEN) (Network) (Total:838.09 GB) (Free:335.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 68.3 GB) (Disk ID: 47C39B7C)
Partition 1: (Active) - (Size=68.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 838.1 GB) (Disk ID: 510C7675)
Partition 1: (Not Active) - (Size=838.1 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
28.05.2015, 08:16
| #47 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | W32/Confick-O Datei rkqunq.z in System32 Irgendwas stimmt mit den Logs nicht. Da sind schon wieder nervige Zeilenumbrüche drin, die die Struktur zerhauen. Achte beim nächsten Mal darauf, die Logs 1:1 zu posten - nicht mit einem anderen Programm vorher verarbeiten oder sonstwas.
__________________Bitte nun MBAR und das Kaspersky-Tool ausführen: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
28.05.2015, 09:19
| #48 |
| | W32/Confick-O Datei rkqunq.z in System32 MBAR:
__________________Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.28.02
rootkit: v2015.05.24.01
Windows Server 2008 R2 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
administrator :: DC [administrator]
28.05.2015 09:53:59
mbar-log-2015-05-28 (09-53-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 813463
Time elapsed: 10 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
TDSSKILLER: Code:
ATTFilter 10:14:42.0190 0x3798 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
10:15:01.0986 0x3798 ============================================================
10:15:01.0986 0x3798 Current date / time: 2015/05/28 10:15:01.0986
10:15:01.0986 0x3798 SystemInfo:
10:15:01.0986 0x3798
10:15:01.0986 0x3798 OS Version: 6.1.7601 ServicePack: 1.0
10:15:01.0986 0x3798 Product type: Domain controller
10:15:01.0986 0x3798 ComputerName: SVDC01
10:15:01.0986 0x3798 UserName: administrator
10:15:01.0986 0x3798 Windows directory: C:\Windows
10:15:01.0986 0x3798 System windows directory: C:\Windows
10:15:01.0986 0x3798 Running under WOW64
10:15:01.0986 0x3798 Processor architecture: Intel x64
10:15:01.0986 0x3798 Number of processors: 16
10:15:01.0986 0x3798 Page size: 0x1000
10:15:01.0986 0x3798 Boot type: Normal boot
10:15:01.0986 0x3798 ============================================================
10:15:03.0593 0x3798 KLMD registered as C:\Windows\system32\drivers\51629299.sys
10:15:03.0890 0x3798 System UUID: {C4B940EF-84C9-C1B9-996F-C0B7E7D4F193}
10:15:04.0498 0x3798 Drive \Device\Harddisk0\DR0 - Size: 0x1115598000 ( 68.33 Gb ), SectorSize: 0x200, Cylinders: 0x449A, SectorsPerTrack: 0x20, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:15:04.0498 0x3798 Drive \Device\Harddisk1\DR1 - Size: 0xD186247800 ( 838.10 Gb ), SectorSize: 0x200, Cylinders: 0x34961, SectorsPerTrack: 0x20, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:15:04.0514 0x3798 ============================================================
10:15:04.0514 0x3798 \Device\Harddisk0\DR0:
10:15:04.0514 0x3798 MBR partitions:
10:15:04.0514 0x3798 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x88A8CE0
10:15:04.0514 0x3798 \Device\Harddisk1\DR1:
10:15:04.0514 0x3798 MBR partitions:
10:15:04.0514 0x3798 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x68C30000
10:15:04.0514 0x3798 ============================================================
10:15:04.0529 0x3798 C: <-> \Device\Harddisk0\DR0\Partition1
10:15:04.0560 0x3798 D: <-> \Device\Harddisk1\DR1\Partition1
10:15:04.0560 0x3798 ============================================================
10:15:04.0560 0x3798 Initialize success
10:15:04.0560 0x3798 ============================================================
10:15:25.0231 0x25d8 ============================================================
10:15:25.0231 0x25d8 Scan started
10:15:25.0231 0x25d8 Mode: Manual; SigCheck; TDLFS;
10:15:25.0231 0x25d8 ============================================================
10:15:25.0231 0x25d8 KSN ping started
10:15:28.0023 0x25d8 KSN ping finished: true
10:15:28.0787 0x25d8 ================ Scan system memory ========================
10:15:28.0787 0x25d8 System memory - ok
10:15:28.0803 0x25d8 ================ Scan services =============================
10:15:28.0943 0x25d8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:15:29.0115 0x25d8 1394ohci - ok
10:15:29.0146 0x25d8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:15:29.0209 0x25d8 ACPI - ok
10:15:29.0224 0x25d8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:15:29.0271 0x25d8 AcpiPmi - ok
10:15:29.0318 0x25d8 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:15:29.0427 0x25d8 AdobeFlashPlayerUpdateSvc - ok
10:15:29.0458 0x25d8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:15:29.0521 0x25d8 adp94xx - ok
10:15:29.0536 0x25d8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:15:29.0583 0x25d8 adpahci - ok
10:15:29.0599 0x25d8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:15:29.0630 0x25d8 adpu320 - ok
10:15:29.0677 0x25d8 [ 012D4CE9215453F36C3ECE7B412427AD, 15AA4BA6044154EE0561875BD709CABCA83E02539A65FFA78FBFAE2E780B81AA ] ADWS C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
10:15:29.0895 0x25d8 ADWS - ok
10:15:29.0911 0x25d8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:15:30.0035 0x25d8 AeLookupSvc - ok
10:15:30.0067 0x25d8 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
10:15:30.0129 0x25d8 AFD - ok
10:15:30.0145 0x25d8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
10:15:30.0176 0x25d8 agp440 - ok
10:15:30.0176 0x25d8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
10:15:30.0238 0x25d8 ALG - ok
10:15:30.0254 0x25d8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
10:15:30.0285 0x25d8 aliide - ok
10:15:30.0285 0x25d8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
10:15:30.0316 0x25d8 amdide - ok
10:15:30.0332 0x25d8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:15:30.0363 0x25d8 AmdK8 - ok
10:15:30.0379 0x25d8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:15:30.0425 0x25d8 AmdPPM - ok
10:15:30.0441 0x25d8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:15:30.0488 0x25d8 amdsata - ok
10:15:30.0503 0x25d8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:15:30.0535 0x25d8 amdsbs - ok
10:15:30.0550 0x25d8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:15:30.0581 0x25d8 amdxata - ok
10:15:30.0628 0x25d8 [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
10:15:30.0691 0x25d8 AppHostSvc - ok
10:15:30.0706 0x25d8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
10:15:30.0815 0x25d8 AppID - ok
10:15:30.0831 0x25d8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:15:30.0893 0x25d8 AppIDSvc - ok
10:15:30.0925 0x25d8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
10:15:30.0971 0x25d8 Appinfo - ok
10:15:30.0987 0x25d8 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
10:15:31.0034 0x25d8 AppMgmt - ok
10:15:31.0049 0x25d8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:15:31.0081 0x25d8 arc - ok
10:15:31.0096 0x25d8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:15:31.0127 0x25d8 arcsas - ok
10:15:31.0268 0x25d8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:15:31.0315 0x25d8 aspnet_state - ok
10:15:31.0330 0x25d8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:15:31.0408 0x25d8 AsyncMac - ok
10:15:31.0424 0x25d8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
10:15:31.0455 0x25d8 atapi - ok
10:15:31.0533 0x25d8 [ 8BF2F7453BA6233F76A45FB1E73B7419, B427E1BBBFF977BB12DC0FF5CBD8FC19693989EA68B74875A7CA4B82E0974664 ] ati2mtag C:\Windows\system32\DRIVERS\ati2mtag.sys
10:15:31.0673 0x25d8 ati2mtag - ok
10:15:31.0720 0x25d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:15:31.0829 0x25d8 AudioEndpointBuilder - ok
10:15:31.0861 0x25d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:15:31.0939 0x25d8 AudioSrv - ok
10:15:31.0970 0x25d8 [ EC13E07DFD6313A43E561F90EAF46520, D0DAAA8F632916513D933C413B51E99516E9654D83E1EE5D08FA3ECC514DA429 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:15:32.0032 0x25d8 b06bdrv - ok
10:15:32.0048 0x25d8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:15:32.0126 0x25d8 b57nd60a - ok
10:15:32.0313 0x25d8 [ 956312403ADA3C0EA0193F27C3453B00, DCC875D01A5A412865EB76CC8812741526471419153BA7560F6636A201A4471C ] BackupExecAgentAccelerator C:\Program Files\Symantec\Backup Exec\beremote.exe
10:15:32.0469 0x25d8 BackupExecAgentAccelerator - ok
10:15:32.0500 0x25d8 [ 1B186103F2B63520486DC9CB35F1F8C7, D1106F62D7A6FBE9A89AE63CDC8F11D0A9AF20D8E315715F0F95168D15E90F71 ] BackupExecAgentBrowser C:\Program Files\Symantec\Backup Exec\benetns.exe
10:15:32.0563 0x25d8 BackupExecAgentBrowser - ok
10:15:32.0672 0x25d8 [ D12A3BB6ECABD4C162646F928B52421B, 40FB8F9A8AFB03F986F7B016F9D55F3F2FF8F4929CB947CF8399D6FE0B5E946F ] BackupExecDeviceMediaService C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
10:15:32.0890 0x25d8 BackupExecDeviceMediaService - ok
10:15:33.0249 0x25d8 [ BC63AE602D4D28740A072C00BECB537E, 7F76DDD16F5E8443799A180B45FE5F104EE77A3BA62510A34B1959B14F41B78C ] BackupExecJobEngine C:\Program Files\Symantec\Backup Exec\bengine.exe
10:15:33.0717 0x25d8 BackupExecJobEngine - ok
10:15:33.0748 0x25d8 [ 3400BEED1863EDA26585E4BD6DAD7E5D, 2BE9FE5607046603EF1F70F0D80D008CA666766B9CBFC885EFECEBD0107053F4 ] BackupExecManagementService C:\Program Files\Symantec\Backup Exec\BackupExecManagementService.exe
10:15:33.0795 0x25d8 BackupExecManagementService - ok
10:15:34.0279 0x25d8 [ EEDF10107ED030F545792BB37968D6E5, B221910E21CAF139C3098AC29B0423A1C04A8D7F670668180DDB8C9B10E4D6CB ] BackupExecRPCService C:\Program Files\Symantec\Backup Exec\beserver.exe
10:15:34.0840 0x25d8 BackupExecRPCService - ok
10:15:34.0903 0x25d8 [ AF62DB604E6A516BB9D51F454E2FA83D, 0316BD7A845C3402F0360057F583844E63F12451834AB32F301F9FF881146886 ] bedbg C:\Program Files\Symantec\Backup Exec\bedbg.exe
10:15:34.0949 0x25d8 bedbg - ok
10:15:34.0949 0x25d8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
10:15:35.0012 0x25d8 Beep - ok
10:15:35.0059 0x25d8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
10:15:35.0137 0x25d8 BFE - ok
10:15:35.0183 0x25d8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
10:15:35.0293 0x25d8 BITS - ok
10:15:35.0293 0x25d8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:15:35.0339 0x25d8 blbdrive - ok
10:15:35.0417 0x25d8 [ 00D323119C9413F028D9D821DE5E5A35, 40E5F27D6078F3F6DA7FA3A41DF60F4DC2E718CC185372C19ED041D55365D0F7 ] bmdrvr C:\Windows\syswow64\drivers\bmdrvr.sys
10:15:35.0449 0x25d8 bmdrvr - ok
10:15:35.0495 0x25d8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:15:35.0558 0x25d8 bowser - ok
10:15:35.0573 0x25d8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:15:35.0605 0x25d8 BrFiltLo - ok
10:15:35.0605 0x25d8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:15:35.0651 0x25d8 BrFiltUp - ok
10:15:35.0667 0x25d8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
10:15:35.0714 0x25d8 Browser - ok
10:15:35.0745 0x25d8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:15:35.0807 0x25d8 Brserid - ok
10:15:35.0807 0x25d8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:15:35.0854 0x25d8 BrSerWdm - ok
10:15:35.0854 0x25d8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:15:35.0901 0x25d8 BrUsbMdm - ok
10:15:35.0901 0x25d8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:15:35.0932 0x25d8 BrUsbSer - ok
10:15:35.0948 0x25d8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:15:36.0026 0x25d8 cdfs - ok
10:15:36.0041 0x25d8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:15:36.0073 0x25d8 cdrom - ok
10:15:36.0088 0x25d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
10:15:36.0166 0x25d8 CertPropSvc - ok
10:15:36.0197 0x25d8 [ 1D86BCBF440222A8D7A71AAEE6CEE622, A4C1B602979AC2817C0148C40B0899A3A92C6FC05E78A317AEAEBAD3A810B746 ] CIMnotify C:\Windows\system32\CIMntfy\cimntfy.exe
10:15:36.0229 0x25d8 CIMnotify - ok
10:15:36.0244 0x25d8 [ 8B7F0717692A2B312A0B4A2BC340945E, 723365F70F38FE9198628582728A8F9EF45D45CA5F5730EF80A304B726FE898E ] Cissesrv C:\Program Files\HP\Cissesrv\cissesrv.exe
10:15:36.0291 0x25d8 Cissesrv - detected UnsignedFile.Multi.Generic ( 1 )
10:15:38.0881 0x25d8 Detect skipped due to KSN trusted
10:15:38.0881 0x25d8 Cissesrv - ok
10:15:39.0146 0x25d8 [ 1242EA8B64A2DF756E81835227F9CA39, 5BBFF3A5794E060E752FDFEC8CC0E263AD05A37D6CA75113F2DEF96E3E53E4A1 ] Citrix Licensing C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
10:15:39.0583 0x25d8 Citrix Licensing - ok
10:15:39.0692 0x25d8 [ B99A1E5A2895DA310EE79E089880BCBE, CC00068106CC6C5B0E6D0C97446F7130D9C5866D19560B0A0595A90131920062 ] Citrix_GTLicensingProv C:\Program Files (x86)\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe
10:15:40.0035 0x25d8 Citrix_GTLicensingProv - ok
10:15:40.0066 0x25d8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
10:15:40.0113 0x25d8 CLFS - ok
10:15:40.0160 0x25d8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:15:40.0253 0x25d8 clr_optimization_v2.0.50727_32 - ok
10:15:40.0300 0x25d8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:15:40.0331 0x25d8 clr_optimization_v2.0.50727_64 - ok
10:15:40.0425 0x25d8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:15:40.0612 0x25d8 clr_optimization_v4.0.30319_32 - ok
10:15:40.0737 0x25d8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:15:40.0768 0x25d8 clr_optimization_v4.0.30319_64 - ok
10:15:40.0784 0x25d8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:15:40.0815 0x25d8 CmBatt - ok
10:15:40.0831 0x25d8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:15:40.0862 0x25d8 cmdide - ok
10:15:40.0893 0x25d8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
10:15:40.0955 0x25d8 CNG - ok
10:15:40.0971 0x25d8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:15:41.0002 0x25d8 Compbatt - ok
10:15:41.0018 0x25d8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:15:41.0049 0x25d8 CompositeBus - ok
10:15:41.0065 0x25d8 COMSysApp - ok
10:15:41.0096 0x25d8 [ 06305C7828757661D94F7B062FA7568A, A57A02E36DE5844860C49583A62A127F1F6BA688B15DB5482C048F48395383C8 ] CpqNicMgmt C:\Windows\system32\CPQNiMgt\cpqnimgt.exe
10:15:41.0127 0x25d8 CpqNicMgmt - detected UnsignedFile.Multi.Generic ( 1 )
10:15:43.0545 0x25d8 Detect skipped due to KSN trusted
10:15:43.0545 0x25d8 CpqNicMgmt - ok
10:15:43.0561 0x25d8 [ EF8811C87B1BB1DC0CF002829565BD8E, A16CAB46A0F0F23881E1B6DE5230C0F126BBEB022AD0A9EA7EEDCBEA498E582A ] CpqRcmc3 C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
10:15:43.0607 0x25d8 CpqRcmc3 - ok
10:15:43.0623 0x25d8 [ D1EAFA0F8F4FF31A544F43110E6CDA8B, 88BA30258AA5638E2259C3F656EFF3A47427C9F6CFA8D4BC29A170F32AD0A2BA ] CPQTeam C:\Windows\system32\DRIVERS\cpqteam.sys
10:15:43.0685 0x25d8 CPQTeam - ok
10:15:43.0701 0x25d8 [ D1EAFA0F8F4FF31A544F43110E6CDA8B, 88BA30258AA5638E2259C3F656EFF3A47427C9F6CFA8D4BC29A170F32AD0A2BA ] CPQTeamMP C:\Windows\system32\DRIVERS\cpqteam.sys
10:15:43.0732 0x25d8 CPQTeamMP - ok
10:15:43.0795 0x25d8 [ 006F9EE40221BF3D6694A0AC8EA1C349, 9FB5D8AC3429381ED8C1319F4320D901AD8626B7E5A5DD342B662CF313430743 ] cpqvcagent C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
10:15:43.0997 0x25d8 cpqvcagent - detected UnsignedFile.Multi.Generic ( 1 )
10:15:46.0587 0x25d8 Detect skipped due to KSN trusted
10:15:46.0587 0x25d8 cpqvcagent - ok
10:15:46.0587 0x25d8 [ 6FA8F2E59D979B7EC0DBAF9573BAD73F, 0E74D654941DC216F471196768AA7600A5C1D54F999A2993E6E855FB72A58FEE ] CqMgHost C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe
10:15:46.0618 0x25d8 CqMgHost - ok
10:15:46.0634 0x25d8 [ 85EB5199EAF181AA11083CAC63A6BF4A, 1317E39F0388B54010A50BC230B0D2357E15E8896E03014850F99C434F8052BB ] CqMgServ C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe
10:15:46.0665 0x25d8 CqMgServ - ok
10:15:46.0696 0x25d8 [ 0C2B01DE6352EB79D75AE302081FD922, 345645DC220B9530380E8F1B6A507B7454DDDB4BD7DC0A5C07CD6B207E0054BD ] CqMgStor C:\Windows\system32\CpqMgmt\cqmgstor\cqmgstor.exe
10:15:46.0727 0x25d8 CqMgStor - detected UnsignedFile.Multi.Generic ( 1 )
10:15:49.0146 0x25d8 Detect skipped due to KSN trusted
10:15:49.0146 0x25d8 CqMgStor - ok
10:15:49.0146 0x25d8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:15:49.0192 0x25d8 crcdisk - ok
10:15:49.0208 0x25d8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:15:49.0270 0x25d8 CryptSvc - ok
10:15:49.0286 0x25d8 [ E8F562FDBE2EB2D8C95137925CDD9F85, 38DF1DCFA34BA671043042C99D7C37379DEA1B53264981745ECA2A4F22264E13 ] CtxLSPortSvc C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe
10:15:49.0426 0x25d8 CtxLSPortSvc - ok
10:15:49.0458 0x25d8 [ BF62FF663AE55E4ED99DE76881C2C0F1, 87018B61B2310558EB9C96887D92FA5ED06B9A4D69999F6B6F7BDD2D486FAA0D ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
10:15:49.0489 0x25d8 ctxusbm - ok
10:15:49.0520 0x25d8 [ 05515E104AAE4FDB3DC66384FF745024, 4A426ADA9E008D4FE3A791E2FCF879282D2E697198089516247C04BB0E989D84 ] Datascrn C:\Windows\system32\drivers\datascrn.sys
10:15:49.0536 0x25d8 Datascrn - ok
10:15:49.0567 0x25d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:15:49.0660 0x25d8 DcomLaunch - ok
10:15:49.0692 0x25d8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
10:15:49.0785 0x25d8 defragsvc - ok
10:15:49.0816 0x25d8 [ CBD618F73F32DA9F8A63D3B3E8DF12A9, C6723D47334BBE2FF918BBFBD2E0999A42DADE8E9F9D8DC0B07AFB48431CD4B2 ] Dfs C:\Windows\system32\dfssvc.exe
10:15:49.0879 0x25d8 Dfs - ok
10:15:49.0894 0x25d8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:15:49.0972 0x25d8 DfsC - ok
10:15:49.0988 0x25d8 [ FFFE7EF57BD8C93AB3076B340FAE0830, 37AF7F29AB1D4445E978A13E63525C472830E6FAB5111B6BA321AF742335B5EC ] DfsDriver C:\Windows\system32\drivers\dfs.sys
