| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: W32/Confick-O Datei rkqunq.z in System32Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
29.05.2015, 09:07
| #61 |
 |  W32/Confick-O Datei rkqunq.z in System32Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by administrator at 2015-05-29 09:47:01 Run:3
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator (Available Profiles: administrator & Classic .NET AppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
D:\Daten\CAD\autorun.inf
D:\Daten\CAD\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\Design\autorun.inf
D:\Daten\Design\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\Einkauf\autorun.inf
D:\Daten\Einkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\GL-CON\autorun.inf
D:\Daten\GL-CON\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\Transfer\autorun.inf
D:\Daten\Transfer\EDV\Teschner\Unlocker1.9.2.exe
D:\Daten\Transfer\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\Daten\Vertrieb\autorun.inf
D:\Daten\Vertrieb\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\azubivk\autorun.inf
D:\UserHome\azubivk\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\eschoebel\laufwerk_h\Sicherung\laufwerk_h\7 Wonders II
D:\UserHome\eschoebel\Sich 28102011\laufwerk_h\7 Wonders II
D:\UserHome\gdesign\autorun.inf
D:\UserHome\gdesign\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\geinkauf\autorun.inf
D:\UserHome\geinkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\jschiller\autorun.inf
D:\UserHome\jschiller\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
D:\UserHome\kvetter\autorun.inf
D:\UserHome\kvetter\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
EmptyTemp:
*****************
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At5.job => Moved successfully.
C:\Windows\Tasks\At6.job => Moved successfully.
Could not move "D:\Daten\CAD\autorun.inf" => Scheduled to move on reboot.
D:\Daten\CAD\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\Daten\Design\autorun.inf => Moved successfully.
D:\Daten\Design\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\Daten\Einkauf\autorun.inf => Moved successfully.
D:\Daten\Einkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\Daten\GL-CON\autorun.inf => Moved successfully.
D:\Daten\GL-CON\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\Daten\Transfer\autorun.inf => Moved successfully.
D:\Daten\Transfer\EDV\Teschner\Unlocker1.9.2.exe => Moved successfully.
D:\Daten\Transfer\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\Daten\Vertrieb\autorun.inf => Moved successfully.
D:\Daten\Vertrieb\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\UserHome\azubivk\autorun.inf => Moved successfully.
D:\UserHome\azubivk\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\UserHome\eschoebel\laufwerk_h\Sicherung\laufwerk_h\7 Wonders II => Moved successfully.
D:\UserHome\eschoebel\Sich 28102011\laufwerk_h\7 Wonders II => Moved successfully.
D:\UserHome\gdesign\autorun.inf => Moved successfully.
D:\UserHome\gdesign\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\UserHome\geinkauf\autorun.inf => Moved successfully.
D:\UserHome\geinkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\UserHome\jschiller\autorun.inf => Moved successfully.
D:\UserHome\jschiller\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
D:\UserHome\kvetter\autorun.inf => Moved successfully.
D:\UserHome\kvetter\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx => Moved successfully.
EmptyTemp: => Removed 4.7 MB temporary data.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-29 10:03:29)<=
"D:\Daten\CAD\autorun.inf" => Could not move
==== End of Fixlog 10:03:29 ====
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by administrator (administrator) on SVDC01 on 29-05-2015 10:05:06
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator (Available Profiles: administrator & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beremote.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bedbg.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
() C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
(Hewlett-Packard Company) C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(Citrix Systems, Inc) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(DocuWare AG) D:\Programme\DocuWare\Imaging Server\DWImagingService.exe
(DocuWare AG) D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe
() D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
(DocuWare AG) D:\Programme\DocuWare\OCR Service\DWOCRService.exe
(Apache Software Foundation) D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe
(DocuWare AG) D:\Programme\DocuWare\Web Service Server\DWWebService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(Microsoft) C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Microsoft Corporation) C:\Windows\System32\WINS.EXE
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
(Hewlett-Packard Company) C:\Windows\System32\CPQNiMgt\cpqnimgt.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgstor\cqmgstor.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(DocuWare AG) D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe
(DocuWare AG) D:\Programme\DocuWare\Content Server\DWContentServer.exe
(DocuWare AG) D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe
(DocuWare AG) D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe
(DocuWare AG) D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beserver.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\benetns.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bengine.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmghost\cqmghost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe
(DocuWare AG) C:\DW4\Tm2start.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Samsung) C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe
(DocuWare AG) D:\Programme\DocuWare\Service Control\DocuWare.ServiceControl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\Plugins\Scanner\DocuWare.Desktop.CaptureService.Host.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [73728 2010-04-27] (Hewlett-Packard Company)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM-x32\...\Run: [TM2Start] => C:\DW4\tm2start.exe [40960 2003-10-14] (DocuWare AG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [NSCSysTrayUI] => C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2009-04-09] (Samsung)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-01-30] (Sophos Limited)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-2786933937-3664791864-901090552-500\...\MountPoints2: {696c30f9-c176-11df-b2c9-806e6f6e6963} - E:\Browser.exe
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-05-26] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-05-26] (Sophos Limited)
