| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: W32/Confick-O Datei rkqunq.z in System32Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
26.05.2015, 10:39
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  W32/Confick-O Datei rkqunq.z in System32Zitat:
Die Probleme mit dem Schädling rkqunq.z muss nicht unbedingt von AutoKMS kommen, aber wenn jmd schon bereit ist, Cracks zu installieren, dem trau ich auch zu vorher auf sehr sehr dubiose/riskante Seiten zu gehen und anderen/weiteren Müll installieren...
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.05.2015, 12:41
| #17 |
 | W32/Confick-O Datei rkqunq.z in System32 Sooo, habe den Rechner jetzt komplett neu installiert. Und schon bekomme ich die Meldung wieder. Das gibt es doch nicht. Soll ich nochmal FRST laufen lassen?
__________________ |
|
26.05.2015, 12:44
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Dann machst du was falsch.
__________________Beschreib mal bitte genau was du gemacht hast und unter Neuinstallation verstehst.
__________________ |
|
26.05.2015, 12:48
| #19 |
| | W32/Confick-O Datei rkqunq.z in System32 1.Windows 7 CD eingelegt. 2. Neustart und die CD booten. 3. Partition löschen und Festplatte formatieren (Schnellformatierung) 4. Windows installieren (weiter weiter weiter Fertig) 5. Software installieren (Flash Player, Acrobat Reader, Office 2013, Java, Firefox, Teamviewer, Sophos Antivir, PrimoPDF) 6. Sophos meldet W32/Confick-O Geändert von peinedaniel (26.05.2015 um 12:54 Uhr) |
|
26.05.2015, 13:00
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32Zitat:
Überprüf die Verzeichnisse, in denen die Setup liegen, mit einem Virenscanner. Von was genau installierst du die Software? Von einem Netzlaufwerk/Fileserver aus?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2015, 13:23
| #21 |
| | W32/Confick-O Datei rkqunq.z in System32 Software, die sich ständig aktualisiert hol ich meistens direkt aus dem Netz. Flash Player, Reader, Firefox, Java (auch direkt von den Hersteller-Seiten) PrimoPDF, Teamviewer 7 kommen vom Netzlaufwerk, wurden aber uach schon seit Ewigkeiten nicht mehr erneuert. Also wenn ich das Netzlaufwerk-Verzeichnis scanne, findet unser Anti-Viren-Programm eine Adware in der PrimoPDF.exe (Adware/PUA OpenCandy (Typ Andere) erkannt) |
|
26.05.2015, 17:22
| #22 |
| /// the machine /// TB-Ausbilder  | W32/Confick-O Datei rkqunq.z in System32 hängt der Rechner in einer Domäne?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.05.2015, 21:02
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Worauf willst du da genau hinaus schrauber  der DC verteilt Würmer? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2015, 08:01
| #24 |
| | W32/Confick-O Datei rkqunq.z in System32 Guten Morgen und auf ein Neues  ,@Schrauber: Ja, der Rechner hängt in einer Domäne @cosinus: Ich habe den Rechner gestern nochmal platt gemacht, neu installiert und nach jedem Schritt geschaut, wann sich das Virenprogramm meldet. Gestern habe ich lediglich das Windows installiert, den Rechner in die Domäne gesetzt und zum Schluss die Windows Updates angeschmissen. Nach den Updates erschien die erste Meldung. Wieder in C:\Windows\System32. Dieses mal hieß die Datei allerdings anders. Vorher rkqunq.z (wie im Thema schon steht), jetzt usuvad.gz. Beim Namen steht wieder W32/Confick-O. |
|
27.05.2015, 09:54
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Von wo beziehst du die Updates? Direkt von Microsoft oder habt ihr WSUS im Einsatz und wenn ja, von da hat auch der Rechner seine Update bezogen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2015, 10:06
| #26 |
| | W32/Confick-O Datei rkqunq.z in System32 Direkt von Microsoft. Keinen WSUS im Einsatz. Ich habe jetzt den DC gescannt und auch dort habe ich einen Fund. Auch hier in System32, allerdings ein anderer Dateiname : daew te.w o und auch W32/Confick-O. Ich versuche schon die ganze Zeit diesen zu löschen.  |
|
27.05.2015, 10:10
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Log dazu posten. Und erstell und poste auch mal FRST-Logs vom DC. Habt ihr noch weitere Windows-Server?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2015, 10:25
| #28 |
| | W32/Confick-O Datei rkqunq.z in System32 Ja, wir haben noch ein paar Windows-Server Sophos : Code:
ATTFilter Computername DC
Computerbeschreibung
Betriebssystem Windows Server 2008 R2
Service Pack ANTIVIR01 Service Pack 1
Domäne/Arbeitsgruppe GMBH
IP-Adresse 10.x.x.x
Sophos Anti-Virus-Version 10.x.x.x VE3.58.3
HIPS-Regeln 10.x.x.x
HIPS-Konfiguration 10.x.x.x
Erkennungsdaten 5.14
On-Access-Scans Aktiv
Antivirus- und HIPS-Richtlinie Wie Richtlinie
Letzter geplanter Scan abgeschlossen.