10:15:50.0019 0x25d8 DfsDriver - ok
10:15:50.0191 0x25d8 [ C087263545318AA5007C46F79CA7509B, F492312BC59EEFFA11C51EA14F06EF7CF36F6E68C42EFDFB60FA723C237D9D4C ] DFSR C:\Windows\system32\DFSRs.exe
10:15:50.0409 0x25d8 DFSR - ok
10:15:50.0440 0x25d8 [ E66B02FC5250331BAAC1CAE2111D1288, 5D2C947F343E8DF3588CEB46C6F2F326AFEDBBC2B114DE85058B8CD08C2A4776 ] DfsrRo C:\Windows\system32\drivers\dfsrro.sys
10:15:50.0472 0x25d8 DfsrRo - ok
10:15:50.0503 0x25d8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:15:50.0550 0x25d8 Dhcp - ok
10:15:50.0628 0x25d8 [ E31F0BD0D7AB8207C24D5F9F336B1C1F, 85A9C8A7EB726B8033C3E143073662F4325AEA7A9C7945B472A8195A0BF6FAE5 ] DHCPServer C:\Windows\System32\dhcpssvc.dll
10:15:50.0706 0x25d8 DHCPServer - ok
10:15:50.0721 0x25d8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
10:15:50.0799 0x25d8 discache - ok
10:15:50.0815 0x25d8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:15:50.0846 0x25d8 Disk - ok
10:15:50.0877 0x25d8 [ AAAF242737F26627774A4CD55CD85FCE, F364948900B08DEAA532B8147A281AD1A51334F92925DAA43CFD7C7566598AB6 ] DNS C:\Windows\system32\dns.exe
10:15:51.0049 0x25d8 DNS - ok
10:15:51.0080 0x25d8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:15:51.0142 0x25d8 Dnscache - ok
10:15:51.0174 0x25d8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
10:15:51.0267 0x25d8 dot3svc - ok
10:15:51.0283 0x25d8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
10:15:51.0361 0x25d8 DPS - ok
10:15:51.0486 0x25d8 [ 15B9A45F74FB5E8EC388E5A9F5FAD725, 9395F415E1BE2FE7C66EFF7412F3B1DDB8B1BBC96E9AE23A94A09BBA6748CF12 ] DWAuthenticationServer D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe
10:15:51.0517 0x25d8 DWAuthenticationServer - detected UnsignedFile.Multi.Generic ( 1 )
10:15:54.0044 0x25d8 DWAuthenticationServer ( UnsignedFile.Multi.Generic ) - warning
10:15:56.0696 0x25d8 DWCONNECTtoToshiba - ok
10:15:56.0790 0x25d8 [ E9F92C9D69768F5805115ABDFE332B64, 83CEBEA11FCA4C6399DF57F85992297F59CFE0500D80C93352C9E5BD561DB301 ] DWContentServer D:\Programme\DocuWare\Content Server\DWContentServer.exe
10:15:56.0836 0x25d8 DWContentServer - detected UnsignedFile.Multi.Generic ( 1 )
10:15:59.0270 0x25d8 DWContentServer ( UnsignedFile.Multi.Generic ) - warning
10:15:59.0270 0x25d8 Force sending object to P2P due to detect: DWContentServer
10:16:01.0969 0x25d8 Object send P2P result: true
10:16:04.0418 0x25d8 [ 2A1FEE52326B1670B89B39BBFAE8982A, 01F0F0531886DDE22D11782518A8DF0B580DA443AA1EA16602BBB42732C613EB ] DWDesktopService C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe
10:16:04.0480 0x25d8 DWDesktopService - detected UnsignedFile.Multi.Generic ( 1 )
10:16:06.0883 0x25d8 Detect skipped due to KSN trusted
10:16:06.0883 0x25d8 DWDesktopService - ok
10:16:07.0008 0x25d8 [ 431A7756D382776FA4BBBD026CB5F56A, B7602F2F5BBC04BA33EA805A51F9F82FECFADBAA0750E257EAFEC3C73F57CEFA ] DWImagingService D:\Programme\DocuWare\Imaging Server\DWImagingService.exe
10:16:07.0054 0x25d8 DWImagingService - detected UnsignedFile.Multi.Generic ( 1 )
10:16:09.0488 0x25d8 DWImagingService ( UnsignedFile.Multi.Generic ) - warning
10:16:09.0488 0x25d8 Force sending object to P2P due to detect: DWImagingService
10:16:13.0294 0x25d8 Object send P2P result: true
10:16:15.0900 0x25d8 [ 41B71DB055EACF58FE7637026D340549, 9CF4E4E4A4E01A767F27249B635263DCBD00F8303516DDC65B2787998099F2BA ] DWJobProcessor D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe
10:16:15.0978 0x25d8 DWJobProcessor - detected UnsignedFile.Multi.Generic ( 1 )
10:16:18.0567 0x25d8 DWJobProcessor ( UnsignedFile.Multi.Generic ) - warning
10:16:21.0017 0x25d8 DWMySQL - ok
10:16:21.0063 0x25d8 [ A40552D17C3E2C1D4EBDC3D1F842F127, 1A40474A0ABDEAD72178FBE5A9C6E5687C1C78A1023104D6F10D6000C6AAF034 ] DWNotificationServer D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe
10:16:21.0095 0x25d8 DWNotificationServer - detected UnsignedFile.Multi.Generic ( 1 )
10:16:23.0513 0x25d8 DWNotificationServer ( UnsignedFile.Multi.Generic ) - warning
10:16:25.0962 0x25d8 [ F37E05E8E78F671E298EB07278121D88, 1ED908BEAB985142520D803D1E583592BD159CF3CF02E5C96DF67895AE4D3DC0 ] DWOCRService D:\Programme\DocuWare\OCR Service\DWOCRService.exe
10:16:26.0024 0x25d8 DWOCRService - detected UnsignedFile.Multi.Generic ( 1 )
10:16:28.0645 0x25d8 DWOCRService ( UnsignedFile.Multi.Generic ) - warning
10:16:31.0125 0x25d8 [ F7F39AA3D996CCB00F5B616497792E04, 56A4E7669AC36AAA27FE285FC19919B0C60360E6331ED423EA3FB1DA38C74082 ] DWThumbnailServer D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe
10:16:31.0172 0x25d8 DWThumbnailServer - detected UnsignedFile.Multi.Generic ( 1 )
10:16:33.0762 0x25d8 DWThumbnailServer ( UnsignedFile.Multi.Generic ) - warning
10:16:36.0273 0x25d8 [ 6F69CF54E348877332F0FA2232C87745, BC7828F4E1D80D0BF9FC4E73026382E31CA2CBCA7D861F761266928DAA5EA8DC ] DWTomcat D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe
10:16:36.0398 0x25d8 DWTomcat - detected UnsignedFile.Multi.Generic ( 1 )
10:16:38.0847 0x25d8 Detect skipped due to KSN trusted
10:16:38.0847 0x25d8 DWTomcat - ok
10:16:38.0879 0x25d8 [ 2EC23C4E06B43670BBA8AB90CD723F81, 01F94CF2707471222D4EC0537FAE5656556280D3DF783B360C2E40FD76201D78 ] DWUploadService C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe
10:16:38.0957 0x25d8 DWUploadService - detected UnsignedFile.Multi.Generic ( 1 )
10:16:41.0359 0x25d8 DWUploadService ( UnsignedFile.Multi.Generic ) - warning
10:16:43.0839 0x25d8 [ FEFB13E4FE67F57CE754E0EA2B8284AC, 72C02551AF812C1803B3CF03AA98704BF81582E459F200E2F3F4EE9120496F68 ] DWWebService D:\Programme\DocuWare\Web Service Server\DWWebService.exe
10:16:43.0902 0x25d8 DWWebService - detected UnsignedFile.Multi.Generic ( 1 )
10:16:46.0335 0x25d8 DWWebService ( UnsignedFile.Multi.Generic ) - warning
10:16:46.0335 0x25d8 Force sending object to P2P due to detect: DWWebService
10:16:48.0863 0x25d8 Object send P2P result: true
10:16:51.0406 0x25d8 [ F5AEBD042FA10382E68A433BFBF23B16, 9F495E1FD7F1F61D7F817D371286E16DB34300B97FBA1EBF5F3D3B24127A8A00 ] DWWorkflowServer D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe
10:16:51.0468 0x25d8 DWWorkflowServer - detected UnsignedFile.Multi.Generic ( 1 )
10:16:54.0058 0x25d8 DWWorkflowServer ( UnsignedFile.Multi.Generic ) - warning
10:16:56.0507 0x25d8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:16:56.0585 0x25d8 DXGKrnl - ok
10:16:56.0616 0x25d8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
10:16:56.0678 0x25d8 EapHost - ok
10:16:56.0819 0x25d8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:16:57.0006 0x25d8 ebdrv - ok
10:16:57.0022 0x25d8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
10:16:57.0068 0x25d8 EFS - ok
10:16:57.0100 0x25d8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:16:57.0146 0x25d8 elxstor - ok
10:16:57.0178 0x25d8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:16:57.0209 0x25d8 ErrDev - ok
10:16:57.0256 0x25d8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
10:16:57.0349 0x25d8 EventSystem - ok
10:16:57.0365 0x25d8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
10:16:57.0443 0x25d8 exfat - ok
10:16:57.0458 0x25d8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:16:57.0521 0x25d8 fastfat - ok
10:16:57.0536 0x25d8 [ F30A540AF561BAD1DD1A074738ED1CDA, B26400F54DB40A658DEAA4B1B877093B84036A0EB451C060BAD12EA869D6B1DB ] FCRegSvc C:\Windows\system32\FCRegSvc.dll
10:16:57.0599 0x25d8 FCRegSvc - ok
10:16:57.0614 0x25d8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:16:57.0646 0x25d8 fdc - ok
10:16:57.0661 0x25d8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
10:16:57.0724 0x25d8 fdPHost - ok
10:16:57.0739 0x25d8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
10:16:57.0817 0x25d8 FDResPub - ok
10:16:57.0817 0x25d8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:16:57.0848 0x25d8 FileInfo - ok
10:16:57.0864 0x25d8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:16:57.0942 0x25d8 Filetrace - ok
10:16:57.0958 0x25d8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:16:58.0004 0x25d8 flpydisk - ok
10:16:58.0020 0x25d8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:16:58.0082 0x25d8 FltMgr - ok
10:16:58.0129 0x25d8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
10:16:58.0223 0x25d8 FontCache - ok
10:16:58.0238 0x25d8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:16:58.0301 0x25d8 FontCache3.0.0.0 - ok
10:16:58.0301 0x25d8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:16:58.0348 0x25d8 FsDepends - ok
10:16:58.0363 0x25d8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:16:58.0394 0x25d8 Fs_Rec - ok
10:16:58.0394 0x25d8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:16:58.0426 0x25d8 gagp30kx - ok
10:16:58.0472 0x25d8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
10:16:58.0582 0x25d8 gpsvc - ok
10:16:58.0613 0x25d8 [ 957419DDC40A3A47D1E8413CC439AF4A, 9A39CEBA98DD49AFA2BC54208DB0B438A42D7AB801EB941D5936B58C06545F04 ] hcmon C:\Windows\system32\drivers\hcmon.sys
10:16:58.0628 0x25d8 hcmon - ok
10:16:58.0644 0x25d8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:16:58.0691 0x25d8 HDAudBus - ok
10:16:58.0706 0x25d8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:16:58.0738 0x25d8 HidBatt - ok
10:16:58.0738 0x25d8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
10:16:58.0816 0x25d8 hidserv - ok
10:16:58.0831 0x25d8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:16:58.0878 0x25d8 HidUsb - ok
10:16:58.0894 0x25d8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:16:58.0956 0x25d8 hkmsvc - ok
10:16:58.0972 0x25d8 [ 64F1B1D6DFA66F59F552864B4FBE7680, FAD3AD792DE91577F03A962F78CFCE300724FAFC3218A741CEC837D3CA68EB21 ] HpCISSs2 C:\Windows\system32\DRIVERS\HpCISSs2.sys
10:16:59.0003 0x25d8 HpCISSs2 - ok
10:16:59.0003 0x25d8 [ 59BEBC0B6EDA09D4E8904E6A81B7D7C1, 2FB700E7756AE01C243C905CCE291CD60D73A7D05B4293F24DDCD2D17F0A3FBB ] hplto C:\Windows\system32\DRIVERS\hplto.sys
10:16:59.0034 0x25d8 hplto - ok
10:16:59.0050 0x25d8 [ AD8729A3EB494EF3A8EDC4C91095271D, FAF37C101722500887AFB111A5F7A9D5485C655CA4EF170C057C57FFC472D383 ] hpqilo3chif C:\Windows\system32\DRIVERS\hpqilo3chif.sys
10:16:59.0065 0x25d8 hpqilo3chif - ok
10:16:59.0096 0x25d8 [ 8CAC1CECD22BF47B290E74403B0B6537, 09845658D977BB46D9A7DBB437101ED08185CED4E9397896D997158313246638 ] hpqilo3core C:\Windows\system32\DRIVERS\hpqilo3core.sys
10:16:59.0112 0x25d8 hpqilo3core - ok
10:16:59.0128 0x25d8 [ AD46F0BC4EF7565E15BDF011979477BD, 0720D5671A666DC191C308B8B570C4B44B5CF5E719AE706189078EC6DECE2C64 ] hpqilo3whea C:\Windows\system32\DRIVERS\hpqilo3whea.sys
10:16:59.0159 0x25d8 hpqilo3whea - ok
10:16:59.0174 0x25d8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:16:59.0206 0x25d8 HpSAMD - ok
10:16:59.0237 0x25d8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:16:59.0346 0x25d8 HTTP - ok
10:16:59.0362 0x25d8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:16:59.0393 0x25d8 hwpolicy - ok
10:16:59.0408 0x25d8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:16:59.0440 0x25d8 i8042prt - ok
10:16:59.0471 0x25d8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:16:59.0533 0x25d8 iaStorV - ok
10:16:59.0580 0x25d8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:16:59.0642 0x25d8 idsvc - ok
10:16:59.0658 0x25d8 IEEtwCollectorService - ok
10:16:59.0689 0x25d8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:16:59.0705 0x25d8 iirsp - ok
10:16:59.0736 0x25d8 [ AB55B8A9B13130F638546881CE4425F8, 8427E67BE02ECABAA3F0C48BD4205BCBD4C978B48AE4E7336DA5821DFC49029E ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
10:16:59.0798 0x25d8 IISADMIN - ok
10:16:59.0845 0x25d8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
10:16:59.0908 0x25d8 IKEEXT - ok
10:16:59.0939 0x25d8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
10:16:59.0970 0x25d8 intelide - ok
10:16:59.0970 0x25d8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:17:00.0032 0x25d8 intelppm - ok
10:17:00.0032 0x25d8 [ FF0FB51A0ACC2E2D0D412138A05A0B59, 6F4DAE1DF486FF6893683568D0342F201356844727C94147B18D147886574C72 ] ioatdma C:\Windows\System32\Drivers\qd260x64.sys
10:17:00.0064 0x25d8 ioatdma - ok
10:17:00.0079 0x25d8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:17:00.0142 0x25d8 IPBusEnum - ok
10:17:00.0157 0x25d8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:17:00.0235 0x25d8 IpFilterDriver - ok
10:17:00.0266 0x25d8 [ F49F39620FDCAB02D12F5F28602CA636, 2686DDF20A9F962F8AC7986322A0DD89ECA99D8F27ACEB093A5862A44A1AAF88 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:17:00.0344 0x25d8 iphlpsvc - ok
10:17:00.0360 0x25d8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:17:00.0407 0x25d8 IPMIDRV - ok
10:17:00.0422 0x25d8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:17:00.0485 0x25d8 IPNAT - ok
10:17:00.0500 0x25d8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:17:00.0516 0x25d8 isapnp - ok
10:17:00.0547 0x25d8 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:17:00.0578 0x25d8 iScsiPrt - ok
10:17:00.0610 0x25d8 [ 50FC561231A9B1EFD2B47625BE4272B3, EF8D16D4E5F2E54EE0D3FF97B9757977150760F57B0B7F58D6154B000D1B88D5 ] IsmServ C:\Windows\System32\ismserv.exe
10:17:00.0656 0x25d8 IsmServ - ok
10:17:00.0688 0x25d8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:17:00.0703 0x25d8 kbdclass - ok
10:17:00.0719 0x25d8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:17:00.0766 0x25d8 kbdhid - ok
10:17:00.0781 0x25d8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] kdc C:\Windows\System32\lsass.exe
10:17:00.0812 0x25d8 kdc - ok
10:17:00.0812 0x25d8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
10:17:00.0844 0x25d8 KeyIso - ok
10:17:00.0859 0x25d8 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:17:00.0890 0x25d8 KSecDD - ok
10:17:00.0906 0x25d8 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:17:00.0937 0x25d8 KSecPkg - ok
10:17:00.0937 0x25d8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:17:01.0000 0x25d8 ksthunk - ok
10:17:01.0031 0x25d8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
10:17:01.0109 0x25d8 KtmRm - ok
10:17:01.0124 0x25d8 [ 1926299DABD3DB8AF4E456368791AC0A, 6D9D25FA24C9D8387374881D57C7924143633C40560A35E06ECCBE7B873809A2 ] l2nd C:\Windows\system32\DRIVERS\bxnd60a.sys
10:17:01.0140 0x25d8 l2nd - ok
10:17:01.0171 0x25d8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:17:01.0234 0x25d8 LanmanServer - ok
10:17:01.0249 0x25d8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:17:01.0312 0x25d8 LanmanWorkstation - ok
10:17:01.0483 0x25d8 [ E34152D03CAAAAA81DD66D803F392522, 9AE2F553D59E1267D64E4450F6A488370650A56B1BECD21B365F0034B639BF69 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:17:01.0951 0x25d8 LiveUpdate - ok
10:17:01.0967 0x25d8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:17:02.0029 0x25d8 lltdio - ok
10:17:02.0060 0x25d8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:17:02.0138 0x25d8 lltdsvc - ok
10:17:02.0138 0x25d8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:17:02.0201 0x25d8 lmhosts - ok
10:17:02.0216 0x25d8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:17:02.0248 0x25d8 LSI_FC - ok
10:17:02.0263 0x25d8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:17:02.0294 0x25d8 LSI_SAS - ok
10:17:02.0310 0x25d8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:17:02.0341 0x25d8 LSI_SAS2 - ok
10:17:02.0357 0x25d8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:17:02.0388 0x25d8 LSI_SCSI - ok
10:17:02.0404 0x25d8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
10:17:02.0466 0x25d8 luafv - ok
10:17:02.0497 0x25d8 [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
10:17:02.0544 0x25d8 mbamchameleon - ok
10:17:02.0560 0x25d8 [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
10:17:02.0591 0x25d8 MBAMSwissArmy - ok
10:17:02.0606 0x25d8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:17:02.0653 0x25d8 megasas - ok
10:17:02.0669 0x25d8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:17:02.0700 0x25d8 MegaSR - ok
10:17:02.0716 0x25d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
10:17:02.0794 0x25d8 MMCSS - ok
10:17:02.0794 0x25d8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
10:17:02.0856 0x25d8 Modem - ok
10:17:02.0856 0x25d8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:17:02.0887 0x25d8 monitor - ok
10:17:02.0903 0x25d8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
10:17:02.0934 0x25d8 mouclass - ok
10:17:02.0934 0x25d8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:17:02.0981 0x25d8 mouhid - ok
10:17:02.0996 0x25d8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:17:03.0043 0x25d8 mountmgr - ok
10:17:03.0059 0x25d8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
10:17:03.0090 0x25d8 mpio - ok
10:17:03.0106 0x25d8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:17:03.0184 0x25d8 mpsdrv - ok
10:17:03.0215 0x25d8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:17:03.0308 0x25d8 MpsSvc - ok
10:17:03.0340 0x25d8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:17:03.0386 0x25d8 mrxsmb - ok
10:17:03.0449 0x25d8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:17:03.0496 0x25d8 mrxsmb10 - ok
10:17:03.0511 0x25d8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:17:03.0558 0x25d8 mrxsmb20 - ok
10:17:03.0558 0x25d8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
10:17:03.0589 0x25d8 msahci - ok
10:17:03.0605 0x25d8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:17:03.0636 0x25d8 msdsm - ok