Lsa: [Notification Packages] scecli rassfm
SecurityProviders: credssp.dll, pwdssp.dll, pwdssp.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackGroundInfo (Autostart).lnk [2014-02-24]
ShortcutTarget: BackGroundInfo (Autostart).lnk -> C:\Program Files\BackGroundInfo\BackGroundInfo.exe (Bryce Cogswell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare Desktop.lnk [2013-08-08]
ShortcutTarget: DocuWare Desktop.lnk -> C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe (DocuWare AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare ServiceControl.lnk [2011-08-09]
ShortcutTarget: DocuWare ServiceControl.lnk -> C:\Windows\Installer\{209B0652-2701-412D-9914-6889D95E90F6}\DocuWare.ServiceControl.exe (DocuWare AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2786933937-3664791864-901090552-500] => 10.49.10.99:8080
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://localhost:8083/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-17] (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1285946169091
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: hpapp - No CLSID Value
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Tcpip\..\Interfaces\{21072504-8B08-48CB-B084-C90577A620E5}: [NameServer] 127.0.0.1,10.49.10.99
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.0 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2010-05-14] (Microsoft Corp)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.1 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2010-05-14] (Microsoft Corp)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2013-03-19] (VMware, Inc.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [487424 2013-01-25] (Microsoft Corporation)
R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\beremote.exe [1816696 2010-12-08] (Symantec Corporation)
R2 BackupExecAgentBrowser; C:\Program Files\Symantec\Backup Exec\benetns.exe [542536 2010-06-29] (Symantec Corporation)
R2 BackupExecDeviceMediaService; C:\Program Files\Symantec\Backup Exec\pvlsvr.exe [2492784 2011-04-11] (Symantec Corporation)
R2 BackupExecJobEngine; C:\Program Files\Symantec\Backup Exec\bengine.exe [10835312 2011-06-27] (Symantec Corporation)
S3 BackupExecManagementService; C:\Program Files\Symantec\Backup Exec\BackupExecManagementService.exe [124232 2010-07-08] (Symantec Corporation)
R2 BackupExecRPCService; C:\Program Files\Symantec\Backup Exec\beserver.exe [11384688 2011-05-23] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\bedbg.exe [359240 2010-06-29] (Symantec Corporation)
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [268392 2010-05-26] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [167424 2010-03-19] (Hewlett-Packard Company) [File not signed]
R2 Citrix Licensing; C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe [6907144 2009-07-02] ()
S3 Citrix_GTLicensingProv; C:\Program Files (x86)\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe [1836464 2010-02-22] (Citrix Systems, Inc.)
R2 CpqNicMgmt; C:\Windows\system32\CPQNiMgt\cpqnimgt.exe [9728 2010-04-28] (Hewlett-Packard Company) [File not signed]
R2 CpqRcmc3; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1307648 2010-03-25] (Hewlett-Packard Company) [File not signed]
R2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [15464 2010-05-26] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15464 2010-05-26] (Hewlett-Packard Company)
R2 CqMgStor; C:\Windows\system32\CpqMgmt\cqmgstor\cqmgstor.exe [20992 2010-04-09] (Hewlett-Packard Company) [File not signed]
R2 CtxLSPortSvc; C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe [58800 2010-02-22] (Citrix Systems, Inc.)
R2 Dfs; C:\Windows\system32\dfssvc.exe [377344 2010-11-20] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [4518400 2010-11-20] (Microsoft Corporation)
R2 DHCPServer; C:\Windows\System32\dhcpssvc.dll [729088 2010-11-20] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
R2 DWAuthenticationServer; D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe [24576 2013-07-02] (DocuWare AG) [File not signed]
R2 DWContentServer; D:\Programme\DocuWare\Content Server\DWContentServer.exe [20480 2013-07-02] (DocuWare AG) [File not signed]
R2 DWDesktopService; C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe [26112 2013-07-02] (DocuWare AG) [File not signed]
R2 DWImagingService; D:\Programme\DocuWare\Imaging Server\DWImagingService.exe [14336 2013-07-02] (DocuWare AG) [File not signed]
R2 DWJobProcessor; D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe [15360 2013-07-02] (DocuWare AG) [File not signed]
R2 DWMySQL; D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe [5799936 2009-07-08] () [File not signed]
R2 DWNotificationServer; D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe [9216 2013-07-02] (DocuWare AG) [File not signed]
R2 DWOCRService; D:\Programme\DocuWare\OCR Service\DWOCRService.exe [14848 2013-07-02] (DocuWare AG) [File not signed]
R2 DWThumbnailServer; D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe [8704 2013-07-02] (DocuWare AG) [File not signed]
R2 DWTomcat; D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe [74240 2011-01-10] (Apache Software Foundation) [File not signed]
R2 DWUploadService; C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe [104960 2013-07-02] (DocuWare AG) [File not signed]
R2 DWWebService; D:\Programme\DocuWare\Web Service Server\DWWebService.exe [11776 2013-07-02] (DocuWare AG) [File not signed]
R2 DWWorkflowServer; D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe [20480 2013-07-02] (DocuWare AG) [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2010-11-20] (Microsoft Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-08-18] (Symantec Corporation)
R2 MSSQL$BKUPEXEC; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1020416 2010-11-20] (Microsoft Corporation)
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-26] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-26] (Sophos Limited)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [395560 2015-05-26] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-30] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [1069864 2015-05-26] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05-26] (Sophos Limited)
S3 SrmReports; C:\Windows\system32\srmhost.exe [76288 2010-11-20] (Microsoft Corporation)
R2 SrmSvc; C:\Windows\system32\srmsvc.dll [3489792 2010-11-20] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-26] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-26] (Sophos Limited)
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [2041856 2010-01-28] (Hewlett-Packard Company) [File not signed]
R2 TermServLicensing; C:\Windows\System32\lserver.dll [694784 2010-11-20] (Microsoft Corporation)