10:17:03.0652 0x25d8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
10:17:03.0698 0x25d8 MSDTC - ok
10:17:03.0730 0x25d8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:17:03.0792 0x25d8 Msfs - ok
10:17:03.0792 0x25d8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:17:03.0854 0x25d8 mshidkmdf - ok
10:17:03.0870 0x25d8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:17:03.0901 0x25d8 msisadrv - ok
10:17:03.0917 0x25d8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:17:03.0995 0x25d8 MSiSCSI - ok
10:17:03.0995 0x25d8 msiserver - ok
10:17:04.0010 0x25d8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:17:04.0057 0x25d8 MsRPC - ok
10:17:04.0073 0x25d8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:17:04.0104 0x25d8 mssmbios - ok
10:17:04.0120 0x25d8 MSSQL$BKUPEXEC - ok
10:17:04.0151 0x25d8 [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:17:04.0198 0x25d8 MSSQLServerADHelper - ok
10:17:04.0198 0x25d8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:17:04.0229 0x25d8 MTConfig - ok
10:17:04.0244 0x25d8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
10:17:04.0276 0x25d8 Mup - ok
10:17:04.0307 0x25d8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
10:17:04.0385 0x25d8 napagent - ok
10:17:04.0432 0x25d8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
10:17:04.0525 0x25d8 NDIS - ok
10:17:04.0556 0x25d8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:17:04.0619 0x25d8 NdisCap - ok
10:17:04.0634 0x25d8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:17:04.0697 0x25d8 NdisTapi - ok
10:17:04.0697 0x25d8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:17:04.0775 0x25d8 Ndisuio - ok
10:17:04.0790 0x25d8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:17:04.0853 0x25d8 NdisWan - ok
10:17:04.0868 0x25d8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:17:04.0931 0x25d8 NDProxy - ok
10:17:04.0931 0x25d8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:17:04.0993 0x25d8 NetBIOS - ok
10:17:05.0009 0x25d8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:17:05.0087 0x25d8 NetBT - ok
10:17:05.0102 0x25d8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
10:17:05.0134 0x25d8 Netlogon - ok
10:17:05.0149 0x25d8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
10:17:05.0227 0x25d8 Netman - ok
10:17:05.0243 0x25d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:05.0321 0x25d8 NetMsmqActivator - ok
10:17:05.0321 0x25d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:05.0399 0x25d8 NetPipeActivator - ok
10:17:05.0430 0x25d8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
10:17:05.0539 0x25d8 netprofm - ok
10:17:05.0555 0x25d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:05.0617 0x25d8 NetTcpActivator - ok
10:17:05.0633 0x25d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:05.0695 0x25d8 NetTcpPortSharing - ok
10:17:05.0711 0x25d8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:17:05.0726 0x25d8 nfrd960 - ok
10:17:05.0758 0x25d8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:17:05.0820 0x25d8 NlaSvc - ok
10:17:05.0836 0x25d8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:17:05.0882 0x25d8 Npfs - ok
10:17:05.0898 0x25d8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
10:17:05.0960 0x25d8 nsi - ok
10:17:05.0976 0x25d8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:17:06.0038 0x25d8 nsiproxy - ok
10:17:06.0038 0x25d8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] NTDS C:\Windows\System32\lsass.exe
10:17:06.0070 0x25d8 NTDS - ok
10:17:06.0116 0x25d8 [ 20C9F6D2A8449D00C72ABA9ECF6959F6, 957B297DCD26D5E9722A140119F81DE1CBDA1361FD16E3FAC80593C8E0A7B595 ] NtFrs C:\Windows\system32\ntfrs.exe
10:17:06.0226 0x25d8 NtFrs - ok
10:17:06.0288 0x25d8 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:17:06.0397 0x25d8 Ntfs - ok
10:17:06.0413 0x25d8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
10:17:06.0475 0x25d8 Null - ok
10:17:06.0506 0x25d8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:17:06.0538 0x25d8 nvraid - ok
10:17:06.0569 0x25d8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:17:06.0600 0x25d8 nvstor - ok
10:17:06.0616 0x25d8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:17:06.0647 0x25d8 nv_agp - ok
10:17:06.0662 0x25d8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:17:06.0694 0x25d8 ohci1394 - ok
10:17:06.0709 0x25d8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:17:06.0740 0x25d8 Parport - ok
10:17:06.0756 0x25d8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:17:06.0787 0x25d8 partmgr - ok
10:17:06.0803 0x25d8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
10:17:06.0850 0x25d8 pci - ok
10:17:06.0865 0x25d8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
10:17:06.0881 0x25d8 pciide - ok
10:17:06.0912 0x25d8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:17:06.0943 0x25d8 pcmcia - ok
10:17:06.0959 0x25d8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
10:17:06.0974 0x25d8 pcw - ok
10:17:07.0006 0x25d8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:17:07.0099 0x25d8 PEAUTH - ok
10:17:07.0130 0x25d8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:17:07.0177 0x25d8 PerfHost - ok
10:17:07.0240 0x25d8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
10:17:07.0396 0x25d8 pla - ok
10:17:07.0442 0x25d8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:17:07.0505 0x25d8 PlugPlay - ok
10:17:07.0552 0x25d8 [ F485770EEC8959684CC4C4786B63C06C, 34ECC6D83782A2F8E9E32456F3C6C527999283775626C772D0354D232A10604A ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:17:07.0598 0x25d8 Pml Driver HPZ12 - ok
10:17:07.0645 0x25d8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:17:07.0723 0x25d8 PolicyAgent - ok
10:17:07.0754 0x25d8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
10:17:07.0832 0x25d8 Power - ok
10:17:07.0848 0x25d8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:17:07.0910 0x25d8 PptpMiniport - ok
10:17:07.0926 0x25d8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:17:07.0957 0x25d8 Processor - ok
10:17:07.0973 0x25d8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
10:17:08.0020 0x25d8 ProfSvc - ok
10:17:08.0051 0x25d8 [ EF8811C87B1BB1DC0CF002829565BD8E, A16CAB46A0F0F23881E1B6DE5230C0F126BBEB022AD0A9EA7EEDCBEA498E582A ] ProLiantMonitor C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
10:17:08.0082 0x25d8 ProLiantMonitor - ok
10:17:08.0098 0x25d8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:17:08.0113 0x25d8 ProtectedStorage - ok
10:17:08.0144 0x25d8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:17:08.0207 0x25d8 Psched - ok
10:17:08.0269 0x25d8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:17:08.0363 0x25d8 ql2300 - ok
10:17:08.0378 0x25d8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:17:08.0425 0x25d8 ql40xx - ok
10:17:08.0441 0x25d8 [ 6BA43DAA24BE55DB3741732550584D24, 0A4BAA5EFB0257AC00BD3BF9DC9B76557EC3B15A7118E0F64C67CD5AF63DEF9F ] Quota C:\Windows\system32\drivers\quota.sys
10:17:08.0472 0x25d8 Quota - ok
10:17:08.0488 0x25d8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:17:08.0550 0x25d8 RasAcd - ok
10:17:08.0566 0x25d8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:17:08.0628 0x25d8 RasAgileVpn - ok
10:17:08.0644 0x25d8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
10:17:08.0706 0x25d8 RasAuto - ok
10:17:08.0722 0x25d8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:17:08.0800 0x25d8 Rasl2tp - ok
10:17:08.0815 0x25d8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
10:17:08.0893 0x25d8 RasMan - ok
10:17:08.0909 0x25d8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:17:08.0971 0x25d8 RasPppoe - ok
10:17:08.0987 0x25d8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:17:09.0034 0x25d8 RasSstp - ok
10:17:09.0065 0x25d8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:17:09.0143 0x25d8 rdbss - ok
10:17:09.0158 0x25d8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:17:09.0190 0x25d8 rdpbus - ok
10:17:09.0205 0x25d8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:17:09.0268 0x25d8 RDPCDD - ok
10:17:09.0283 0x25d8 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:17:09.0330 0x25d8 RDPDR - ok
10:17:09.0346 0x25d8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:17:09.0408 0x25d8 RDPENCDD - ok
10:17:09.0424 0x25d8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:17:09.0486 0x25d8 RDPREFMP - ok
10:17:09.0517 0x25d8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:17:09.0564 0x25d8 RDPWD - ok
10:17:09.0580 0x25d8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:17:09.0642 0x25d8 RemoteAccess - ok
10:17:09.0658 0x25d8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:17:09.0736 0x25d8 RemoteRegistry - ok
10:17:09.0736 0x25d8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:17:09.0798 0x25d8 RpcEptMapper - ok
10:17:09.0814 0x25d8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
10:17:09.0845 0x25d8 RpcLocator - ok
10:17:09.0876 0x25d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
10:17:09.0954 0x25d8 RpcSs - ok
10:17:09.0970 0x25d8 [ 551EF8EFA329F5E27A16D2793123943A, 2F11CB51AD7CE79245382D67515A3083251941406E4CCB5FB858B07ABDF7BDC2 ] RSoPProv C:\Windows\system32\RSoPProv.exe
10:17:10.0016 0x25d8 RSoPProv - ok
10:17:10.0016 0x25d8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:17:10.0079 0x25d8 rspndr - ok
10:17:10.0094 0x25d8 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:17:10.0141 0x25d8 s3cap - ok
10:17:10.0157 0x25d8 [ D65E5E5C59F70516E856F5350106CDAB, 0064EA6C6C18A3286180B1BCFFED15A8091960710B47CE7C9C1A5C144E773C10 ] sacdrv C:\Windows\system32\DRIVERS\sacdrv.sys
10:17:10.0188 0x25d8 sacdrv - ok
10:17:10.0204 0x25d8 [ 1F8597C49E2F6FEAE04ED4E3D978465B, 88BBB8DBD1369B33F1D662CD7F2214282CD6E2AE8809D88AE63D9D80660549A3 ] sacsvr C:\Windows\system32\sacsvr.dll
10:17:10.0235 0x25d8 sacsvr - ok
10:17:10.0250 0x25d8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
10:17:10.0266 0x25d8 SamSs - ok
10:17:10.0282 0x25d8 [ B136E29C89CD7234DEC1A4104E5D30CC, 59B534D928EA77B904380679C701EC56A964E5039F69ED1A7372A95E215A9144 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
10:17:10.0313 0x25d8 Samsung UPD Service2 - detected UnsignedFile.Multi.Generic ( 1 )
10:17:12.0731 0x25d8 Detect skipped due to KSN trusted
10:17:12.0731 0x25d8 Samsung UPD Service2 - ok
10:17:12.0840 0x25d8 [ 791EE9F4A82FC4E13133F107C1C4C286, F7B9E57D08EF68B17ADF70C2D1F7623EAE13CAADE5ACFF4CD54FB89DFDEAD9C6 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
10:17:12.0918 0x25d8 SAVAdminService - ok
10:17:12.0949 0x25d8 [ 54C1EDAE9DF790450A73F5CF42CBEEEC, FF2BB46F1EBCAF567B313A210A599B1794A5FAF1C766EC96F33A694B0EABF3E6 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
10:17:12.0980 0x25d8 SAVOnAccess - ok
10:17:13.0012 0x25d8 [ D99F39D77432D1E979C1D918597C8A3E, 738740DB028B9A9838466714914A844AF72A669BAE1243123780F2C2FCD132CC ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
10:17:13.0074 0x25d8 SAVService - ok
10:17:13.0090 0x25d8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:17:13.0121 0x25d8 sbp2port - ok
10:17:13.0136 0x25d8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:17:13.0230 0x25d8 SCardSvr - ok
10:17:13.0246 0x25d8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:17:13.0308 0x25d8 scfilter - ok
10:17:13.0355 0x25d8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
10:17:13.0480 0x25d8 Schedule - ok
10:17:13.0495 0x25d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:17:13.0558 0x25d8 SCPolicySvc - ok
10:17:13.0558 0x25d8 [ F9C5C693E9080232DDF2DC060C46CA5A, F1CE6B19B7AB098B0E1A4649775402CB52A00B85B4A8906F505AFA26108CAEE0 ] SCSIChanger C:\Windows\system32\DRIVERS\scsichng.sys
10:17:13.0573 0x25d8 SCSIChanger - ok
10:17:13.0589 0x25d8 [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
10:17:13.0620 0x25d8 sdcfilter - ok
10:17:13.0620 0x25d8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:17:13.0682 0x25d8 secdrv - ok
10:17:13.0698 0x25d8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
10:17:13.0745 0x25d8 seclogon - ok
10:17:13.0760 0x25d8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
10:17:13.0823 0x25d8 SENS - ok
10:17:13.0838 0x25d8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:17:13.0870 0x25d8 Serenum - ok
10:17:13.0885 0x25d8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:17:13.0916 0x25d8 Serial - ok
10:17:13.0932 0x25d8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:17:13.0963 0x25d8 sermouse - ok
10:17:13.0979 0x25d8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
10:17:14.0057 0x25d8 SessionEnv - ok
10:17:14.0072 0x25d8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:17:14.0104 0x25d8 sffdisk - ok
10:17:14.0119 0x25d8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:17:14.0150 0x25d8 sffp_mmc - ok
10:17:14.0166 0x25d8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:17:14.0197 0x25d8 sffp_sd - ok
10:17:14.0213 0x25d8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:17:14.0244 0x25d8 sfloppy - ok
10:17:14.0275 0x25d8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:17:14.0338 0x25d8 SharedAccess - ok
10:17:14.0369 0x25d8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:17:14.0447 0x25d8 ShellHWDetection - ok
10:17:14.0462 0x25d8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:17:14.0494 0x25d8 SiSRaid2 - ok
10:17:14.0494 0x25d8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:17:14.0525 0x25d8 SiSRaid4 - ok
10:17:14.0556 0x25d8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:17:14.0618 0x25d8 Smb - ok
10:17:14.0634 0x25d8 [ CA62AE004E98374BF7F082CD765EEA02, A53243F4B9D798802CD6673EA9D7DC245F26A2216172DAD53547B9BC4D5DBA77 ] SNMP C:\Windows\System32\snmp.exe
10:17:14.0696 0x25d8 SNMP - ok
10:17:14.0712 0x25d8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:17:14.0743 0x25d8 SNMPTRAP - ok
10:17:14.0774 0x25d8 [ 186A143AD978CF166F03EC1A923CB313, 1CC746FEC16F1CD4851C371FE15DA07102F9802A4D0123F9FA4E197B191E7404 ] Sophos Agent C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
10:17:14.0852 0x25d8 Sophos Agent - ok
10:17:14.0884 0x25d8 [ BEBFF064A8DC3C2FF634B7CFDCF6778B, DB49FDBB625112EFABC9E893DB61DD2E92F1BD06191450C33BF95FCEF0F415AA ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
10:17:14.0962 0x25d8 Sophos AutoUpdate Service - ok
10:17:15.0024 0x25d8 [ 7A2107245AA6B9FC0807C6A7B0DA7122, 878F6C1FE8C325B56A8B09423A8EA16918B1570F5161BE6DA34D5CBD1418C953 ] Sophos Message Router C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
10:17:15.0118 0x25d8 Sophos Message Router - ok
10:17:15.0180 0x25d8 [ E26625A4A22E5BADF495B8FB613F27AD, C040328B0838A1DD2F5E12863611B3755681697D1ADA2F0C014694762B4F8F72 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
10:17:15.0320 0x25d8 Sophos Web Control Service - ok
10:17:15.0336 0x25d8 [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
10:17:15.0352 0x25d8 SophosBootDriver - ok
10:17:15.0383 0x25d8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
10:17:15.0445 0x25d8 spldr - ok
10:17:15.0476 0x25d8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
10:17:15.0539 0x25d8 Spooler - ok
10:17:15.0664 0x25d8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
10:17:15.0882 0x25d8 sppsvc - ok
10:17:15.0898 0x25d8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:17:15.0960 0x25d8 sppuinotify - ok
10:17:15.0991 0x25d8 [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:17:16.0334 0x25d8 SQLBrowser - ok
10:17:16.0366 0x25d8 [ 3C432A96363097870995E2A3C8B66ABD, AA0AE0935FC5317FE93D7D3C3B9A6B2E026915D07704AF3E36F14FEA8595F4A6 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:17:16.0397 0x25d8 SQLWriter - ok
10:17:16.0412 0x25d8 [ B66BBEC79EB75E62A2E3060587B383D6, 671F3529AF7ADC7F96F9137551812FF9937015C2F95DB168962BE2FF69E9C66F ] SrmReports C:\Windows\system32\srmhost.exe
10:17:16.0475 0x25d8 SrmReports - ok
10:17:16.0631 0x25d8 [ DFFA4DAFAF52E9D9AA1CCF95CE04FBF0, E7C8D4A90D4F311520D6441F9CE7EB9BE5EC30B9119EB135616D80A2B34F9F31 ] SrmSvc C:\Windows\system32\srmsvc.dll
10:17:16.0802 0x25d8 SrmSvc - ok
10:17:16.0834 0x25d8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:17:16.0896 0x25d8 srv - ok
10:17:16.0927 0x25d8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:17:17.0005 0x25d8 srv2 - ok
10:17:17.0021 0x25d8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:17:17.0068 0x25d8 srvnet - ok
10:17:17.0083 0x25d8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:17:17.0161 0x25d8 SSDPSRV - ok
10:17:17.0177 0x25d8 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
10:17:17.0208 0x25d8 SSPORT - ok
10:17:17.0208 0x25d8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:17:17.0286 0x25d8 SstpSvc - ok
10:17:17.0302 0x25d8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:17:17.0317 0x25d8 stexstor - ok
10:17:17.0333 0x25d8 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:17:17.0380 0x25d8 storflt - ok
10:17:17.0395 0x25d8 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:17:17.0426 0x25d8 storvsc - ok
10:17:17.0442 0x25d8 [ 3F863F5A957305E30EFCFF7742F9B5C9, 77B41F714A4AB16D47924CE8D4C0571A1B7B1B027D8E310669D64D1E23CA3698 ] storvsp C:\Windows\system32\drivers\storvsp.sys
10:17:17.0504 0x25d8 storvsp - ok
10:17:17.0520 0x25d8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
10:17:17.0551 0x25d8 swenum - ok
10:17:17.0676 0x25d8 [ 5399E281726EAF0307EBF804A693ED40, 0AE45B2ECE26A87BF0E535AFDC7376EED2A7645C8CC810BE9D6D1330199BE28E ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
10:17:17.0879 0x25d8 swi_service - ok
10:17:17.0972 0x25d8 [ A298C4D7C94C79D40739E89F9D8CE65E, 6C716C3E95637048613CEBFEDB38EB4AFFBE9287A53A3C6979EE4B8F5BCBEC78 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
10:17:18.0113 0x25d8 swi_update_64 - ok
10:17:18.0144 0x25d8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
10:17:18.0222 0x25d8 swprv - ok
10:17:18.0253 0x25d8 [ EF8811C87B1BB1DC0CF002829565BD8E, A16CAB46A0F0F23881E1B6DE5230C0F126BBEB022AD0A9EA7EEDCBEA498E582A ] sysdown C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
10:17:18.0284 0x25d8 sysdown - ok
10:17:18.0378 0x25d8 [ F8BACE0FB758C9BFE2E8F624D328B974, 5FA1E89FD75F0A88988A22B141C32F55559877F54D7627B93424DE85B2A3F5D9 ] SysMgmtHp C:\hp\hpsmh\bin\smhstart.exe
10:17:18.0503 0x25d8 SysMgmtHp - detected UnsignedFile.Multi.Generic ( 1 )
10:17:21.0108 0x25d8 Detect skipped due to KSN trusted
10:17:21.0108 0x25d8 SysMgmtHp - ok
10:17:21.0139 0x25d8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
10:17:21.0217 0x25d8 TapiSrv - ok
10:17:21.0233 0x25d8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
10:17:21.0295 0x25d8 TBS - ok
10:17:21.0389 0x25d8 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:17:21.0514 0x25d8 Tcpip - ok
10:17:21.0592 0x25d8 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:17:21.0685 0x25d8 TCPIP6 - ok
10:17:21.0701 0x25d8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:17:21.0748 0x25d8 tcpipreg - ok
10:17:21.0763 0x25d8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:17:21.0794 0x25d8 TDPIPE - ok
10:17:21.0810 0x25d8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:17:21.0841 0x25d8 TDTCP - ok
10:17:21.0857 0x25d8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:17:21.0919 0x25d8 tdx - ok
10:17:21.0935 0x25d8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
10:17:21.0966 0x25d8 TermDD - ok
10:17:21.0997 0x25d8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
10:17:22.0091 0x25d8 TermService - ok
10:17:22.0122 0x25d8 [ 5FAB8204F034C743D77540DFBD99B00F, C062B1AD32DAC728987A4F70BF6CB06C6B5DD5265D486D3D139F1A9872D32101 ] TermServLicensing C:\Windows\System32\lserver.dll
10:17:22.0200 0x25d8 TermServLicensing - ok
10:17:22.0216 0x25d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
10:17:22.0262 0x25d8 THREADORDER - ok
10:17:22.0278 0x25d8 [ E1D560A9EA07E5B2337E98F98271C52A, F93D5F9F60D5B463E9DC0224B767A3D31864833625FFECDD9B18D20B5C855E71 ] tpfilter C:\Windows\system32\DRIVERS\tpfilter.sys
10:17:22.0309 0x25d8 tpfilter - ok
10:17:22.0497 0x25d8 [ 464422ABA3B057CBCE156BCA0BA61879, 55BF2459F6DA9504A57BB321A99D2A55D58E7E8027E714D38C7A01C964C6AFCD ] TrileadVMXService C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe
10:17:22.0746 0x25d8 TrileadVMXService - ok
10:17:22.0777 0x25d8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
10:17:22.0855 0x25d8 TrkWks - ok
10:17:22.0871 0x25d8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:17:22.0933 0x25d8 TrustedInstaller - ok
10:17:22.0949 0x25d8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:17:22.0980 0x25d8 tssecsrv - ok
10:17:23.0011 0x25d8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:17:23.0058 0x25d8 TsUsbFlt - ok
10:17:23.0074 0x25d8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:17:23.0136 0x25d8 tunnel - ok
10:17:23.0152 0x25d8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:17:23.0183 0x25d8 uagp35 - ok
10:17:23.0214 0x25d8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:17:23.0292 0x25d8 udfs - ok
10:17:23.0308 0x25d8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:17:23.0339 0x25d8 UI0Detect - ok
10:17:23.0355 0x25d8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:17:23.0386 0x25d8 uliagpkx - ok
10:17:23.0417 0x25d8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
10:17:23.0448 0x25d8 umbus - ok
10:17:23.0464 0x25d8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:17:23.0511 0x25d8 UmPass - ok
10:17:23.0526 0x25d8 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
10:17:23.0589 0x25d8 UmRdpService - ok
10:17:23.0604 0x25d8 [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
10:17:23.0635 0x25d8 UnlockerDriver5 - ok
10:17:23.0651 0x25d8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
10:17:23.0729 0x25d8 upnphost - ok
10:17:23.0745 0x25d8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:17:23.0807 0x25d8 usbccgp - ok
10:17:23.0823 0x25d8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:17:23.0854 0x25d8 usbehci - ok
10:17:23.0885 0x25d8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:17:23.0916 0x25d8 usbhub - ok
10:17:23.0932 0x25d8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:17:23.0963 0x25d8 usbohci - ok
10:17:23.0994 0x25d8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:17:24.0025 0x25d8 usbprint - ok
10:17:24.0041 0x25d8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
10:17:24.0088 0x25d8 USBSTOR - ok
10:17:24.0103 0x25d8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:17:24.0135 0x25d8 usbuhci - ok
10:17:24.0150 0x25d8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
10:17:24.0213 0x25d8 UxSms - ok
10:17:24.0213 0x25d8 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
10:17:24.0244 0x25d8 VaultSvc - ok
10:17:24.0259 0x25d8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:17:24.0275 0x25d8 vdrvroot - ok
10:17:24.0306 0x25d8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
10:17:24.0384 0x25d8 vds - ok
10:17:24.0400 0x25d8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:17:24.0415 0x25d8 vga - ok
10:17:24.0431 0x25d8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:17:24.0493 0x25d8 VgaSave - ok
10:17:24.0509 0x25d8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:17:24.0540 0x25d8 vhdmp - ok
10:17:24.0556 0x25d8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
10:17:24.0587 0x25d8 viaide - ok
10:17:24.0603 0x25d8 [ 1720D283BDB1EAA7F21976586FF52B95, B5B8C33EC9C7D4EB18FA1C590AE873344FB04289D7CECF4AC320F2843C66CE13 ] Vid C:\Windows\system32\drivers\Vid.sys
10:17:24.0665 0x25d8 Vid - ok
10:17:24.0681 0x25d8 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:17:24.0712 0x25d8 vmbus - ok
10:17:24.0727 0x25d8 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:17:24.0759 0x25d8 VMBusHID - ok
10:17:24.0805 0x25d8 [ E4E8B62F06B95A07DB75E0846BB453ED, FCE36479C6E83DD640EDB61C6779B5F41A22952A201C62B7F34C56AB85A6FF77 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
10:17:24.0883 0x25d8 VMUSBArbService - ok
10:17:24.0946 0x25d8 [ CF0472151FCB01E36A3DFAF2548A318A, 121DC6A2241B4E6BA94899AAF837239129DE583B21ADCAA268883679AF481868 ] vmware-converter-agent C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
10:17:25.0008 0x25d8 vmware-converter-agent - ok
10:17:25.0039 0x25d8 [ C54DD83F674F98791F56CCEF236112D1, CD00DE8220D1838039E4A28A7BC5E59A33A0B4C0CEA2045CF13848A017F97D3D ] vmware-converter-server C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
10:17:25.0117 0x25d8 vmware-converter-server - ok
10:17:25.0149 0x25d8 [ C54DD83F674F98791F56CCEF236112D1, CD00DE8220D1838039E4A28A7BC5E59A33A0B4C0CEA2045CF13848A017F97D3D ] vmware-converter-worker C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
10:17:25.0227 0x25d8 vmware-converter-worker - ok
10:17:25.0242 0x25d8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:17:25.0273 0x25d8 volmgr - ok
10:17:25.0289 0x25d8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:17:25.0336 0x25d8 volmgrx - ok
10:17:25.0351 0x25d8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:17:25.0398 0x25d8 volsnap - ok
10:17:25.0414 0x25d8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:17:25.0445 0x25d8 vsmraid - ok
10:17:25.0523 0x25d8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
10:17:25.0648 0x25d8 VSS - ok
10:17:25.0679 0x25d8 [ 466035B87BDA6CE1A4575400101588AC, 06CBEA3E7EBB7EFEB624496EBEF5CEF865AB3DE1C3752C1DCBA590D8F6C2624A ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
10:17:25.0710 0x25d8 vstor2-mntapi10-shared - ok
10:17:25.0741 0x25d8 [ E7CE8988B98202A5CF429CA358D26CC5, 773E38E263D2EB179E8767809ED4B98CDECEA4BD970AAE0BB31FD6D219E5E079 ] vstor2-mntapi20-shared C:\Windows\syswow64\drivers\vstor2-mntapi20-shared.sys
10:17:25.0757 0x25d8 vstor2-mntapi20-shared - ok
10:17:25.0788 0x25d8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
10:17:25.0866 0x25d8 W32Time - ok
10:17:25.0929 0x25d8 [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
10:17:25.0975 0x25d8 W3SVC - ok
10:17:25.0991 0x25d8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:17:26.0022 0x25d8 WacomPen - ok
10:17:26.0022 0x25d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:17:26.0085 0x25d8 WANARP - ok
10:17:26.0100 0x25d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:17:26.0147 0x25d8 Wanarpv6 - ok
10:17:26.0178 0x25d8 [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
10:17:26.0225 0x25d8 WAS - ok
10:17:26.0225 0x25d8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:17:26.0272 0x25d8 WcsPlugInService - ok
10:17:26.0287 0x25d8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:17:26.0303 0x25d8 Wd - ok
10:17:26.0350 0x25d8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:17:26.0412 0x25d8 Wdf01000 - ok
10:17:26.0428 0x25d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:17:26.0506 0x25d8 WdiServiceHost - ok
10:17:26.0506 0x25d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:17:26.0553 0x25d8 WdiSystemHost - ok
10:17:26.0568 0x25d8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:17:26.0631 0x25d8 Wecsvc - ok
10:17:26.0646 0x25d8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:17:26.0709 0x25d8 wercplsupport - ok
10:17:26.0724 0x25d8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
10:17:26.0787 0x25d8 WerSvc - ok
10:17:26.0802 0x25d8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:17:26.0849 0x25d8 WfpLwf - ok
10:17:26.0865 0x25d8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:17:26.0880 0x25d8 WIMMount - ok
10:17:26.0896 0x25d8 WinHttpAutoProxySvc - ok
10:17:26.0958 0x25d8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:17:27.0021 0x25d8 Winmgmt - ok
10:17:27.0114 0x25d8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
10:17:27.0255 0x25d8 WinRM - ok
10:17:27.0286 0x25d8 [ 06224AC48324DE444A60443C64B96384, FECFED0541AA05095741DAB510AEE17A3A2E2181AEFBE3180CBF80C6AD057FA5 ] WINS C:\Windows\System32\wins.exe
10:17:27.0395 0x25d8 WINS - ok
10:17:27.0426 0x25d8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:17:27.0473 0x25d8 WmiAcpi - ok
10:17:27.0489 0x25d8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:17:27.0535 0x25d8 wmiApSrv - ok
10:17:27.0551 0x25d8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:17:27.0598 0x25d8 WPDBusEnum - ok
10:17:27.0613 0x25d8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:17:27.0676 0x25d8 ws2ifsl - ok
10:17:27.0769 0x25d8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
10:17:27.0925 0x25d8 wuauserv - ok
10:17:27.0957 0x25d8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:17:28.0003 0x25d8 WudfPf - ok
10:17:28.0019 0x25d8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:17:28.0050 0x25d8 wudfsvc - ok
10:17:28.0081 0x25d8 ================ Scan global ===============================
10:17:28.0081 0x25d8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:17:28.0113 0x25d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:17:28.0128 0x25d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:17:28.0144 0x25d8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:17:28.0159 0x25d8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:17:28.0175 0x25d8 [ Global ] - ok
10:17:28.0175 0x25d8 ================ Scan MBR ==================================
10:17:28.0175 0x25d8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:17:28.0347 0x25d8 \Device\Harddisk0\DR0 - ok
10:17:28.0347 0x25d8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:17:28.0908 0x25d8 \Device\Harddisk1\DR1 - ok
10:17:28.0908 0x25d8 ================ Scan VBR ==================================
10:17:28.0908 0x25d8 [ AFC804820C4F5A1915C8591C1E63E258 ] \Device\Harddisk0\DR0\Partition1
10:17:28.0908 0x25d8 \Device\Harddisk0\DR0\Partition1 - ok
10:17:28.0924 0x25d8 [ BECD656F09CF05B35488E54158B123A5 ] \Device\Harddisk1\DR1\Partition1
10:17:28.0955 0x25d8 \Device\Harddisk1\DR1\Partition1 - ok
10:17:28.0955 0x25d8 ================ Scan generic autorun ======================
10:17:28.0955 0x25d8 [ C6D3E462A2331B3B3C2788B116379530, 3179A48815A129036959CFEF485A3B0E1AB4610661213214F1D4C5EF14171FD1 ] C:\Program Files\HP\NCU\cpqteam.exe
10:17:28.0986 0x25d8 CPQTEAM - ok
10:17:28.0986 0x25d8 Seagull Drivers - ok
10:17:29.0017 0x25d8 [ 69BAFF14B123A5BE0A599294818F2EB3, C0072C882EEAA75505AB52017D15052C0D321A5DAC26F9639319706BD674A99B ] C:\DW4\tm2start.exe
10:17:29.0064 0x25d8 TM2Start - detected UnsignedFile.Multi.Generic ( 1 )
10:17:31.0482 0x25d8 TM2Start ( UnsignedFile.Multi.Generic ) - warning
10:17:33.0963 0x25d8 [ 6503AF9D81F9E088C1260D609FA8757D, 62F5094BDC3A1D40E028D372331FD1FF86E5DC5C4BC16C419A836D7E5EEF5193 ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
10:17:34.0025 0x25d8 ConnectionCenter - ok
10:17:34.0087 0x25d8 [ 75B4040FAC6803825F3CE77D7A812B38, 168DE6C1005B070E9EB5037F411C066AE7C062938D10C7101D589B861EFFA1C6 ] C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe
10:17:34.0571 0x25d8 NSCSysTrayUI - detected UnsignedFile.Multi.Generic ( 1 )
10:17:35.0273 0x306c Object required for P2P: [ 464422ABA3B057CBCE156BCA0BA61879 ] TrileadVMXService
10:17:37.0176 0x25d8 NSCSysTrayUI ( UnsignedFile.Multi.Generic ) - warning
10:17:37.0909 0x306c Object send P2P result: true
10:17:39.0781 0x25d8 [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10:17:39.0875 0x25d8 SunJavaUpdateSched - ok
10:17:39.0953 0x25d8 [ FABF67C8EC45DB0D5874B191BAEC0E2F, 031BF0540DFE35A3D587105F210081B610CC33E1495E529F5EF45FC80FC7684E ] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
10:17:40.0218 0x25d8 Sophos AutoUpdate Monitor - ok
10:17:40.0218 0x25d8 Waiting for KSN requests completion. In queue: 2
10:17:41.0232 0x25d8 Waiting for KSN requests completion. In queue: 2
10:17:42.0246 0x25d8 Waiting for KSN requests completion. In queue: 2
10:17:43.0338 0x25d8 Win FW state via NFP2: disabled
10:17:45.0975 0x25d8 ============================================================
10:17:45.0975 0x25d8 Scan finished
10:17:45.0975 0x25d8 ============================================================
10:17:45.0990 0x39d0 Detected object count: 12
10:17:45.0990 0x39d0 Actual detected object count: 12
10:18:41.0059 0x39d0 DWAuthenticationServer ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0059 0x39d0 DWAuthenticationServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0059 0x39d0 DWContentServer ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0059 0x39d0 DWContentServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0059 0x39d0 DWImagingService ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0059 0x39d0 DWImagingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0059 0x39d0 DWJobProcessor ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0059 0x39d0 DWJobProcessor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0059 0x39d0 DWNotificationServer ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0059 0x39d0 DWNotificationServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0059 0x39d0 DWOCRService ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0059 0x39d0 DWOCRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0074 0x39d0 DWThumbnailServer ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0074 0x39d0 DWThumbnailServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0074 0x39d0 DWUploadService ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0074 0x39d0 DWUploadService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0074 0x39d0 DWWebService ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0074 0x39d0 DWWebService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0074 0x39d0 DWWorkflowServer ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0074 0x39d0 DWWorkflowServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0074 0x39d0 TM2Start ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0074 0x39d0 TM2Start ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:41.0090 0x39d0 NSCSysTrayUI ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:41.0090 0x39d0 NSCSysTrayUI ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.05.2015, 09:50
| #49 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Die Logs dürften i.O. sein. Mach mal bitte einen FRST-Fix auf dem DC: FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\System32\daewte.wo
cmd: del C:\Windows\Tasks\At?.job
cmd: del C:\Windows\Tasks\At??.job
cmd: del C:\Windows\System32\Tasks\At?.job
cmd: del C:\Windows\System32\Tasks\At??.job
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.05.2015, 10:12
| #50 |
| | W32/Confick-O Datei rkqunq.z in System32Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by administrator at 2015-05-28 10:55:34 Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator (Available Profiles: administrator & Classic .NET AppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Windows\System32\daewte.wo
cmd: del C:\Windows\Tasks\At?.job
cmd: del C:\Windows\Tasks\At??.job
cmd: del C:\Windows\System32\Tasks\At?.job
cmd: del C:\Windows\System32\Tasks\At??.job
EmptyTemp:
*****************
"C:\Windows\System32\daewte.wo" => File/Folder not found.