R2 TrileadVMXService; C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe [4136344 2014-01-07] (Microsoft)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479824 2013-04-09] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WINS; C:\Windows\System32\wins.exe [287744 2011-08-09] (Microsoft Corporation)
S2 DWCONNECTtoToshiba; "D:\Programme\DocuWare\Client\Client Modules\CONNECT to Toshiba\CONNECTtoToshibaServer\DWCONNECTtoToshiba.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-28] (Emsisoft GmbH)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2010-02-24] (Hewlett-Packard Company)
R3 CPQTeamMP; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2010-02-24] (Hewlett-Packard Company)
R0 Datascrn; C:\Windows\System32\drivers\datascrn.sys [79936 2009-07-14] (Microsoft Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [51776 2009-07-14] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66944 2010-11-20] (Microsoft Corporation)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [156776 2010-02-22] (Hewlett-Packard Company)
R3 hplto; C:\Windows\System32\DRIVERS\hplto.sys [16384 2009-05-14] (Hewlett-Packard)
R3 hpqilo3chif; C:\Windows\System32\DRIVERS\hpqilo3chif.sys [43112 2010-04-28] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\DRIVERS\hpqilo3core.sys [44648 2010-05-09] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Company)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [83496 2010-04-30] (Broadcom Corporation)
R0 Quota; C:\Windows\System32\drivers\quota.sys [168016 2009-07-14] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-26] (Sophos Limited)
R1 SCSIChanger; C:\Windows\System32\DRIVERS\scsichng.sys [28208 2007-08-23] (Symantec Corporation)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-26] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-26] (Sophos Limited)
U5 Tape; C:\Windows\System32\Drivers\Tape.sys [29184 2009-07-14] (Microsoft Corporation)
R3 tpfilter; C:\Windows\System32\DRIVERS\tpfilter.sys [43568 2010-05-27] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 10:03 - 2015-05-29 10:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2015-05-29 09:01 - 2015-05-29 09:01 - 02347384 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_deu.exe
2015-05-29 09:01 - 2015-05-29 09:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-28 14:34 - 2015-05-29 09:47 - 00000352 _____ () C:\Windows\Tasks\At7.job
2015-05-28 14:34 - 2015-05-28 14:34 - 00001856 _____ () C:\Windows\System32\Tasks\At7
2015-05-28 14:23 - 2015-05-28 14:23 - 00000749 _____ () C:\Users\Administrator\Desktop\Start Emsisoft Emergency Kit.lnk
2015-05-28 14:23 - 2015-05-28 14:23 - 00000000 ____D () C:\EEK
2015-05-28 14:21 - 2015-05-28 14:23 - 155048408 _____ () C:\Users\Administrator\Downloads\EmsisoftEmergencyKit.exe
2015-05-28 13:52 - 2015-05-28 13:52 - 00001850 _____ () C:\Windows\System32\Tasks\At6
2015-05-28 13:45 - 2015-05-28 13:45 - 00001854 _____ () C:\Windows\System32\Tasks\At5
2015-05-28 13:02 - 2015-05-28 13:02 - 00001856 _____ () C:\Windows\System32\Tasks\At4
2015-05-28 12:40 - 2015-05-28 12:40 - 00001852 _____ () C:\Windows\System32\Tasks\At3
2015-05-28 12:11 - 2015-05-28 12:11 - 00001856 _____ () C:\Windows\System32\Tasks\At1
2015-05-28 11:29 - 2015-05-28 11:29 - 00001852 _____ () C:\Windows\System32\Tasks\At2
2015-05-28 11:22 - 2015-05-29 10:05 - 00027763 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-05-28 10:14 - 2015-05-28 10:14 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2015-05-28 09:39 - 2015-05-28 09:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-28 09:38 - 2015-05-28 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-28 09:38 - 2015-05-28 09:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 09:37 - 2015-05-28 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-28 09:36 - 2015-05-28 10:05 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2015-05-28 09:24 - 2015-05-28 09:24 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Administrator\Downloads\mbar-1.09.1.1004.exe
2015-05-28 08:51 - 2015-05-28 08:51 - 02108928 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-05-27 15:38 - 2015-05-27 15:38 - 05628291 _____ (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2015-05-27 11:20 - 2015-05-29 10:05 - 00000000 ____D () C:\FRST
2015-05-27 09:34 - 2015-05-27 09:34 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-26 23:50 - 2015-05-27 23:59 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-05-26 14:07 - 2015-05-26 14:05 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2015-05-26 14:06 - 2015-05-27 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-26 14:06 - 2015-05-26 14:06 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2015-05-26 14:06 - 2015-05-26 14:06 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2015-05-26 14:06 - 2015-05-26 14:06 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2015-05-26 14:05 - 2015-05-27 09:35 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-26 14:05 - 2015-05-27 09:34 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-26 14:05 - 2015-05-26 14:05 - 00312895 _____ () C:\Users\Administrator\AppData\Local\Temp\avremove.log
2015-05-26 14:05 - 2015-05-26 14:05 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2015-05-26 14:05 - 2015-05-26 14:05 - 00018695 _____ () C:\Users\Administrator\AppData\Local\Temp\Sophos ES setup.log
2015-05-26 14:05 - 2015-05-26 14:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\crt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 10:03 - 2010-09-16 11:56 - 00000000 ____D () C:\Users\Administrator
2015-05-29 10:03 - 2010-09-16 11:44 - 01836494 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 10:02 - 2009-07-14 06:49 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 10:02 - 2009-07-14 06:49 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 09:58 - 2009-09-18 03:52 - 00940408 _____ () C:\Windows\system32\perfh00A.dat
2015-05-29 09:58 - 2009-09-18 03:52 - 00234070 _____ () C:\Windows\system32\perfc00A.dat
2015-05-29 09:58 - 2009-09-18 03:45 - 00903584 _____ () C:\Windows\system32\perfh007.dat
2015-05-29 09:58 - 2009-09-18 03:45 - 00222124 _____ () C:\Windows\system32\perfc007.dat
2015-05-29 09:58 - 2009-09-18 03:39 - 00931962 _____ () C:\Windows\system32\perfh010.dat
2015-05-29 09:58 - 2009-09-18 03:39 - 00219332 _____ () C:\Windows\system32\perfc010.dat
2015-05-29 09:58 - 2009-09-18 03:33 - 00941504 _____ () C:\Windows\system32\perfh00C.dat
2015-05-29 09:58 - 2009-09-18 03:33 - 00223464 _____ () C:\Windows\system32\perfc00C.dat
2015-05-29 09:58 - 2009-07-14 07:10 - 05664028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-29 09:55 - 2010-10-25 20:22 - 23648181 _____ () C:\Windows\system32\besnmp.TRC