========= del C:\Windows\Tasks\At?.job =========
========= End of CMD: =========
========= del C:\Windows\Tasks\At??.job =========
========= End of CMD: =========
========= del C:\Windows\System32\Tasks\At?.job =========
C:\Windows\System32\Tasks\At?.job konnte nicht gefunden werden
========= End of CMD: =========
========= del C:\Windows\System32\Tasks\At??.job =========
C:\Windows\System32\Tasks\At??.job konnte nicht gefunden werden
========= End of CMD: =========
EmptyTemp: => Removed 2.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog 10:55:58 ====
|
|
28.05.2015, 10:20
| #51 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 DC wurde rebootet? Wenn ja: frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken. 
__________________ --> W32/Confick-O Datei rkqunq.z in System32 |
|
28.05.2015, 10:27
| #52 |
| | W32/Confick-O Datei rkqunq.z in System32 DC wurde rebootet, ja. addition.txt haken ist schon standard gesetzt. FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by administrator (administrator) on DC on 28-05-2015 11:22:59
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator (Available Profiles: administrator & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beremote.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bedbg.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
() C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
(Hewlett-Packard Company) C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe
(Citrix Systems, Inc) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe
(DocuWare AG) D:\Programme\DocuWare\Imaging Server\DWImagingService.exe
(DocuWare AG) D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe
() D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
(DocuWare AG) D:\Programme\DocuWare\OCR Service\DWOCRService.exe
(Apache Software Foundation) D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe
(DocuWare AG) D:\Programme\DocuWare\Web Service Server\DWWebService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(Microsoft) C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Microsoft Corporation) C:\Windows\System32\WINS.EXE
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
(Hewlett-Packard Company) C:\Windows\System32\CPQNiMgt\cpqnimgt.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgstor\cqmgstor.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(DocuWare AG) D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe
(DocuWare AG) D:\Programme\DocuWare\Content Server\DWContentServer.exe
(DocuWare AG) D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe
(DocuWare AG) D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe
(DocuWare AG) D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beserver.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmghost\cqmghost.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\benetns.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe
(DocuWare AG) C:\DW4\Tm2start.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Samsung) C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DocuWare AG) D:\Programme\DocuWare\Service Control\DocuWare.ServiceControl.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\Plugins\Scanner\DocuWare.Desktop.CaptureService.Host.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [73728 2010-04-27] (Hewlett-Packard Company)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM-x32\...\Run: [TM2Start] => C:\DW4\tm2start.exe [40960 2003-10-14] (DocuWare AG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [NSCSysTrayUI] => C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2009-04-09] (Samsung)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-01-30] (Sophos Limited)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-2786933937-3664791864-901090552-500\...\MountPoints2: {696c30f9-c176-11df-b2c9-806e6f6e6963} - E:\Browser.exe
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-05-26] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-05-26] (Sophos Limited)
Lsa: [Notification Packages] scecli rassfm
SecurityProviders: credssp.dll, pwdssp.dll, pwdssp.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackGroundInfo (Autostart).lnk [2014-02-24]
ShortcutTarget: BackGroundInfo (Autostart).lnk -> C:\Program Files\BackGroundInfo\BackGroundInfo.exe (Bryce Cogswell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare Desktop.lnk [2013-08-08]
ShortcutTarget: DocuWare Desktop.lnk -> C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe (DocuWare AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare ServiceControl.lnk [2011-08-09]
ShortcutTarget: DocuWare ServiceControl.lnk -> C:\Windows\Installer\{209B0652-2701-412D-9914-6889D95E90F6}\DocuWare.ServiceControl.exe (DocuWare AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2786933937-3664791864-901090552-500] => 10.49.10.99:8080
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://localhost:8083/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-17] (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1285946169091
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: hpapp - No CLSID Value
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Tcpip\..\Interfaces\{21072504-8B08-48CB-B084-C90577A620E5}: [NameServer] 127.0.0.1,10.49.10.99
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.0 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2010-05-14] (Microsoft Corp)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.1 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2010-05-14] (Microsoft Corp)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2013-03-19] (VMware, Inc.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [487424 2013-01-25] (Microsoft Corporation)
R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\beremote.exe [1816696 2010-12-08] (Symantec Corporation)
R2 BackupExecAgentBrowser; C:\Program Files\Symantec\Backup Exec\benetns.exe [542536 2010-06-29] (Symantec Corporation)
R2 BackupExecDeviceMediaService; C:\Program Files\Symantec\Backup Exec\pvlsvr.exe [2492784 2011-04-11] (Symantec Corporation)
R2 BackupExecJobEngine; C:\Program Files\Symantec\Backup Exec\bengine.exe [10835312 2011-06-27] (Symantec Corporation)
S3 BackupExecManagementService; C:\Program Files\Symantec\Backup Exec\BackupExecManagementService.exe [124232 2010-07-08] (Symantec Corporation)
R2 BackupExecRPCService; C:\Program Files\Symantec\Backup Exec\beserver.exe [11384688 2011-05-23] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\bedbg.exe [359240 2010-06-29] (Symantec Corporation)
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [268392 2010-05-26] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [167424 2010-03-19] (Hewlett-Packard Company) [File not signed]
R2 Citrix Licensing; C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe [6907144 2009-07-02] ()
S3 Citrix_GTLicensingProv; C:\Program Files (x86)\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe [1836464 2010-02-22] (Citrix Systems, Inc.)
R2 CpqNicMgmt; C:\Windows\system32\CPQNiMgt\cpqnimgt.exe [9728 2010-04-28] (Hewlett-Packard Company) [File not signed]
R2 CpqRcmc3; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1307648 2010-03-25] (Hewlett-Packard Company) [File not signed]
R2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [15464 2010-05-26] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15464 2010-05-26] (Hewlett-Packard Company)
R2 CqMgStor; C:\Windows\system32\CpqMgmt\cqmgstor\cqmgstor.exe [20992 2010-04-09] (Hewlett-Packard Company) [File not signed]
R2 CtxLSPortSvc; C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe [58800 2010-02-22] (Citrix Systems, Inc.)
R2 Dfs; C:\Windows\system32\dfssvc.exe [377344 2010-11-20] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [4518400 2010-11-20] (Microsoft Corporation)
R2 DHCPServer; C:\Windows\System32\dhcpssvc.dll [729088 2010-11-20] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
R2 DWAuthenticationServer; D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe [24576 2013-07-02] (DocuWare AG) [File not signed]
R2 DWContentServer; D:\Programme\DocuWare\Content Server\DWContentServer.exe [20480 2013-07-02] (DocuWare AG) [File not signed]
R2 DWDesktopService; C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe [26112 2013-07-02] (DocuWare AG) [File not signed]
R2 DWImagingService; D:\Programme\DocuWare\Imaging Server\DWImagingService.exe [14336 2013-07-02] (DocuWare AG) [File not signed]
R2 DWJobProcessor; D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe [15360 2013-07-02] (DocuWare AG) [File not signed]
R2 DWMySQL; D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe [5799936 2009-07-08] () [File not signed]
R2 DWNotificationServer; D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe [9216 2013-07-02] (DocuWare AG) [File not signed]
R2 DWOCRService; D:\Programme\DocuWare\OCR Service\DWOCRService.exe [14848 2013-07-02] (DocuWare AG) [File not signed]
R2 DWThumbnailServer; D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe [8704 2013-07-02] (DocuWare AG) [File not signed]
R2 DWTomcat; D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe [74240 2011-01-10] (Apache Software Foundation) [File not signed]
R2 DWUploadService; C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe [104960 2013-07-02] (DocuWare AG) [File not signed]
R2 DWWebService; D:\Programme\DocuWare\Web Service Server\DWWebService.exe [11776 2013-07-02] (DocuWare AG) [File not signed]
R2 DWWorkflowServer; D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe [20480 2013-07-02] (DocuWare AG) [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2010-11-20] (Microsoft Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-08-18] (Symantec Corporation)
R2 MSSQL$BKUPEXEC; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1020416 2010-11-20] (Microsoft Corporation)
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-26] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-26] (Sophos Limited)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [395560 2015-05-26] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-30] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [1069864 2015-05-26] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-26] (Sophos Limited)
S3 SrmReports; C:\Windows\system32\srmhost.exe [76288 2010-11-20] (Microsoft Corporation)
R2 SrmSvc; C:\Windows\system32\srmsvc.dll [3489792 2010-11-20] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-26] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-26] (Sophos Limited)
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [2041856 2010-01-28] (Hewlett-Packard Company) [File not signed]
R2 TermServLicensing; C:\Windows\System32\lserver.dll [694784 2010-11-20] (Microsoft Corporation)
R2 TrileadVMXService; C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe [4136344 2014-01-07] (Microsoft)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479824 2013-04-09] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WINS; C:\Windows\System32\wins.exe [287744 2011-08-09] (Microsoft Corporation)
S2 DWCONNECTtoToshiba; "D:\Programme\DocuWare\Client\Client Modules\CONNECT to Toshiba\CONNECTtoToshibaServer\DWCONNECTtoToshiba.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2010-02-24] (Hewlett-Packard Company)
R3 CPQTeamMP; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2010-02-24] (Hewlett-Packard Company)
R0 Datascrn; C:\Windows\System32\drivers\datascrn.sys [79936 2009-07-14] (Microsoft Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [51776 2009-07-14] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66944 2010-11-20] (Microsoft Corporation)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [156776 2010-02-22] (Hewlett-Packard Company)
R3 hplto; C:\Windows\System32\DRIVERS\hplto.sys [16384 2009-05-14] (Hewlett-Packard)
R3 hpqilo3chif; C:\Windows\System32\DRIVERS\hpqilo3chif.sys [43112 2010-04-28] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\DRIVERS\hpqilo3core.sys [44648 2010-05-09] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Company)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [83496 2010-04-30] (Broadcom Corporation)
R0 Quota; C:\Windows\System32\drivers\quota.sys [168016 2009-07-14] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-26] (Sophos Limited)
R1 SCSIChanger; C:\Windows\System32\DRIVERS\scsichng.sys [28208 2007-08-23] (Symantec Corporation)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-26] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-26] (Sophos Limited)
U5 Tape; C:\Windows\System32\Drivers\Tape.sys [29184 2009-07-14] (Microsoft Corporation)
R3 tpfilter; C:\Windows\System32\DRIVERS\tpfilter.sys [43568 2010-05-27] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 11:22 - 2015-05-28 11:24 - 00027620 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-05-28 11:16 - 2015-05-28 11:16 - 00001852 _____ () C:\Windows\System32\Tasks\At1
2015-05-28 11:16 - 2015-05-28 11:16 - 00000348 _____ () C:\Windows\Tasks\At1.job
2015-05-28 11:11 - 2015-05-28 11:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2015-05-28 10:14 - 2015-05-28 10:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-28 09:38 - 2015-05-28 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-28 09:38 - 2015-05-28 09:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 09:37 - 2015-05-28 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-28 09:36 - 2015-05-28 10:05 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2015-05-28 09:24 - 2015-05-28 09:24 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.1.1004.exe
2015-05-28 08:51 - 2015-05-28 08:51 - 02108928 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-05-27 15:38 - 2015-05-27 15:38 - 05628291 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2015-05-27 11:20 - 2015-05-28 11:23 - 00000000 ____D () C:\FRST
2015-05-27 09:34 - 2015-05-27 09:34 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-26 23:50 - 2015-05-27 23:59 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-05-26 14:07 - 2015-05-26 14:05 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2015-05-26 14:06 - 2015-05-27 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-26 14:06 - 2015-05-26 14:06 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2015-05-26 14:06 - 2015-05-26 14:06 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2015-05-26 14:06 - 2015-05-26 14:06 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2015-05-26 14:05 - 2015-05-27 09:35 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-26 14:05 - 2015-05-27 09:34 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-26 14:05 - 2015-05-26 14:05 - 00312895 _____ () C:\Users\Administrator\AppData\Local\Temp\avremove.log
2015-05-26 14:05 - 2015-05-26 14:05 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2015-05-26 14:05 - 2015-05-26 14:05 - 00018695 _____ () C:\Users\Administrator\AppData\Local\Temp\Sophos ES setup.log
2015-05-26 14:05 - 2015-05-26 14:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\crt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 11:12 - 2010-09-16 11:44 - 01745107 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 11:12 - 2009-07-14 06:49 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 11:12 - 2009-07-14 06:49 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 11:11 - 2010-09-16 11:56 - 00000000 ____D () C:\Users\Administrator
2015-05-28 11:08 - 2009-09-18 03:52 - 00940408 _____ () C:\Windows\system32\perfh00A.dat
2015-05-28 11:08 - 2009-09-18 03:52 - 00234070 _____ () C:\Windows\system32\perfc00A.dat
2015-05-28 11:08 - 2009-09-18 03:45 - 00903584 _____ () C:\Windows\system32\perfh007.dat
2015-05-28 11:08 - 2009-09-18 03:45 - 00222124 _____ () C:\Windows\system32\perfc007.dat
2015-05-28 11:08 - 2009-09-18 03:39 - 00931962 _____ () C:\Windows\system32\perfh010.dat
2015-05-28 11:08 - 2009-09-18 03:39 - 00219332 _____ () C:\Windows\system32\perfc010.dat
2015-05-28 11:08 - 2009-09-18 03:33 - 00941504 _____ () C:\Windows\system32\perfh00C.dat
2015-05-28 11:08 - 2009-09-18 03:33 - 00223464 _____ () C:\Windows\system32\perfc00C.dat
2015-05-28 11:08 - 2009-07-14 07:10 - 05664028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 11:05 - 2010-10-25 20:22 - 23619413 _____ () C:\Windows\system32\besnmp.TRC
2015-05-28 11:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-28 11:02 - 2010-10-25 20:09 - 00000000 ____D () C:\ProgramData\Symantec
2015-05-28 11:01 - 2011-03-11 14:47 - 00000000 ____D () C:\Windows\system32\dhcp
2015-05-28 11:01 - 2010-10-06 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2015-05-28 11:01 - 2010-09-29 10:53 - 00000000 ____D () C:\Windows\system32\wins
2015-05-28 11:01 - 2010-09-29 10:42 - 00000000 ____D () C:\Windows\system32\lserver
2015-05-28 11:01 - 2010-09-21 16:35 - 00006392 _____ () C:\Windows\system32\config\netlogon.dnb
2015-05-28 11:01 - 2010-09-21 16:35 - 00002293 _____ () C:\Windows\system32\config\netlogon.dns
2015-05-28 11:01 - 2010-09-20 19:57 - 00000000 ____D () C:\Windows\system32\dns
2015-05-28 11:00 - 2010-09-21 16:30 - 00000000 ____D () C:\Windows\NTDS
2015-05-28 11:00 - 2009-07-14 07:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 10:37 - 2012-12-03 15:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 01:43 - 2010-11-04 22:30 - 00000000 ___HD () C:\Backup Exec AOFO Store
2015-05-27 10:08 - 2010-10-25 20:31 - 25060350 _____ () C:\Windows\system32\Dashboard.log
2015-05-26 14:08 - 2011-08-09 11:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\WEC
2015-05-18 17:24 - 2010-10-02 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
2015-05-13 14:52 - 2010-09-16 23:08 - 00240764 _____ () C:\Users\Administrator\Desktop\ADMIN-KONSOLE.msc
2015-05-06 14:55 - 2010-09-27 16:31 - 00012168 _____ () C:\Users\Administrator\volshext.log
==================== Files in the root of some directories =======
2013-08-13 09:56 - 2013-08-13 09:56 - 0646498 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5F5F.txt
2013-08-13 09:56 - 2013-08-13 09:56 - 0031136 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5F5F.txt
2013-08-13 10:05 - 2013-08-13 10:06 - 0431252 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI660B.txt
2013-08-13 10:06 - 2013-08-13 10:07 - 0441992 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI66CF.txt
2013-08-13 10:05 - 2013-08-13 10:06 - 0029772 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI660B.txt
2013-08-13 10:06 - 2013-08-13 10:07 - 0029708 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI66CF.txt
2011-08-09 15:25 - 2011-08-09 15:25 - 0000064 _____ () C:\Users\Administrator\AppData\Local\DW5ReportSettings.xml
2010-09-16 23:10 - 2010-09-16 23:10 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-06-03 12:16 - 2013-06-03 12:16 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 00:02
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by administrator at 2015-05-28 11:24:31
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3840907090-451933650-4095424516-500 - Administrator - Enabled)
Gast (S-1-5-21-3840907090-451933650-4095424516-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
systemroot%\system32\config\systemprofile
=> %systemroot%\system32\config\systemprofile
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.17 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0917-000001000000}) (Version: 9.17.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
Citrix Lizenzierung (HKLM-x32\...\{EE7A694A-15EE-4551-A267-EBF5904DD49D}) (Version: 7.1.10007 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix XenApp Plugin für gehostete Anwendungen (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
DocuWare (HKLM-x32\...\{4B77274C-532A-4324-A9A4-1CAFE884E652}) (Version: 6.1.838.4913 - DocuWare)
DocuWare 4 (HKLM-x32\...\DocuWare) (Version: - )
DocuWare Administration Tool (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Authentication Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client German Language Pack (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare COLD/READ (HKLM-x32\...\COLDREAD) (Version: - )
DocuWare ComponentInit (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Content Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Desktop (HKLM-x32\...\{A03EB08B-C706-4EC9-82FD-ACD9E372AFC4}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Full Text Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Imaging Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Internal Database (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Processor (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Notification Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR Service (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Platform (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Power Tools (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Service Control (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Settings (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare SettingsUI (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Stellent (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Thumbnail Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Update (HKLM-x32\...\{413E5334-A47C-48D9-8553-6389859443EE}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Upload Service (HKLM-x32\...\{582A3535-F4C7-4A58-A37F-1F84EBE0B8E7}) (Version: 6.1.838.4913 - DocuWare)
DocuWare VCET (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Services (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Viewer (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Windows Explorer Client 64 Bit (HKLM\...\{F0ED9BD6-22C4-4D07-89B8-BBC2B2876333}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Workflow Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Array Configuration Utility (HKLM-x32\...\{74C48700-A6A7-4B3D-BD3A-C4E131CDD8E8}) (Version: 8.50.5.0 - Hewlett Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{14A5045C-33EE-4596-AA69-8761611AE8EB}) (Version: 8.50.6.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 8.5.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{B7B52204-2CC8-477A-9C7A-382C31070A62}) (Version: 8.50.0.0 - Hewlett-Packard Company)
HP Lights-Out Online Configuration Utility (HKLM\...\{2E97856A-345A-475D-913C-B8A78406BDF6}) (Version: 3.1.0.0 - Hewlett-Packard Development Company, L.P.)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ProLiant iLO 3 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.0.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{CF222EB4-4EF7-40F4-A62B-A03E214C20DE}) (Version: 5.24.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{0F27A9B5-63FD-43DB-8230-FFE1E9CFE2C4}) (Version: 6.20.0.64 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 6.1.0 - Hewlett-Packard Company)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 6.1.0.842 - Hewlett Packard Development Company, L.P.)
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java SE Development Kit 7 Update 11 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021F0}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Web Platform Installer 2.0 (HKLM\...\{59996900-0E6C-45B7-8C39-C64CB98462E4}) (Version: 2.1.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
Network Scan (HKLM-x32\...\{98357EB8-C10E-414A-A6EC-F3392EA97D35}) (Version: - )
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.2 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Symantec Backup Exec (Hotfix 144101) (HKLM\...\{F2A04230-7059-4CC2-B6EE-EF94F3EBAAE2}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 147674) (HKLM\...\{8032B566-B386-413F-9A10-11F9A35C9B65}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 148347) (HKLM\...\{28602F3D-426C-4719-822F-BE550838034F}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 150096) (HKLM\...\{01FAED90-7E07-4F9D-912A-F5BE34036E3C}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 153090) (HKLM\...\{B248E5CA-CE2E-4BC4-925B-0B2181556C02}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 154003) (HKLM\...\{C51A8E2A-AA2E-4796-97BC-BA9935F607A6}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 155520) (HKLM\...\{3E049DBC-1D97-48EA-9FF4-35D5DFB89092}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 159293) (HKLM\...\{69F28399-DE3B-491F-8704-101B6FAE7210}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 162839) (HKLM\...\{52A3BF51-8937-4597-BEC1-7169F5C96295}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 164658) (HKLM\...\{25F384C2-0D2D-4CDF-B84D-1FE8E83001D0}) (Version: - Symantec Corporation)
Symantec Backup Exec (Service Pack 1) (HKLM\...\{D6F0513A-606E-44DA-B4FF-6BF542E3790F}) (Version: - Symantec Corporation)
Symantec Backup Exec (TM) 2010 R2 (HKLM\...\Symantec Backup Exec 13.0) (Version: 13.0.4164 - Symantec Corporation)
Symantec Backup Exec (Version: 13.0.4164 - Symantec Corporation) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trilead VM Explorer (HKLM-x32\...\{93836BB1-A704-4D3F-AB0A-CE990A2F5930}) (Version: 5.0.014.0 - Trilead AG)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.0.1087880 - VMware, Inc.)
VMware Virtual Disk Development Kit (HKLM-x32\...\{547EB317-F9FC-4571-B66A-83B3C9D6A2C8}) (Version: 5.1.0.774844 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.12319 - VMware, Inc.)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.2669 - VMware, Inc.)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4D9E4576-618A-4D71-A83C-219A4A674637} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {841E9EB2-7208-4BFE-AB3E-EB81BE1257F5} - System32\Tasks\At1 => Rundll32.exe daewte.wo,sjurqc <==== ATTENTION
Task: {98A95F59-20CD-4E35-9D21-F20F9141264F} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [2010-11-20] (Microsoft Corporation)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)
Task: {D3F5153E-1883-45F2-A816-9C2A0B198473} - System32\Tasks\DocuWare Update => C:\Program Files (x86)\DocuWare\Update\DocuWare.Update.exe [2013-07-16] (DocuWare AG)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => H0 Im rundll32 exe daewte wo sjurqc SYSTEM Erstellt von NetScheduleJobAdd HC xk 4E Ae oD Uzb
==================== Loaded Modules (Whitelisted) ==============
2012-11-06 11:42 - 2012-11-06 11:40 - 00015360 _____ () C:\Windows\System32\KOAYXJ_L.DLL
2012-11-06 11:41 - 2012-11-06 11:36 - 00015360 _____ () C:\Windows\System32\KOAYQJ_L.DLL
2007-11-06 14:22 - 2010-10-01 14:58 - 00014848 _____ () C:\Windows\System32\KOBZQABL.dll
2011-02-11 11:27 - 2007-11-06 15:22 - 00014848 _____ () C:\Windows\System32\KOBZQJBL.dll
2012-12-03 15:23 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\sp6__l.dll
2012-12-03 16:01 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2012-12-03 13:22 - 2011-12-22 10:59 - 00034304 _____ () C:\Windows\System32\sx655lm.dll
2012-11-06 11:42 - 2012-11-06 11:40 - 00648704 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYXJ_O.DLL
2009-07-02 15:11 - 2009-07-02 15:11 - 06907144 _____ () C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
2009-06-25 15:54 - 2009-06-25 15:54 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 00255488 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\SSLEAY32.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 01362944 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\LIBEAY32.dll
2009-07-08 11:56 - 2009-07-08 11:56 - 05799936 _____ () D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
2013-06-26 12:06 - 2012-10-03 08:17 - 01786368 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMUD1P4Z.DLL
2010-04-28 16:37 - 2010-04-28 16:37 - 00048128 _____ () C:\Windows\system32\CpqNiMgt\CPQNIMIB.DLL
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\cpqnimgt\w2kmgdll.dll
2010-04-28 16:33 - 2010-04-28 16:33 - 00018432 _____ () C:\Windows\system32\cpqnimgt\cqnisnmp.dll
2010-04-28 16:37 - 2010-04-28 16:37 - 00025088 _____ () C:\Windows\system32\CpqNiMgt\NICMIB.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00193024 _____ () C:\Windows\system32\CpqMgmt\Cqmgstor\stormib.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\cqstrutl.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00007168 _____ () C:\Windows\system32\cpqmgmt\cqmgstor\storsnmp.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00027648 _____ () C:\Windows\system32\CpqMgmt\CqmgStor\iscsimib.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\bin\libxml2.dll
2010-09-16 11:57 - 2009-03-09 18:08 - 00072704 _____ () C:\hp\hpsmh\bin\zlib1.dll
2010-09-16 11:57 - 2010-01-28 11:10 - 01411584 _____ () C:\hp\hpsmh\bin\LIBEAY32.dll
2010-09-16 11:57 - 2010-01-28 11:04 - 00266240 _____ () C:\hp\hpsmh\bin\SSLEAY32.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\modules\libxml2.dll
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\CPQNiMgt\w2kmgdll.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00032768 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00043008 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQIDE.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00041472 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMDISK.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00057856 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMSCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00091136 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMIDA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00115200 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQFCA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQISCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\STORALRT.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQSAS.DLL
2015-05-28 11:02 - 2015-05-28 11:02 - 00008192 _____ () C:\ProgramData\Symantec\CRF\ASP Temporary Files\crf\a59bc826\6c66bba2\assembly\dl3\9fbc4fbd\31d5aa08_2599d001\App_Web_ecpz2-me.DLL
2011-09-07 13:58 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 01276712 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 01094440 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00347432 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00465192 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_AnyTypeCode.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00087848 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00254248 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00511784 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00059176 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_CodecFactory.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00149800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00832296 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00044840 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Svc_Utils.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00075048 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00069416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI_Server.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00052520 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Codeset.dll
2013-04-09 08:49 - 2013-04-09 08:49 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMINI~1\AppData\Local\Temp\2\BGInfo.bmp
DNS Servers: 127.0.0.1 - 10.49.10.99
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [FSRM-SrmReports-In (RPC)] => (Allow) %systemroot%\system32\srmhost.exe
FirewallRules: [WINS-Service-In-TCP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-TCP] => (Allow) %systemroot%\System32\wins.exe
FirewallRules: [WINS-Service-In-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-In-RPC] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [{239A9729-E4B5-4A26-9E2A-4C638EE1F07C}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
FirewallRules: [{23CAB9E5-EBA1-4714-AC3F-93AAEE1FE06F}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
FirewallRules: [{261AED0A-51CC-4EFF-A902-B55A7D4182DB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{1DE329C8-74B8-4DBC-A604-549F3D4CDF29}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{3E67F204-39FD-42CA-9DB0-BFCCC20C1909}] => (Allow) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
FirewallRules: [{5BBE261D-BB69-4B62-A563-8CB4BEE2E566}] => (Allow) C:\Program Files\Symantec\Backup Exec\beserver.exe
FirewallRules: [{070B7B6E-BBC9-41AB-88CB-EC83C00354EE}] => (Allow) C:\Program Files\Symantec\Backup Exec\bengine.exe
FirewallRules: [{0DCA8D4A-0D0F-4660-A674-04C4C085157F}] => (Allow) C:\Program Files\Symantec\Backup Exec\beremote.exe
FirewallRules: [{C80DD1C4-4B87-4CDD-ADE6-630BE329BACC}] => (Allow) C:\Program Files\Symantec\Backup Exec\benetns.exe
FirewallRules: [{D3112E44-268F-4CB3-B7FF-5954419C42F4}] => (Allow) C:\Program Files\Symantec\Backup Exec\alertServer.exe
FirewallRules: [{5A68BD95-ABB4-427C-881E-83BF6F73FB5A}] => (Allow) C:\Program Files\Symantec\Backup Exec\spoold.exe
FirewallRules: [{4ED9E685-75B6-4C71-9C8F-F3F55710F7BB}] => (Allow) C:\Program Files\Symantec\Backup Exec\spad.exe
FirewallRules: [{F3203ED3-B989-4A87-B1E2-EAA1E46A82A6}] => (Allow) LPort=6160
FirewallRules: [{6B936BBC-6FB4-444E-9C2F-253FFE554AA4}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{45672FCB-6855-4F7A-8789-BB45490D64E8}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{AB8EA5A9-8B8A-4D33-8528-43DC16C795E0}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{A83ADABB-C55C-45A4-84E9-901737FD2690}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DF8A241E-9418-4BB2-B2E5-51562D546ED6}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7F976E60-71BE-4027-879B-74CE7CDDE412}] => (Allow) LPort=9089
FirewallRules: [{B4E5C7F0-EA9A-4ABC-8ED1-5ED454C1F42D}] => (Allow) LPort=8083
FirewallRules: [{2CBF83D0-17F3-4027-ABF0-6C55581AD46D}] => (Allow) LPort=111
FirewallRules: [{C2D35C1F-C81E-40CB-927D-9AB454B18456}] => (Allow) LPort=4242
FirewallRules: [{9B28BAD0-2510-4D25-8522-963C7893BF1A}] => (Allow) LPort=2049
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2015 11:06:31 AM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/28/2015 11:05:18 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:05:17 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:04:17 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:04:16 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:03:16 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:03:15 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:03:09 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:03:08 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:03:02 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
System errors:
=============
Error: (05/28/2015 11:05:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (05/28/2015 11:05:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Workflow Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:05:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Thumbnail Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:05:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Notification Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:04:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Job Processor" wurde nicht richtig gestartet.
Error: (05/28/2015 11:04:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Imaging Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:04:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Content Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:03:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Authentication Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:02:01 AM) (Source: Wins) (EventID: 4337) (User: )
Description: Der WINS-Server konnte die Sicherheitseinstellung für schreibgeschützte Vorgänge nicht initialisieren.
Error: (05/28/2015 11:01:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DocuWare CONNECT to Toshiba" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office:
=========================
Error: (05/28/2015 11:06:31 AM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/28/2015 11:05:18 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:05:17 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:04:17 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:04:16 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:03:16 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:03:15 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:03:09 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:03:08 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:03:02 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5640 @ 2.67GHz
Percentage of memory in use: 39%
Total physical RAM: 8181.8 MB
Available physical RAM: 4957.84 MB
Total Pagefile: 16361.78 MB
Available Pagefile: 12699.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:68.33 GB) (Free:21.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive g: (INTEX) (Network) (Total:279.36 GB) (Free:33.05 GB) NTFS
Drive h: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive l: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive s: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive t: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive v: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 68.3 GB) (Disk ID: 47C39B7C)
Partition 1: (Active) - (Size=68.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 838.1 GB) (Disk ID: 510C7675)
Partition 1: (Not Active) - (Size=838.1 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
28.05.2015, 10:31
| #53 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Neuer Fix bitte: FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {841E9EB2-7208-4BFE-AB3E-EB81BE1257F5} - System32\Tasks\At1 => Rundll32.exe daewte.wo,sjurqc <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => H0 Im rundll32 exe daewte wo sjurqc SYSTEM Erstellt von NetScheduleJobAdd HC xk 4E Ae oD Uzb
C:\Windows\Tasks\At1.job
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2015, 10:48
| #54 |
| | W32/Confick-O Datei rkqunq.z in System32Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by administrator at 2015-05-28 11:36:12 Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator (Available Profiles: administrator & Classic .NET AppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Task: {841E9EB2-7208-4BFE-AB3E-EB81BE1257F5} - System32\Tasks\At1 => Rundll32.exe daewte.wo,sjurqc <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => H0 Im rundll32 exe daewte wo sjurqc SYSTEM Erstellt von NetScheduleJobAdd HC xk 4E Ae oD Uzb
C:\Windows\Tasks\At1.job
EmptyTemp:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{841E9EB2-7208-4BFE-AB3E-EB81BE1257F5}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{841E9EB2-7208-4BFE-AB3E-EB81BE1257F5}" => key Removed successfully
C:\Windows\System32\Tasks\At1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => key Removed successfully
C:\Windows\Tasks\At1.job => Moved successfully.
"C:\Windows\Tasks\At1.job" => File/Folder not found.
EmptyTemp: => Removed 161 KB temporary data.
The system needed a reboot.
==== End of Fixlog 11:36:15 ====
|
|
28.05.2015, 12:45
| #55 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Und wieder bitte neue frische FRST-Logs. DC wurde ja wieder neu gestartet oder?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2015, 12:56
| #56 |
| | W32/Confick-O Datei rkqunq.z in System32 ja hat einen neustart gemacht Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by administrator (administrator) on SVDC01 on 28-05-2015 13:52:51
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator (Available Profiles: administrator & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beremote.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bedbg.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
() C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
(Hewlett-Packard Company) C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(Citrix Systems, Inc) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(DocuWare AG) D:\Programme\DocuWare\Imaging Server\DWImagingService.exe
(DocuWare AG) D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe
() D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
(DocuWare AG) D:\Programme\DocuWare\OCR Service\DWOCRService.exe
(Apache Software Foundation) D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe
(DocuWare AG) D:\Programme\DocuWare\Web Service Server\DWWebService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(Microsoft) C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Microsoft Corporation) C:\Windows\System32\WINS.EXE
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
(Hewlett-Packard Company) C:\Windows\System32\CPQNiMgt\cpqnimgt.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgstor\cqmgstor.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(DocuWare AG) D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe
(DocuWare AG) D:\Programme\DocuWare\Content Server\DWContentServer.exe
(DocuWare AG) D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe
(DocuWare AG) D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe
(DocuWare AG) D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beserver.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\benetns.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bengine.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmghost\cqmghost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe
(DocuWare AG) D:\Programme\DocuWare\Service Control\DocuWare.ServiceControl.exe
(DocuWare AG) C:\DW4\Tm2start.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Samsung) C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\Plugins\Scanner\DocuWare.Desktop.CaptureService.Host.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [73728 2010-04-27] (Hewlett-Packard Company)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM-x32\...\Run: [TM2Start] => C:\DW4\tm2start.exe [40960 2003-10-14] (DocuWare AG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [NSCSysTrayUI] => C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2009-04-09] (Samsung)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-01-30] (Sophos Limited)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-2786933937-3664791864-901090552-500\...\MountPoints2: {696c30f9-c176-11df-b2c9-806e6f6e6963} - E:\Browser.exe
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-05-26] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-05-26] (Sophos Limited)
Lsa: [Notification Packages] scecli rassfm
SecurityProviders: credssp.dll, pwdssp.dll, pwdssp.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackGroundInfo (Autostart).lnk [2014-02-24]
ShortcutTarget: BackGroundInfo (Autostart).lnk -> C:\Program Files\BackGroundInfo\BackGroundInfo.exe (Bryce Cogswell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare Desktop.lnk [2013-08-08]
ShortcutTarget: DocuWare Desktop.lnk -> C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe (DocuWare AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare ServiceControl.lnk [2011-08-09]
ShortcutTarget: DocuWare ServiceControl.lnk -> C:\Windows\Installer\{209B0652-2701-412D-9914-6889D95E90F6}\DocuWare.ServiceControl.exe (DocuWare AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2786933937-3664791864-901090552-500] => 10.49.10.99:8080
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://localhost:8083/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-17] (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1285946169091
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: hpapp - No CLSID Value
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Tcpip\..\Interfaces\{21072504-8B08-48CB-B084-C90577A620E5}: [NameServer] 127.0.0.1,10.49.10.99
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.0 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2010-05-14] (Microsoft Corp)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.1 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2010-05-14] (Microsoft Corp)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2013-03-19] (VMware, Inc.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [487424 2013-01-25] (Microsoft Corporation)
R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\beremote.exe [1816696 2010-12-08] (Symantec Corporation)
R2 BackupExecAgentBrowser; C:\Program Files\Symantec\Backup Exec\benetns.exe [542536 2010-06-29] (Symantec Corporation)
R2 BackupExecDeviceMediaService; C:\Program Files\Symantec\Backup Exec\pvlsvr.exe [2492784 2011-04-11] (Symantec Corporation)
R2 BackupExecJobEngine; C:\Program Files\Symantec\Backup Exec\bengine.exe [10835312 2011-06-27] (Symantec Corporation)
S3 BackupExecManagementService; C:\Program Files\Symantec\Backup Exec\BackupExecManagementService.exe [124232 2010-07-08] (Symantec Corporation)
R2 BackupExecRPCService; C:\Program Files\Symantec\Backup Exec\beserver.exe [11384688 2011-05-23] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\bedbg.exe [359240 2010-06-29] (Symantec Corporation)
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [268392 2010-05-26] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [167424 2010-03-19] (Hewlett-Packard Company) [File not signed]
R2 Citrix Licensing; C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe [6907144 2009-07-02] ()
S3 Citrix_GTLicensingProv; C:\Program Files (x86)\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe [1836464 2010-02-22] (Citrix Systems, Inc.)