2015-05-29 09:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-29 09:52 - 2010-09-29 10:53 - 00000000 ____D () C:\Windows\system32\wins
2015-05-29 09:51 - 2011-03-11 14:47 - 00000000 ____D () C:\Windows\system32\dhcp
2015-05-29 09:51 - 2010-10-06 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2015-05-29 09:51 - 2010-09-29 10:42 - 00000000 ____D () C:\Windows\system32\lserver
2015-05-29 09:51 - 2010-09-21 16:35 - 00006392 _____ () C:\Windows\system32\config\netlogon.dnb
2015-05-29 09:51 - 2010-09-21 16:35 - 00002293 _____ () C:\Windows\system32\config\netlogon.dns
2015-05-29 09:51 - 2010-09-20 19:57 - 00000000 ____D () C:\Windows\system32\dns
2015-05-29 09:50 - 2010-09-21 16:30 - 00000000 ____D () C:\Windows\NTDS
2015-05-29 09:50 - 2010-09-16 13:06 - 00337198 _____ () C:\Windows\PFRO.log
2015-05-29 09:50 - 2009-07-14 07:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 09:37 - 2012-12-03 15:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 23:35 - 2010-11-04 22:30 - 00000000 ___HD () C:\Backup Exec AOFO Store
2015-05-28 11:02 - 2010-10-25 20:09 - 00000000 ____D () C:\ProgramData\Symantec
2015-05-27 10:08 - 2010-10-25 20:31 - 25060350 _____ () C:\Windows\system32\Dashboard.log
2015-05-26 14:08 - 2011-08-09 11:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\WEC
2015-05-18 17:24 - 2010-10-02 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
2015-05-13 14:52 - 2010-09-16 23:08 - 00240764 _____ () C:\Users\Administrator\Desktop\ADMIN-KONSOLE.msc
2015-05-06 14:55 - 2010-09-27 16:31 - 00012168 _____ () C:\Users\Administrator\volshext.log
==================== Files in the root of some directories =======
2013-08-13 09:56 - 2013-08-13 09:56 - 0646498 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5F5F.txt
2013-08-13 09:56 - 2013-08-13 09:56 - 0031136 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5F5F.txt
2013-08-13 10:05 - 2013-08-13 10:06 - 0431252 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI660B.txt
2013-08-13 10:06 - 2013-08-13 10:07 - 0441992 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI66CF.txt
2013-08-13 10:05 - 2013-08-13 10:06 - 0029772 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI660B.txt
2013-08-13 10:06 - 2013-08-13 10:07 - 0029708 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI66CF.txt
2011-08-09 15:25 - 2011-08-09 15:25 - 0000064 _____ () C:\Users\Administrator\AppData\Local\DW5ReportSettings.xml
2010-09-16 23:10 - 2010-09-16 23:10 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-06-03 12:16 - 2013-06-03 12:16 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\At7.job
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 00:02
==================== End of log ============================
|
|
29.05.2015, 09:08
| #62 |
| | W32/Confick-O Datei rkqunq.z in System32Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by administrator at 2015-05-29 10:06:11
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3840907090-451933650-4095424516-500 - Administrator - Enabled)
Gast (S-1-5-21-3840907090-451933650-4095424516-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.17 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0917-000001000000}) (Version: 9.17.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
Citrix Lizenzierung (HKLM-x32\...\{EE7A694A-15EE-4551-A267-EBF5904DD49D}) (Version: 7.1.10007 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix XenApp Plugin für gehostete Anwendungen (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
DocuWare (HKLM-x32\...\{4B77274C-532A-4324-A9A4-1CAFE884E652}) (Version: 6.1.838.4913 - DocuWare)
DocuWare 4 (HKLM-x32\...\DocuWare) (Version: - )
DocuWare Administration Tool (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Authentication Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client German Language Pack (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare COLD/READ (HKLM-x32\...\COLDREAD) (Version: - )
DocuWare ComponentInit (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Content Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Desktop (HKLM-x32\...\{A03EB08B-C706-4EC9-82FD-ACD9E372AFC4}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Full Text Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Imaging Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Internal Database (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Processor (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Notification Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR Service (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Platform (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Power Tools (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Service Control (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Settings (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare SettingsUI (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Stellent (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Thumbnail Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Update (HKLM-x32\...\{413E5334-A47C-48D9-8553-6389859443EE}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Upload Service (HKLM-x32\...\{582A3535-F4C7-4A58-A37F-1F84EBE0B8E7}) (Version: 6.1.838.4913 - DocuWare)
DocuWare VCET (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Services (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Viewer (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Windows Explorer Client 64 Bit (HKLM\...\{F0ED9BD6-22C4-4D07-89B8-BBC2B2876333}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Workflow Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Array Configuration Utility (HKLM-x32\...\{74C48700-A6A7-4B3D-BD3A-C4E131CDD8E8}) (Version: 8.50.5.0 - Hewlett Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{14A5045C-33EE-4596-AA69-8761611AE8EB}) (Version: 8.50.6.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 8.5.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{B7B52204-2CC8-477A-9C7A-382C31070A62}) (Version: 8.50.0.0 - Hewlett-Packard Company)
HP Lights-Out Online Configuration Utility (HKLM\...\{2E97856A-345A-475D-913C-B8A78406BDF6}) (Version: 3.1.0.0 - Hewlett-Packard Development Company, L.P.)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ProLiant iLO 3 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.0.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{CF222EB4-4EF7-40F4-A62B-A03E214C20DE}) (Version: 5.24.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{0F27A9B5-63FD-43DB-8230-FFE1E9CFE2C4}) (Version: 6.20.0.64 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 6.1.0 - Hewlett-Packard Company)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 6.1.0.842 - Hewlett Packard Development Company, L.P.)
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java SE Development Kit 7 Update 11 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021F0}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Web Platform Installer 2.0 (HKLM\...\{59996900-0E6C-45B7-8C39-C64CB98462E4}) (Version: 2.1.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
Network Scan (HKLM-x32\...\{98357EB8-C10E-414A-A6EC-F3392EA97D35}) (Version: - )
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.2 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Symantec Backup Exec (Hotfix 144101) (HKLM\...\{F2A04230-7059-4CC2-B6EE-EF94F3EBAAE2}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 147674) (HKLM\...\{8032B566-B386-413F-9A10-11F9A35C9B65}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 148347) (HKLM\...\{28602F3D-426C-4719-822F-BE550838034F}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 150096) (HKLM\...\{01FAED90-7E07-4F9D-912A-F5BE34036E3C}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 153090) (HKLM\...\{B248E5CA-CE2E-4BC4-925B-0B2181556C02}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 154003) (HKLM\...\{C51A8E2A-AA2E-4796-97BC-BA9935F607A6}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 155520) (HKLM\...\{3E049DBC-1D97-48EA-9FF4-35D5DFB89092}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 159293) (HKLM\...\{69F28399-DE3B-491F-8704-101B6FAE7210}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 162839) (HKLM\...\{52A3BF51-8937-4597-BEC1-7169F5C96295}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 164658) (HKLM\...\{25F384C2-0D2D-4CDF-B84D-1FE8E83001D0}) (Version: - Symantec Corporation)
Symantec Backup Exec (Service Pack 1) (HKLM\...\{D6F0513A-606E-44DA-B4FF-6BF542E3790F}) (Version: - Symantec Corporation)
Symantec Backup Exec (TM) 2010 R2 (HKLM\...\Symantec Backup Exec 13.0) (Version: 13.0.4164 - Symantec Corporation)
Symantec Backup Exec (Version: 13.0.4164 - Symantec Corporation) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trilead VM Explorer (HKLM-x32\...\{93836BB1-A704-4D3F-AB0A-CE990A2F5930}) (Version: 5.0.014.0 - Trilead AG)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.0.1087880 - VMware, Inc.)
VMware Virtual Disk Development Kit (HKLM-x32\...\{547EB317-F9FC-4571-B66A-83B3C9D6A2C8}) (Version: 5.1.0.774844 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.12319 - VMware, Inc.)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.2669 - VMware, Inc.)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {23A85B93-D5D1-4B85-8B7A-9FAE1695F78F} - System32\Tasks\At6 => Rundll32.exe daewte.wo,tvypf <==== ATTENTION
Task: {4D9E4576-618A-4D71-A83C-219A4A674637} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {5555F348-968C-4656-BDD4-1ABDC34E35A3} - System32\Tasks\At5 => Rundll32.exe daewte.wo,yorkfcz <==== ATTENTION
Task: {5D076414-5963-4B13-B580-A4867144AEC0} - System32\Tasks\At1 => Rundll32.exe daewte.wo,gokjysri <==== ATTENTION
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {706AF1AA-E6C8-4BD7-8184-E7E30F37BE8F} - System32\Tasks\At2 => Rundll32.exe daewte.wo,gxdkke <==== ATTENTION
Task: {98A95F59-20CD-4E35-9D21-F20F9141264F} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [2010-11-20] (Microsoft Corporation)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)
Task: {D3F5153E-1883-45F2-A816-9C2A0B198473} - System32\Tasks\DocuWare Update => C:\Program Files (x86)\DocuWare\Update\DocuWare.Update.exe [2013-07-16] (DocuWare AG)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {DB25B1D5-1876-4579-86A8-216A6F99E8EC} - System32\Tasks\At4 => Rundll32.exe daewte.wo,cwrzlnqa <==== ATTENTION
Task: {EE945E96-457F-4B8D-BA9E-997F97F2BA89} - System32\Tasks\At7 => Rundll32.exe daewte.wo,aagnktrt <==== ATTENTION
Task: {F83FE3C0-92BB-4BE8-B0E3-F4D84F657387} - System32\Tasks\At3 => Rundll32.exe daewte.wo,npkxkb <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At7.job => ? rundll32 exe daewte wo aagnktrt SYSTEM Erstellt von NetScheduleJobAdd Li TT1 WU
==================== Loaded Modules (Whitelisted) ==============
2012-11-06 11:42 - 2012-11-06 11:40 - 00015360 _____ () C:\Windows\System32\KOAYXJ_L.DLL
2012-11-06 11:41 - 2012-11-06 11:36 - 00015360 _____ () C:\Windows\System32\KOAYQJ_L.DLL
2007-11-06 14:22 - 2010-10-01 14:58 - 00014848 _____ () C:\Windows\System32\KOBZQABL.dll
2011-02-11 11:27 - 2007-11-06 15:22 - 00014848 _____ () C:\Windows\System32\KOBZQJBL.dll
2012-12-03 15:23 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\sp6__l.dll
2012-12-03 16:01 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2012-12-03 13:22 - 2011-12-22 10:59 - 00034304 _____ () C:\Windows\System32\sx655lm.dll
2012-11-06 11:42 - 2012-11-06 11:40 - 00648704 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYXJ_O.DLL
2009-07-02 15:11 - 2009-07-02 15:11 - 06907144 _____ () C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
2009-06-25 15:54 - 2009-06-25 15:54 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 00255488 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\SSLEAY32.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 01362944 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\LIBEAY32.dll
2013-06-26 12:06 - 2012-10-03 08:17 - 01786368 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMUD1P4Z.DLL
2009-07-08 11:56 - 2009-07-08 11:56 - 05799936 _____ () D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
2010-04-28 16:37 - 2010-04-28 16:37 - 00048128 _____ () C:\Windows\system32\CpqNiMgt\CPQNIMIB.DLL
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\cpqnimgt\w2kmgdll.dll
2010-04-28 16:33 - 2010-04-28 16:33 - 00018432 _____ () C:\Windows\system32\cpqnimgt\cqnisnmp.dll
2010-04-28 16:37 - 2010-04-28 16:37 - 00025088 _____ () C:\Windows\system32\CpqNiMgt\NICMIB.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00193024 _____ () C:\Windows\system32\CpqMgmt\Cqmgstor\stormib.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\cqstrutl.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00007168 _____ () C:\Windows\system32\cpqmgmt\cqmgstor\storsnmp.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00027648 _____ () C:\Windows\system32\CpqMgmt\CqmgStor\iscsimib.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\bin\libxml2.dll
2010-09-16 11:57 - 2009-03-09 18:08 - 00072704 _____ () C:\hp\hpsmh\bin\zlib1.dll