R2 CpqNicMgmt; C:\Windows\system32\CPQNiMgt\cpqnimgt.exe [9728 2010-04-28] (Hewlett-Packard Company) [File not signed]
R2 CpqRcmc3; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1307648 2010-03-25] (Hewlett-Packard Company) [File not signed]
R2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [15464 2010-05-26] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15464 2010-05-26] (Hewlett-Packard Company)
R2 CqMgStor; C:\Windows\system32\CpqMgmt\cqmgstor\cqmgstor.exe [20992 2010-04-09] (Hewlett-Packard Company) [File not signed]
R2 CtxLSPortSvc; C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe [58800 2010-02-22] (Citrix Systems, Inc.)
R2 Dfs; C:\Windows\system32\dfssvc.exe [377344 2010-11-20] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [4518400 2010-11-20] (Microsoft Corporation)
R2 DHCPServer; C:\Windows\System32\dhcpssvc.dll [729088 2010-11-20] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
R2 DWAuthenticationServer; D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe [24576 2013-07-02] (DocuWare AG) [File not signed]
R2 DWContentServer; D:\Programme\DocuWare\Content Server\DWContentServer.exe [20480 2013-07-02] (DocuWare AG) [File not signed]
R2 DWDesktopService; C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe [26112 2013-07-02] (DocuWare AG) [File not signed]
R2 DWImagingService; D:\Programme\DocuWare\Imaging Server\DWImagingService.exe [14336 2013-07-02] (DocuWare AG) [File not signed]
R2 DWJobProcessor; D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe [15360 2013-07-02] (DocuWare AG) [File not signed]
R2 DWMySQL; D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe [5799936 2009-07-08] () [File not signed]
R2 DWNotificationServer; D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe [9216 2013-07-02] (DocuWare AG) [File not signed]
R2 DWOCRService; D:\Programme\DocuWare\OCR Service\DWOCRService.exe [14848 2013-07-02] (DocuWare AG) [File not signed]
R2 DWThumbnailServer; D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe [8704 2013-07-02] (DocuWare AG) [File not signed]
R2 DWTomcat; D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe [74240 2011-01-10] (Apache Software Foundation) [File not signed]
R2 DWUploadService; C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe [104960 2013-07-02] (DocuWare AG) [File not signed]
R2 DWWebService; D:\Programme\DocuWare\Web Service Server\DWWebService.exe [11776 2013-07-02] (DocuWare AG) [File not signed]
R2 DWWorkflowServer; D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe [20480 2013-07-02] (DocuWare AG) [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2010-11-20] (Microsoft Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-08-18] (Symantec Corporation)
R2 MSSQL$BKUPEXEC; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1020416 2010-11-20] (Microsoft Corporation)
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-26] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-26] (Sophos Limited)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [395560 2015-05-26] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-30] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [1069864 2015-05-26] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-26] (Sophos Limited)
S3 SrmReports; C:\Windows\system32\srmhost.exe [76288 2010-11-20] (Microsoft Corporation)
R2 SrmSvc; C:\Windows\system32\srmsvc.dll [3489792 2010-11-20] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-26] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-26] (Sophos Limited)
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [2041856 2010-01-28] (Hewlett-Packard Company) [File not signed]
R2 TermServLicensing; C:\Windows\System32\lserver.dll [694784 2010-11-20] (Microsoft Corporation)
R2 TrileadVMXService; C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe [4136344 2014-01-07] (Microsoft)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479824 2013-04-09] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WINS; C:\Windows\System32\wins.exe [287744 2011-08-09] (Microsoft Corporation)
S2 DWCONNECTtoToshiba; "D:\Programme\DocuWare\Client\Client Modules\CONNECT to Toshiba\CONNECTtoToshibaServer\DWCONNECTtoToshiba.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2010-02-24] (Hewlett-Packard Company)
R3 CPQTeamMP; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2010-02-24] (Hewlett-Packard Company)
R0 Datascrn; C:\Windows\System32\drivers\datascrn.sys [79936 2009-07-14] (Microsoft Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [51776 2009-07-14] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66944 2010-11-20] (Microsoft Corporation)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [156776 2010-02-22] (Hewlett-Packard Company)
R3 hplto; C:\Windows\System32\DRIVERS\hplto.sys [16384 2009-05-14] (Hewlett-Packard)
R3 hpqilo3chif; C:\Windows\System32\DRIVERS\hpqilo3chif.sys [43112 2010-04-28] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\DRIVERS\hpqilo3core.sys [44648 2010-05-09] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Company)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [83496 2010-04-30] (Broadcom Corporation)
R0 Quota; C:\Windows\System32\drivers\quota.sys [168016 2009-07-14] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-26] (Sophos Limited)
R1 SCSIChanger; C:\Windows\System32\DRIVERS\scsichng.sys [28208 2007-08-23] (Symantec Corporation)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-26] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-26] (Sophos Limited)
U5 Tape; C:\Windows\System32\Drivers\Tape.sys [29184 2009-07-14] (Microsoft Corporation)
R3 tpfilter; C:\Windows\System32\DRIVERS\tpfilter.sys [43568 2010-05-27] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 13:52 - 2015-05-28 13:52 - 00001850 _____ () C:\Windows\System32\Tasks\At6
2015-05-28 13:52 - 2015-05-28 13:52 - 00000346 _____ () C:\Windows\Tasks\At6.job
2015-05-28 13:45 - 2015-05-28 13:45 - 00001854 _____ () C:\Windows\System32\Tasks\At5
2015-05-28 13:45 - 2015-05-28 13:45 - 00000350 _____ () C:\Windows\Tasks\At5.job
2015-05-28 13:02 - 2015-05-28 13:02 - 00001856 _____ () C:\Windows\System32\Tasks\At4
2015-05-28 13:02 - 2015-05-28 13:02 - 00000352 _____ () C:\Windows\Tasks\At4.job
2015-05-28 12:40 - 2015-05-28 13:00 - 00000348 _____ () C:\Windows\Tasks\At3.job
2015-05-28 12:40 - 2015-05-28 12:40 - 00001852 _____ () C:\Windows\System32\Tasks\At3
2015-05-28 12:11 - 2015-05-28 13:00 - 00000352 _____ () C:\Windows\Tasks\At1.job
2015-05-28 12:11 - 2015-05-28 12:11 - 00001856 _____ () C:\Windows\System32\Tasks\At1
2015-05-28 11:47 - 2015-05-28 13:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2015-05-28 11:29 - 2015-05-28 12:00 - 00000348 _____ () C:\Windows\Tasks\At2.job
2015-05-28 11:29 - 2015-05-28 11:29 - 00001852 _____ () C:\Windows\System32\Tasks\At2
2015-05-28 11:22 - 2015-05-28 13:53 - 00027794 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-05-28 10:14 - 2015-05-28 10:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-28 09:38 - 2015-05-28 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-28 09:38 - 2015-05-28 09:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 09:37 - 2015-05-28 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-28 09:36 - 2015-05-28 10:05 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2015-05-28 09:24 - 2015-05-28 09:24 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.1.1004.exe
2015-05-28 08:51 - 2015-05-28 08:51 - 02108928 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-05-27 15:38 - 2015-05-27 15:38 - 05628291 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2015-05-27 11:20 - 2015-05-28 13:53 - 00000000 ____D () C:\FRST
2015-05-27 09:34 - 2015-05-27 09:34 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-26 23:50 - 2015-05-27 23:59 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-05-26 14:07 - 2015-05-26 14:05 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2015-05-26 14:06 - 2015-05-27 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-26 14:06 - 2015-05-26 14:06 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2015-05-26 14:06 - 2015-05-26 14:06 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2015-05-26 14:06 - 2015-05-26 14:06 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2015-05-26 14:05 - 2015-05-27 09:35 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-26 14:05 - 2015-05-27 09:34 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-26 14:05 - 2015-05-26 14:05 - 00312895 _____ () C:\Users\Administrator\AppData\Local\Temp\avremove.log
2015-05-26 14:05 - 2015-05-26 14:05 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2015-05-26 14:05 - 2015-05-26 14:05 - 00018695 _____ () C:\Users\Administrator\AppData\Local\Temp\Sophos ES setup.log
2015-05-26 14:05 - 2015-05-26 14:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\crt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 13:45 - 2010-10-25 20:22 - 23630567 _____ () C:\Windows\system32\besnmp.TRC
2015-05-28 13:40 - 2011-03-11 14:47 - 00000000 ____D () C:\Windows\system32\dhcp
2015-05-28 13:37 - 2012-12-03 15:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 11:52 - 2010-09-16 11:44 - 01772211 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 11:52 - 2009-07-14 06:49 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 11:52 - 2009-07-14 06:49 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 11:48 - 2009-09-18 03:52 - 00940408 _____ () C:\Windows\system32\perfh00A.dat
2015-05-28 11:48 - 2009-09-18 03:52 - 00234070 _____ () C:\Windows\system32\perfc00A.dat
2015-05-28 11:48 - 2009-09-18 03:45 - 00903584 _____ () C:\Windows\system32\perfh007.dat
2015-05-28 11:48 - 2009-09-18 03:45 - 00222124 _____ () C:\Windows\system32\perfc007.dat
2015-05-28 11:48 - 2009-09-18 03:39 - 00931962 _____ () C:\Windows\system32\perfh010.dat
2015-05-28 11:48 - 2009-09-18 03:39 - 00219332 _____ () C:\Windows\system32\perfc010.dat
2015-05-28 11:48 - 2009-09-18 03:33 - 00941504 _____ () C:\Windows\system32\perfh00C.dat
2015-05-28 11:48 - 2009-09-18 03:33 - 00223464 _____ () C:\Windows\system32\perfc00C.dat
2015-05-28 11:48 - 2009-07-14 07:10 - 05664028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 11:47 - 2010-09-16 11:56 - 00000000 ____D () C:\Users\Administrator
2015-05-28 11:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-28 11:41 - 2010-09-29 10:53 - 00000000 ____D () C:\Windows\system32\wins
2015-05-28 11:41 - 2010-09-29 10:42 - 00000000 ____D () C:\Windows\system32\lserver
2015-05-28 11:40 - 2010-10-06 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2015-05-28 11:40 - 2010-09-21 16:35 - 00006392 _____ () C:\Windows\system32\config\netlogon.dnb
2015-05-28 11:40 - 2010-09-21 16:35 - 00002293 _____ () C:\Windows\system32\config\netlogon.dns
2015-05-28 11:40 - 2010-09-20 19:57 - 00000000 ____D () C:\Windows\system32\dns
2015-05-28 11:39 - 2010-09-21 16:30 - 00000000 ____D () C:\Windows\NTDS
2015-05-28 11:39 - 2009-07-14 07:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 11:02 - 2010-10-25 20:09 - 00000000 ____D () C:\ProgramData\Symantec
2015-05-28 01:43 - 2010-11-04 22:30 - 00000000 ___HD () C:\Backup Exec AOFO Store
2015-05-27 10:08 - 2010-10-25 20:31 - 25060350 _____ () C:\Windows\system32\Dashboard.log
2015-05-26 14:08 - 2011-08-09 11:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\WEC
2015-05-18 17:24 - 2010-10-02 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
2015-05-13 14:52 - 2010-09-16 23:08 - 00240764 _____ () C:\Users\Administrator\Desktop\ADMIN-KONSOLE.msc
2015-05-06 14:55 - 2010-09-27 16:31 - 00012168 _____ () C:\Users\Administrator\volshext.log
==================== Files in the root of some directories =======
2013-08-13 09:56 - 2013-08-13 09:56 - 0646498 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5F5F.txt
2013-08-13 09:56 - 2013-08-13 09:56 - 0031136 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5F5F.txt
2013-08-13 10:05 - 2013-08-13 10:06 - 0431252 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI660B.txt
2013-08-13 10:06 - 2013-08-13 10:07 - 0441992 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI66CF.txt
2013-08-13 10:05 - 2013-08-13 10:06 - 0029772 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI660B.txt
2013-08-13 10:06 - 2013-08-13 10:07 - 0029708 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI66CF.txt
2011-08-09 15:25 - 2011-08-09 15:25 - 0000064 _____ () C:\Users\Administrator\AppData\Local\DW5ReportSettings.xml
2010-09-16 23:10 - 2010-09-16 23:10 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-06-03 12:16 - 2013-06-03 12:16 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 00:02
==================== End of log ============================
|
|
28.05.2015, 12:57
| #57 |
| | W32/Confick-O Datei rkqunq.z in System32Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by administrator at 2015-05-28 13:54:19
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3840907090-451933650-4095424516-500 - Administrator - Enabled)
Gast (S-1-5-21-3840907090-451933650-4095424516-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.17 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0917-000001000000}) (Version: 9.17.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
Citrix Lizenzierung (HKLM-x32\...\{EE7A694A-15EE-4551-A267-EBF5904DD49D}) (Version: 7.1.10007 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix XenApp Plugin für gehostete Anwendungen (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
DocuWare (HKLM-x32\...\{4B77274C-532A-4324-A9A4-1CAFE884E652}) (Version: 6.1.838.4913 - DocuWare)
DocuWare 4 (HKLM-x32\...\DocuWare) (Version: - )
DocuWare Administration Tool (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Authentication Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client German Language Pack (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare COLD/READ (HKLM-x32\...\COLDREAD) (Version: - )
DocuWare ComponentInit (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Content Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Desktop (HKLM-x32\...\{A03EB08B-C706-4EC9-82FD-ACD9E372AFC4}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Full Text Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Imaging Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Internal Database (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Processor (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Notification Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR Service (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Platform (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Power Tools (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Service Control (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Settings (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare SettingsUI (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Stellent (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Thumbnail Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Update (HKLM-x32\...\{413E5334-A47C-48D9-8553-6389859443EE}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Upload Service (HKLM-x32\...\{582A3535-F4C7-4A58-A37F-1F84EBE0B8E7}) (Version: 6.1.838.4913 - DocuWare)
DocuWare VCET (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Services (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Viewer (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Windows Explorer Client 64 Bit (HKLM\...\{F0ED9BD6-22C4-4D07-89B8-BBC2B2876333}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Workflow Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Array Configuration Utility (HKLM-x32\...\{74C48700-A6A7-4B3D-BD3A-C4E131CDD8E8}) (Version: 8.50.5.0 - Hewlett Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{14A5045C-33EE-4596-AA69-8761611AE8EB}) (Version: 8.50.6.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 8.5.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{B7B52204-2CC8-477A-9C7A-382C31070A62}) (Version: 8.50.0.0 - Hewlett-Packard Company)
HP Lights-Out Online Configuration Utility (HKLM\...\{2E97856A-345A-475D-913C-B8A78406BDF6}) (Version: 3.1.0.0 - Hewlett-Packard Development Company, L.P.)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ProLiant iLO 3 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.0.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{CF222EB4-4EF7-40F4-A62B-A03E214C20DE}) (Version: 5.24.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{0F27A9B5-63FD-43DB-8230-FFE1E9CFE2C4}) (Version: 6.20.0.64 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 6.1.0 - Hewlett-Packard Company)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 6.1.0.842 - Hewlett Packard Development Company, L.P.)
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java SE Development Kit 7 Update 11 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021F0}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Web Platform Installer 2.0 (HKLM\...\{59996900-0E6C-45B7-8C39-C64CB98462E4}) (Version: 2.1.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
Network Scan (HKLM-x32\...\{98357EB8-C10E-414A-A6EC-F3392EA97D35}) (Version: - )
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.2 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Symantec Backup Exec (Hotfix 144101) (HKLM\...\{F2A04230-7059-4CC2-B6EE-EF94F3EBAAE2}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 147674) (HKLM\...\{8032B566-B386-413F-9A10-11F9A35C9B65}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 148347) (HKLM\...\{28602F3D-426C-4719-822F-BE550838034F}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 150096) (HKLM\...\{01FAED90-7E07-4F9D-912A-F5BE34036E3C}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 153090) (HKLM\...\{B248E5CA-CE2E-4BC4-925B-0B2181556C02}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 154003) (HKLM\...\{C51A8E2A-AA2E-4796-97BC-BA9935F607A6}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 155520) (HKLM\...\{3E049DBC-1D97-48EA-9FF4-35D5DFB89092}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 159293) (HKLM\...\{69F28399-DE3B-491F-8704-101B6FAE7210}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 162839) (HKLM\...\{52A3BF51-8937-4597-BEC1-7169F5C96295}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 164658) (HKLM\...\{25F384C2-0D2D-4CDF-B84D-1FE8E83001D0}) (Version: - Symantec Corporation)
Symantec Backup Exec (Service Pack 1) (HKLM\...\{D6F0513A-606E-44DA-B4FF-6BF542E3790F}) (Version: - Symantec Corporation)
Symantec Backup Exec (TM) 2010 R2 (HKLM\...\Symantec Backup Exec 13.0) (Version: 13.0.4164 - Symantec Corporation)
Symantec Backup Exec (Version: 13.0.4164 - Symantec Corporation) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trilead VM Explorer (HKLM-x32\...\{93836BB1-A704-4D3F-AB0A-CE990A2F5930}) (Version: 5.0.014.0 - Trilead AG)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.0.1087880 - VMware, Inc.)