2010-09-16 11:57 - 2010-01-28 11:10 - 01411584 _____ () C:\hp\hpsmh\bin\LIBEAY32.dll
2010-09-16 11:57 - 2010-01-28 11:04 - 00266240 _____ () C:\hp\hpsmh\bin\SSLEAY32.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\modules\libxml2.dll
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\CPQNiMgt\w2kmgdll.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00032768 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00043008 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQIDE.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00041472 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMDISK.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00057856 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMSCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00091136 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMIDA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00115200 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQFCA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQISCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\STORALRT.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQSAS.DLL
2015-05-29 09:52 - 2015-05-29 09:52 - 00008192 _____ () C:\ProgramData\Symantec\CRF\ASP Temporary Files\crf\98598a05\5024b15\assembly\dl3\8f82fc9d\46aeed6c_e499d001\App_Web_1kzmwcfo.DLL
2015-05-26 14:05 - 2015-05-26 14:05 - 01276712 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 01094440 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00347432 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00465192 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_AnyTypeCode.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00087848 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00254248 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00511784 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00059176 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_CodecFactory.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00149800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00832296 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00044840 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Svc_Utils.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00075048 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00069416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI_Server.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00052520 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Codeset.dll
2013-04-09 08:49 - 2013-04-09 08:49 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMINI~1\AppData\Local\Temp\2\BGInfo.bmp
DNS Servers: 127.0.0.1 - 10.49.10.99
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [FSRM-SrmReports-In (RPC)] => (Allow) %systemroot%\system32\srmhost.exe
FirewallRules: [WINS-Service-In-TCP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-TCP] => (Allow) %systemroot%\System32\wins.exe
FirewallRules: [WINS-Service-In-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-In-RPC] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [{239A9729-E4B5-4A26-9E2A-4C638EE1F07C}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
FirewallRules: [{23CAB9E5-EBA1-4714-AC3F-93AAEE1FE06F}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
FirewallRules: [{261AED0A-51CC-4EFF-A902-B55A7D4182DB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{1DE329C8-74B8-4DBC-A604-549F3D4CDF29}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{3E67F204-39FD-42CA-9DB0-BFCCC20C1909}] => (Allow) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
FirewallRules: [{5BBE261D-BB69-4B62-A563-8CB4BEE2E566}] => (Allow) C:\Program Files\Symantec\Backup Exec\beserver.exe
FirewallRules: [{070B7B6E-BBC9-41AB-88CB-EC83C00354EE}] => (Allow) C:\Program Files\Symantec\Backup Exec\bengine.exe
FirewallRules: [{0DCA8D4A-0D0F-4660-A674-04C4C085157F}] => (Allow) C:\Program Files\Symantec\Backup Exec\beremote.exe
FirewallRules: [{C80DD1C4-4B87-4CDD-ADE6-630BE329BACC}] => (Allow) C:\Program Files\Symantec\Backup Exec\benetns.exe
FirewallRules: [{D3112E44-268F-4CB3-B7FF-5954419C42F4}] => (Allow) C:\Program Files\Symantec\Backup Exec\alertServer.exe
FirewallRules: [{5A68BD95-ABB4-427C-881E-83BF6F73FB5A}] => (Allow) C:\Program Files\Symantec\Backup Exec\spoold.exe
FirewallRules: [{4ED9E685-75B6-4C71-9C8F-F3F55710F7BB}] => (Allow) C:\Program Files\Symantec\Backup Exec\spad.exe
FirewallRules: [{F3203ED3-B989-4A87-B1E2-EAA1E46A82A6}] => (Allow) LPort=6160
FirewallRules: [{6B936BBC-6FB4-444E-9C2F-253FFE554AA4}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{45672FCB-6855-4F7A-8789-BB45490D64E8}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{AB8EA5A9-8B8A-4D33-8528-43DC16C795E0}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{A83ADABB-C55C-45A4-84E9-901737FD2690}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DF8A241E-9418-4BB2-B2E5-51562D546ED6}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7F976E60-71BE-4027-879B-74CE7CDDE412}] => (Allow) LPort=9089
FirewallRules: [{B4E5C7F0-EA9A-4ABC-8ED1-5ED454C1F42D}] => (Allow) LPort=8083
FirewallRules: [{2CBF83D0-17F3-4027-ABF0-6C55581AD46D}] => (Allow) LPort=111
FirewallRules: [{C2D35C1F-C81E-40CB-927D-9AB454B18456}] => (Allow) LPort=4242
FirewallRules: [{9B28BAD0-2510-4D25-8522-963C7893BF1A}] => (Allow) LPort=2049
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2015 09:56:33 AM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/29/2015 09:55:19 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/29/2015 09:55:19 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/29/2015 09:54:18 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/29/2015 09:54:18 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/29/2015 09:53:17 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/29/2015 09:53:17 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/29/2015 09:53:10 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/29/2015 09:53:10 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/29/2015 09:53:03 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
System errors:
=============
Error: (05/29/2015 09:55:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (05/29/2015 09:55:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Workflow Server" wurde nicht richtig gestartet.
Error: (05/29/2015 09:55:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Thumbnail Server" wurde nicht richtig gestartet.
Error: (05/29/2015 09:55:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Notification Server" wurde nicht richtig gestartet.
Error: (05/29/2015 09:54:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Job Processor" wurde nicht richtig gestartet.
Error: (05/29/2015 09:54:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Imaging Server" wurde nicht richtig gestartet.
Error: (05/29/2015 09:54:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Content Server" wurde nicht richtig gestartet.
Error: (05/29/2015 09:53:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Authentication Server" wurde nicht richtig gestartet.
Error: (05/29/2015 09:53:52 AM) (Source: NETLOGON) (EventID: 5805) (User: )
Description: Die Sitzungseinrichtung von Computer VERKAUF17 konnte nicht authentifiziert werden.
Der folgende Fehler ist aufgetreten:
%%5
Error: (05/29/2015 09:52:03 AM) (Source: Wins) (EventID: 4337) (User: )
Description: Der WINS-Server konnte die Sicherheitseinstellung für schreibgeschützte Vorgänge nicht initialisieren.
Microsoft Office:
=========================
Error: (05/29/2015 09:56:33 AM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/29/2015 09:55:19 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/29/2015 09:55:19 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/29/2015 09:54:18 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/29/2015 09:54:18 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/29/2015 09:53:17 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/29/2015 09:53:17 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/29/2015 09:53:10 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/29/2015 09:53:10 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/29/2015 09:53:03 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://SVDC01:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://SVDC01:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.49.1.1:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5640 @ 2.67GHz
Percentage of memory in use: 43%
Total physical RAM: 8181.8 MB
Available physical RAM: 4662.85 MB
Total Pagefile: 16361.78 MB
Available Pagefile: 12160.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:68.33 GB) (Free:21.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:838.09 GB) (Free:336.78 GB) NTFS
Drive g: (INTEX) (Network) (Total:279.36 GB) (Free:33.07 GB) NTFS
Drive h: (DATEN) (Network) (Total:838.09 GB) (Free:336.78 GB) NTFS
Drive l: (DATEN) (Network) (Total:838.09 GB) (Free:336.78 GB) NTFS
Drive s: (DATEN) (Network) (Total:838.09 GB) (Free:336.78 GB) NTFS
Drive t: (DATEN) (Network) (Total:838.09 GB) (Free:336.78 GB) NTFS
Drive v: (DATEN) (Network) (Total:838.09 GB) (Free:336.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 68.3 GB) (Disk ID: 47C39B7C)
Partition 1: (Active) - (Size=68.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 838.1 GB) (Disk ID: 510C7675)
Partition 1: (Not Active) - (Size=838.1 GB) - (Type=07 NTFS)
==================== End of log ============================
Geändert von peinedaniel (29.05.2015 um 09:16 Uhr) |
|
29.05.2015, 09:30
| #63 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | W32/Confick-O Datei rkqunq.z in System32 Ich fürchte den bekommen wir so nicht bereinigt. Entweder erwischen wir nicht alles mit einem Rutsch, sodass sich die Malware wieder an gewohnten Ordnern breitmacht oder durch eine Sicherheitslücke wird der DC ständig neu infiziert...
__________________Willst du noch weitermachen? Wenn ja, bitte ESET ausführen. Sind noch weitere Clients und Server von demselben Schädling betroffen?