VMware Virtual Disk Development Kit (HKLM-x32\...\{547EB317-F9FC-4571-B66A-83B3C9D6A2C8}) (Version: 5.1.0.774844 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.12319 - VMware, Inc.)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.2669 - VMware, Inc.)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {23A85B93-D5D1-4B85-8B7A-9FAE1695F78F} - System32\Tasks\At6 => Rundll32.exe daewte.wo,tvypf <==== ATTENTION
Task: {4D9E4576-618A-4D71-A83C-219A4A674637} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {5555F348-968C-4656-BDD4-1ABDC34E35A3} - System32\Tasks\At5 => Rundll32.exe daewte.wo,yorkfcz <==== ATTENTION
Task: {5D076414-5963-4B13-B580-A4867144AEC0} - System32\Tasks\At1 => Rundll32.exe daewte.wo,gokjysri <==== ATTENTION
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {706AF1AA-E6C8-4BD7-8184-E7E30F37BE8F} - System32\Tasks\At2 => Rundll32.exe daewte.wo,gxdkke <==== ATTENTION
Task: {98A95F59-20CD-4E35-9D21-F20F9141264F} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [2010-11-20] (Microsoft Corporation)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)
Task: {D3F5153E-1883-45F2-A816-9C2A0B198473} - System32\Tasks\DocuWare Update => C:\Program Files (x86)\DocuWare\Update\DocuWare.Update.exe [2013-07-16] (DocuWare AG)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {DB25B1D5-1876-4579-86A8-216A6F99E8EC} - System32\Tasks\At4 => Rundll32.exe daewte.wo,cwrzlnqa <==== ATTENTION
Task: {F83FE3C0-92BB-4BE8-B0E3-F4D84F657387} - System32\Tasks\At3 => Rundll32.exe daewte.wo,npkxkb <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => bF rundll32 exe daewte wo gokjysri SYSTEM Erstellt von NetScheduleJobAdd 8_ ? GO
Task: C:\Windows\Tasks\At2.job => 4v dF rundll32 exe daewte wo gxdkke SYSTEM Erstellt von NetScheduleJobAdd ZM / zH kQq
Task: C:\Windows\Tasks\At3.job => rundll32 exe daewte wo npkxkb SYSTEM Erstellt von NetScheduleJobAdd JyQe ? 3l6 Dr 5oV / iO 8Q
Task: C:\Windows\Tasks\At4.job => rundll32 exe daewte wo cwrzlnqa SYSTEM Erstellt von NetScheduleJobAdd PQ /g PW tlq B4 /
Task: C:\Windows\Tasks\At5.job => rundll32 exe daewte wo yorkfcz SYSTEM Erstellt von NetScheduleJobAdd FG zy / Nn
Task: C:\Windows\Tasks\At6.job => rundll32 exe daewte wo tvypf SYSTEM Erstellt von NetScheduleJobAdd FI X0F SAO /
==================== Loaded Modules (Whitelisted) ==============
2012-11-06 11:42 - 2012-11-06 11:40 - 00015360 _____ () C:\Windows\System32\KOAYXJ_L.DLL
2012-11-06 11:41 - 2012-11-06 11:36 - 00015360 _____ () C:\Windows\System32\KOAYQJ_L.DLL
2007-11-06 14:22 - 2010-10-01 14:58 - 00014848 _____ () C:\Windows\System32\KOBZQABL.dll
2011-02-11 11:27 - 2007-11-06 15:22 - 00014848 _____ () C:\Windows\System32\KOBZQJBL.dll
2012-12-03 15:23 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\sp6__l.dll
2012-12-03 16:01 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2012-12-03 13:22 - 2011-12-22 10:59 - 00034304 _____ () C:\Windows\System32\sx655lm.dll
2012-11-06 11:42 - 2012-11-06 11:40 - 00648704 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYXJ_O.DLL
2009-07-02 15:11 - 2009-07-02 15:11 - 06907144 _____ () C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
2009-06-25 15:54 - 2009-06-25 15:54 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 00255488 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\SSLEAY32.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 01362944 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\LIBEAY32.dll
2013-06-26 12:06 - 2012-10-03 08:17 - 01786368 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMUD1P4Z.DLL
2009-07-08 11:56 - 2009-07-08 11:56 - 05799936 _____ () D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
2010-04-28 16:37 - 2010-04-28 16:37 - 00048128 _____ () C:\Windows\system32\CpqNiMgt\CPQNIMIB.DLL
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\cpqnimgt\w2kmgdll.dll
2010-04-28 16:33 - 2010-04-28 16:33 - 00018432 _____ () C:\Windows\system32\cpqnimgt\cqnisnmp.dll
2010-04-28 16:37 - 2010-04-28 16:37 - 00025088 _____ () C:\Windows\system32\CpqNiMgt\NICMIB.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00193024 _____ () C:\Windows\system32\CpqMgmt\Cqmgstor\stormib.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\cqstrutl.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00007168 _____ () C:\Windows\system32\cpqmgmt\cqmgstor\storsnmp.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00027648 _____ () C:\Windows\system32\CpqMgmt\CqmgStor\iscsimib.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\bin\libxml2.dll
2010-09-16 11:57 - 2009-03-09 18:08 - 00072704 _____ () C:\hp\hpsmh\bin\zlib1.dll
2010-09-16 11:57 - 2010-01-28 11:10 - 01411584 _____ () C:\hp\hpsmh\bin\LIBEAY32.dll
2010-09-16 11:57 - 2010-01-28 11:04 - 00266240 _____ () C:\hp\hpsmh\bin\SSLEAY32.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\modules\libxml2.dll
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\CPQNiMgt\w2kmgdll.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00032768 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00043008 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQIDE.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00041472 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMDISK.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00057856 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMSCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00091136 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMIDA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00115200 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQFCA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQISCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\STORALRT.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQSAS.DLL
2015-05-28 11:41 - 2015-05-28 11:41 - 00008192 _____ () C:\ProgramData\Symantec\CRF\ASP Temporary Files\crf\b1933ce8\e5c2297a\assembly\dl3\ad3a71f0\c8f32b80_2a99d001\App_Web_ezgoqmze.DLL
2015-05-26 14:05 - 2015-05-26 14:05 - 01276712 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 01094440 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00347432 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00465192 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_AnyTypeCode.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00087848 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00254248 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00511784 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00059176 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_CodecFactory.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00149800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00832296 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00044840 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Svc_Utils.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00075048 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00069416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI_Server.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00052520 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Codeset.dll
2013-04-09 08:49 - 2013-04-09 08:49 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMINI~1\AppData\Local\Temp\2\BGInfo.bmp
DNS Servers: 127.0.0.1 - 10.49.10.99
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [FSRM-SrmReports-In (RPC)] => (Allow) %systemroot%\system32\srmhost.exe
FirewallRules: [WINS-Service-In-TCP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-TCP] => (Allow) %systemroot%\System32\wins.exe
FirewallRules: [WINS-Service-In-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-In-RPC] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [{239A9729-E4B5-4A26-9E2A-4C638EE1F07C}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
FirewallRules: [{23CAB9E5-EBA1-4714-AC3F-93AAEE1FE06F}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
FirewallRules: [{261AED0A-51CC-4EFF-A902-B55A7D4182DB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{1DE329C8-74B8-4DBC-A604-549F3D4CDF29}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{3E67F204-39FD-42CA-9DB0-BFCCC20C1909}] => (Allow) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
FirewallRules: [{5BBE261D-BB69-4B62-A563-8CB4BEE2E566}] => (Allow) C:\Program Files\Symantec\Backup Exec\beserver.exe
FirewallRules: [{070B7B6E-BBC9-41AB-88CB-EC83C00354EE}] => (Allow) C:\Program Files\Symantec\Backup Exec\bengine.exe
FirewallRules: [{0DCA8D4A-0D0F-4660-A674-04C4C085157F}] => (Allow) C:\Program Files\Symantec\Backup Exec\beremote.exe
FirewallRules: [{C80DD1C4-4B87-4CDD-ADE6-630BE329BACC}] => (Allow) C:\Program Files\Symantec\Backup Exec\benetns.exe
FirewallRules: [{D3112E44-268F-4CB3-B7FF-5954419C42F4}] => (Allow) C:\Program Files\Symantec\Backup Exec\alertServer.exe
FirewallRules: [{5A68BD95-ABB4-427C-881E-83BF6F73FB5A}] => (Allow) C:\Program Files\Symantec\Backup Exec\spoold.exe
FirewallRules: [{4ED9E685-75B6-4C71-9C8F-F3F55710F7BB}] => (Allow) C:\Program Files\Symantec\Backup Exec\spad.exe
FirewallRules: [{F3203ED3-B989-4A87-B1E2-EAA1E46A82A6}] => (Allow) LPort=6160
FirewallRules: [{6B936BBC-6FB4-444E-9C2F-253FFE554AA4}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{45672FCB-6855-4F7A-8789-BB45490D64E8}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{AB8EA5A9-8B8A-4D33-8528-43DC16C795E0}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{A83ADABB-C55C-45A4-84E9-901737FD2690}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DF8A241E-9418-4BB2-B2E5-51562D546ED6}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7F976E60-71BE-4027-879B-74CE7CDDE412}] => (Allow) LPort=9089
FirewallRules: [{B4E5C7F0-EA9A-4ABC-8ED1-5ED454C1F42D}] => (Allow) LPort=8083
FirewallRules: [{2CBF83D0-17F3-4027-ABF0-6C55581AD46D}] => (Allow) LPort=111
FirewallRules: [{C2D35C1F-C81E-40CB-927D-9AB454B18456}] => (Allow) LPort=4242
FirewallRules: [{9B28BAD0-2510-4D25-8522-963C7893BF1A}] => (Allow) LPort=2049
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2015 11:45:38 AM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/28/2015 11:44:27 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:44:26 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:43:26 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:43:25 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:42:25 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:42:24 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:42:18 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:42:17 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:42:11 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
System errors:
=============
Error: (05/28/2015 01:17:20 PM) (Source: NETLOGON) (EventID: 5805) (User: )
Description: Die Sitzungseinrichtung von Computer VERKAUF17 konnte nicht authentifiziert werden.
Der folgende Fehler ist aufgetreten:
%%5
Error: (05/28/2015 01:13:50 PM) (Source: NETLOGON) (EventID: 5723) (User: )
Description: Die Sitzung konnte vom Computer "VERKAUF17" nicht eingerichtet werden, da die Sicherheitsdatenbank
kein Vertrauenskonto "VERKAUF17$" entsprechend
dem angegebenen Computer enthält.
USER ACTION
Wenn dieses Ereignis das erste Mal für den angegebenen Computer
vorkommt, ist das eventuell ein vorübergehendes Problem, auf das
zurzeit nicht geachtet werden muss.
Wenn dies ein schreibgeschützter Domänencontroller ist und "VERKAUF17$" das legitime Computerkonto
für den Computer "VERKAUF17" ist, dann sollte "VERKAUF17" für diesen Standort
für die Zwischenspeicherung gewählt werden, falls erforderlich, oder gewährleisten Sie die Konnektivität mit einem
Domänencontroller, der die Anforderung bearbeiten kann (z.B. ein beschreibbarer Domänencontroller).
Andernfalls kann dieses Problem anhand der folgenden Schritte gelöst werden:
Wenn "VERKAUF17$" das legitime Computerkonto für den Computer "VERKAUF17" ist, sollte "VERKAUF17"
erneut der Domäne hinzugefügt werden.
Wenn "VERKAUF17$" das legitime domänenübergreifende Vertrauenskonto
ist, sollte die Vertrauensstellung neu erstellt werden.
Im Falle, dass "VERKAUF17$" kein legitimes Konto ist, sollte Folgendes
für "VERKAUF17" veranlasst werden:
Wenn "VERKAUF17" ein Domänencontroller ist, sollte die hiermit
verbundene Vertrauensstellung "VERKAUF17$" gelöscht werden.
Wenn "VERKAUF17" kein Domänencontroller ist, sollte es von der
Domäne entfernt werden.
Error: (05/28/2015 11:45:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (05/28/2015 11:45:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Workflow Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:45:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Thumbnail Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:45:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Notification Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:44:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Job Processor" wurde nicht richtig gestartet.
Error: (05/28/2015 11:44:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Imaging Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:44:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Content Server" wurde nicht richtig gestartet.
Error: (05/28/2015 11:42:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Authentication Server" wurde nicht richtig gestartet.
Microsoft Office:
=========================
Error: (05/28/2015 11:45:38 AM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/28/2015 11:44:27 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:44:26 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:43:26 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:43:25 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:42:25 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:42:24 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:42:18 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/28/2015 11:42:17 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/28/2015 11:42:11 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5640 @ 2.67GHz
Percentage of memory in use: 40%
Total physical RAM: 8181.8 MB
Available physical RAM: 4854.17 MB
Total Pagefile: 16361.78 MB
Available Pagefile: 12588.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:68.33 GB) (Free:21.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive g: (INTEX) (Network) (Total:279.36 GB) (Free:33.03 GB) NTFS
Drive h: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive l: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive s: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive t: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
Drive v: (DATEN) (Network) (Total:838.09 GB) (Free:336.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 68.3 GB) (Disk ID: 47C39B7C)
Partition 1: (Active) - (Size=68.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 838.1 GB) (Disk ID: 510C7675)
Partition 1: (Not Active) - (Size=838.1 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
28.05.2015, 13:19
| #58 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Der Mist ist leider immer noch oder schon wieder da! Mach mal bitte Scans mit Emsi und ESET: Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2015, 07:59
| #59 |
| | W32/Confick-O Datei rkqunq.z in System32 EEK ist endlich über Nacht durchgelaufen und hat 35 Funde. Allerdings passiert NICHTS wennn ich anschließend auf "Ausgewähltes in Quarantäne" klicke. Hier das log: Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 28.05.2015 14:27:36
Benutzerkonto: GMBH\administrator
Scan-Einstellungen:
Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 28.05.2015 14:27:59
Key: HKEY_USERS\S-1-5-21-2786933937-3664791864-901090552-500\SOFTWARE\YAHOOPARTNERTOOLBAR gefunden: Application.Win32.YTool (A)
C:\FRST\Quarantine\C\Windows\Tasks\At1.job.xBAD gefunden: Win32.Worm.DownadupJob.A (B)
C:\Windows\Tasks\At1.job gefunden: Win32.Worm.DownadupJob.A (B)
C:\Windows\Tasks\At2.job gefunden: Win32.Worm.DownadupJob.A (B)
C:\Windows\Tasks\At3.job gefunden: Win32.Worm.DownadupJob.A (B)
C:\Windows\Tasks\At4.job gefunden: Win32.Worm.DownadupJob.A (B)
C:\Windows\Tasks\At5.job gefunden: Win32.Worm.DownadupJob.A (B)
C:\Windows\Tasks\At6.job gefunden: Win32.Worm.DownadupJob.A (B)
D:\Daten\CAD\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\Daten\CAD\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\Daten\Design\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\Daten\Design\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\Daten\Einkauf\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\Daten\Einkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\Daten\GL-CON\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\Daten\GL-CON\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\Daten\Transfer\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\Daten\Transfer\EDV\Teschner\Unlocker1.9.2.exe gefunden: Application.Win32.InstallTool (A)
D:\Daten\Transfer\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\Daten\Vertrieb\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\Daten\Vertrieb\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\Lager\Transfer\Programme\PrimoPDF 5.1\InternationalPrimoPDF.exe gefunden: Application.Win32.AdSweet (A)
D:\UserHome\azubivk\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\UserHome\azubivk\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\UserHome\eschmidt\ESchmidt\Users\mpapra\Mail\Templates.sbd\Sent -> (message 71) -> [Subject: [Fwd: failure notice]][Date: Mon, 01 Sep 2003 10:31:42 +0200] -> (MIME part) -> (message) -> (base64) gefunden: Win32.Generic.497517 (B)
D:\UserHome\eschoebel\laufwerk_h\Sicherung\laufwerk_h\7 Wonders II\eclyam11.exe gefunden: Trojan.Generic.8816445 (B)
D:\UserHome\eschoebel\Sich 28102011\laufwerk_h\7 Wonders II\eclyam11.exe gefunden: Trojan.Generic.8816445 (B)
D:\UserHome\gdesign\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\UserHome\gdesign\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\UserHome\geinkauf\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\UserHome\geinkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\UserHome\jschiller\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\UserHome\jschiller\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
D:\UserHome\kvetter\autorun.inf -> (unicode) gefunden: Worm.Autorun.VHG (B)
D:\UserHome\kvetter\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx gefunden: Win32.Worm.Downadup.Gen (B)
Gescannt 1662666
Gefunden 35
Scan-Ende: 28.05.2015 18:17:48
Scan-Zeit: 3:49:49
|
|
29.05.2015, 08:13
| #60 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
D:\Daten\CAD\autorun.inf
D:\Daten\CAD\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\Design\autorun.inf
D:\Daten\Design\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\Einkauf\autorun.inf
D:\Daten\Einkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\GL-CON\autorun.inf
D:\Daten\GL-CON\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\Transfer\autorun.inf
D:\Daten\Transfer\EDV\Teschner\Unlocker1.9.2.exe
D:\Daten\Transfer\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\Vertrieb\autorun.inf
D:\Daten\Vertrieb\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\azubivk\autorun.inf
D:\UserHome\azubivk\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\eschoebel\laufwerk_h\Sicherung\laufwerk_h\7 Wonders II
D:\UserHome\eschoebel\Sich 28102011\laufwerk_h\7 Wonders II
D:\UserHome\gdesign\autorun.inf
D:\UserHome\gdesign\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\geinkauf\autorun.inf
D:\UserHome\geinkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\jschiller\autorun.inf
D:\UserHome\jschiller\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\kvetter\autorun.inf
D:\UserHome\kvetter\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu W32/Confick-O Datei rkqunq.z in System32 |
| andere, anderen, bereinigt, datei, dinge, direkt, erschein, erscheint, firma, hoffe, kommt wieder, melde, meldet, minute, nichts, nutze, nutzen, problem, rechner, sperrt, system, system32, worm.conficker |
W32/Confick-O Datei rkqunq.z in System32
Linear-Darstellung