__________________ |
|
29.05.2015, 09:38
| #64 |
| | W32/Confick-O Datei rkqunq.z in System32 So ein Mist, wenn du noch Hoffnung hast, mache ich weiter. ESET läuft bereits. Nein, nur der DC und der eine Rechner sind betroffen. Meldet unser Antiviren-Server jedenfalls so. |
|
29.05.2015, 09:41
| #65 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Warten wir mal ESET ab. Ich kann natürlich auch noch schrauber fragen ob er noch weitere Ideen hat.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.05.2015, 09:43
| #66 |
| | W32/Confick-O Datei rkqunq.z in System32 Gut, Eset wird wohl noch ein wenig dauern. Bis jetzt 23 infizierte Dateien gefunden. unter anderem Win32/Conficker.X Wurm Variante von Generik.MFNZBXQ Trojaner. |
|
29.05.2015, 09:44
| #67 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Poste einfach das Log wenn fertig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2015, 11:52
| #68 | |
| /// the machine /// TB-Ausbilder  | W32/Confick-O Datei rkqunq.z in System32Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2015, 08:23
| #69 | |
| | W32/Confick-O Datei rkqunq.z in System32 Guten Morgen hier ist das log von ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7cbc55878621d44aa475e33b8f32fe64
# engine=24077
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-29 07:45:44
# local_time=2015-05-29 09:45:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 37167 243594 0 0
# scanned=60596
# found=0
# cleaned=0
# scan_time=2372
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7cbc55878621d44aa475e33b8f32fe64
# engine=24077
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-29 02:09:01
# local_time=2015-05-29 04:09:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 24165 266591 0 0
# scanned=1601282
# found=27
# cleaned=0
# scan_time=21452
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\Daten\CAD\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\Daten\CAD\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\Daten\Design\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\Daten\Design\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\Daten\Einkauf\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\Daten\Einkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=FA09F610AA1C7AD64013FE04E291809995D1EF4F ft=0 fh=0000000000000000 vn="Variante von Generik.LXIYXEQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\Daten\GL-CON\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\Daten\GL-CON\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\Daten\Transfer\autorun.inf.xBAD"
sh=F1EFF6451CED129C0E5C0A510955F234A01158A0 ft=1 fh=332b4278a72373e2 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\D\Daten\Transfer\EDV\Teschner\Unlocker1.9.2.exe.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\Daten\Transfer\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\Daten\Vertrieb\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\Daten\Vertrieb\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\UserHome\azubivk\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\UserHome\azubivk\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\UserHome\gdesign\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\UserHome\gdesign\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\UserHome\geinkauf\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\UserHome\geinkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=FA09F610AA1C7AD64013FE04E291809995D1EF4F ft=0 fh=0000000000000000 vn="Variante von Generik.LXIYXEQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\UserHome\jschiller\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\UserHome\jschiller\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="Variante von Generik.MFNZBXQ Trojaner" ac=I fn="C:\FRST\Quarantine\D\UserHome\kvetter\autorun.inf.xBAD"
sh=E5D061DCE077318314B73B2B18329B893A4A63AF ft=1 fh=d2f9a47e07a14475 vn="Win32/Conficker.X Wurm" ac=I fn="C:\FRST\Quarantine\D\UserHome\kvetter\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD"
sh=0E73E5F50253E821FD87BB845AEA0983CCFAE404 ft=0 fh=0000000000000000 vn="INF/Conficker Wurm" ac=I fn="D:\Daten\CAD\autorun.inf"
sh=9D92140EDDAC2ECE093A4191F70F42C0E5EE133D ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="D:\UserHome\eschoebel\ehemals c\Alte Firefox-Daten\vk7tet4c.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul"
sh=1D5316EE651AD2DDE0EA779823507E37CDF90664 ft=1 fh=2d5732c9f96eff3b vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="D:\UserHome\eschoebel\laufwerk_h\Sicherung\Eigene Dateien\Downloads\slow-pcfighter_Web(2).exe"
sh=1D5316EE651AD2DDE0EA779823507E37CDF90664 ft=1 fh=2d5732c9f96eff3b vn="Variante von Win32/SlowPCfighter evtl. unerwünschte Anwendung" ac=I fn="D:\UserHome\eschoebel\laufwerk_h\Sicherung\Eigene Dateien\Downloads\slow-pcfighter_Web.exe"
Code:
ATTFilter C:\FRST\Quarantine\D\Daten\CAD\autorun.inf.xBAD
C:\FRST\Quarantine\D\Daten\CAD\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\Daten\Design\autorun.inf.xBAD
C:\FRST\Quarantine\D\Daten\Design\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\Daten\Einkauf\autorun.inf.xBAD
C:\FRST\Quarantine\D\Daten\Einkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\Daten\GL-CON\autorun.inf.xBAD
C:\FRST\Quarantine\D\Daten\GL-CON\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\Daten\Transfer\autorun.inf.xBAD
C:\FRST\Quarantine\D\Daten\Transfer\EDV\Teschner\Unlocker1.9.2.exe.xBAD
C:\FRST\Quarantine\D\Daten\Transfer\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\Daten\Vertrieb\autorun.inf.xBAD
C:\FRST\Quarantine\D\Daten\Vertrieb\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\UserHome\azubivk\autorun.inf.xBAD
C:\FRST\Quarantine\D\UserHome\azubivk\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\UserHome\gdesign\autorun.inf.xBAD
C:\FRST\Quarantine\D\UserHome\gdesign\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\UserHome\geinkauf\autorun.inf.xBAD
C:\FRST\Quarantine\D\UserHome\geinkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\UserHome\jschiller\autorun.inf.xBAD
C:\FRST\Quarantine\D\UserHome\jschiller\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
C:\FRST\Quarantine\D\UserHome\kvetter\autorun.inf.xBAD
C:\FRST\Quarantine\D\UserHome\kvetter\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx.xBAD
D:\Daten\CAD\autorun.inf
D:\UserHome\eschoebel\ehemals c\Alte Firefox-Daten\vk7tet4c.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul
D:\UserHome\eschoebel\laufwerk_h\Sicherung\Eigene Dateien\Downloads\slow-pcfighter_Web(2).exe
D:\UserHome\eschoebel\laufwerk_h\Sicherung\Eigene Dateien\Downloads\slow-pcfighter_Web.exe
EmptyTemp:
Zitat:
Hallo Schrauber, die anderen Rechner im Hause bekommen allerdings keine Virus-Meldung. |
|
01.06.2015, 08:29
| #70 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Was in C:\FRST gefunden wurde, haben wir bereits mit FRST gelöscht. Das ist der Quarantäneordner von FRST. Das einzige, was ich im Zusammenhang mit dem conficker sehe ist: D:\Daten\CAD\autorun.inf Mich würde mal interessieren, was genau diese autorun.inf macht, daher bitte folgendes Fixscript: FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: type D:\Daten\CAD\autorun.inf
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
W32/Confick-O Datei rkqunq.z in System32
der DC verteilt Würmer? 
Linear-Darstellung