Letzte vom Computer erhaltene Nachricht 27.05.2015 11:01:51
Zuletzt angemeldeter Benutzer GMBH\administrator
Auf dem neuesten Stand Ja
Update-Richtlinie Wie Richtlinie
Uhrzeit, zu der das installierte Paket bereit stand07.05.2015 15:29:45
Uhrzeit, zu der das nächste Paket bereit stand
Primärer Update-Server \\ANTIVIR01\SophosUpdate\CIDs\S000\SAVSCFXP\
Sekundärer Update-Server
Client Firewall aktiviert
Client Firewall-Richtlinie
Client Firewall-Version
Client Firewall-Modus
Application Control-Richtlinie Wie Richtlinie
On-Access-Scan der Application Control Inaktiv
Status des Data Control-Scans Inaktiv
Status des Device Control-Scans Inaktiv
Data Control-Richtlinienkonformität Wie Richtlinie
Device Control-Richtlinienkonformität Wie Richtlinie
Manipulationsschutz-Status Inaktiv
Konformität mit der Manipulationsschutz-RichtlinieWie Richtlinie
Patch-Analyse
Patch-Richtlinie
Patch Agent-Version
Web Control-Status Inaktiv
Web Control-Richtlinie Wie Richtlinie
Gruppe \Globale Gruppe\Domain Controllers
Verlauf
Objekte erkannt Zeitstempel Typ Name Subtyp Details Dateiversion Maßnahme Benutzername
27.05.2015 11:01:51 Virus/Spyware W32/Confick-O C:\Windows\System32\daewte.wo Bereinigt NT-AUTORITÄT\SYSTEM
27.05.2015 11:01:42 Virus/Spyware W32/Confick-O C:\Windows\System32\daewte.wo Gesperrt GMBH\Administrator
27.05.2015 10:19:43 Virus/Spyware W32/Confick-O C:\Windows\System32\daewte.wo Bereinigt NT-AUTORITÄT\SYSTEM
27.05.2015 10:19:35 Virus/Spyware W32/Confick-O C:\Windows\System32\daewte.wo Gesperrt GMBH\Administrator
27.05.2015 10:17:24 Virus/Spyware W32/Confick-O C:\Windows\System32\daewte.wo Bereinigt NT-AUTORITÄT\SYSTEM
27.05.2015 10:17:15 Virus/Spyware W32/Confick-O C:\Windows\System32\daewte.wo Gesperrt GMBH\Administrator
27.05.2015 10:09:52 Virus/Spyware W32/Confick-O C:\Windows\System32\daewte.wo Bereinigt NT-AUTORITÄT\SYSTEM
27.05.2015 10:09:47 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\kvetter\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\kvetter\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\jschiller\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\jschiller\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\geinkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\geinkauf\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\gdesign\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\gdesign\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\azubivk\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\azubivk\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Vertrieb\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:47 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Vertrieb\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Transfer\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Transfer\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\GL-CON\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\GL-CON\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Einkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Einkauf\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Design\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Design\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\CAD\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:46 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\CAD\autorun.inf Threat ist nicht mehr GMBH\Administrator
27.05.2015 10:09:41 Virus/Spyware W32/Confick-O C:\Windows\System32\daewte.wo Gesperrt GMBH\Administrator
27.05.2015 01:01:51 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\kvetter\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
27.05.2015 01:01:50 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\kvetter\autorun.inf Gesperrt GMBH\Administrator
27.05.2015 00:51:11 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\jschiller\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
27.05.2015 00:51:10 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\jschiller\autorun.inf Gesperrt GMBH\Administrator
27.05.2015 00:30:00 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\geinkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
27.05.2015 00:30:00 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\geinkauf\autorun.inf Gesperrt GMBH\Administrator
27.05.2015 00:29:59 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\gdesign\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
27.05.2015 00:29:59 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\gdesign\autorun.inf Gesperrt GMBH\Administrator
27.05.2015 00:20:39 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\azubivk\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
27.05.2015 00:20:38 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\UserHome\azubivk\autorun.inf Gesperrt GMBH\Administrator
27.05.2015 00:18:50 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Vertrieb\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
27.05.2015 00:16:53 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Vertrieb\autorun.inf Gesperrt GMBH\Administrator
27.05.2015 00:08:56 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Transfer\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
26.05.2015 22:45:22 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Transfer\autorun.inf Gesperrt GMBH\Administrator
26.05.2015 22:20:57 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\GL-CON\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
26.05.2015 22:18:12 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\GL-CON\autorun.inf Gesperrt GMBH\Administrator
26.05.2015 22:16:39 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Einkauf\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
26.05.2015 21:59:00 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Einkauf\autorun.inf Gesperrt GMBH\Administrator
26.05.2015 21:55:02 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Design\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
26.05.2015 21:52:05 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\Design\autorun.inf Gesperrt GMBH\Administrator
26.05.2015 21:51:33 Virus/Spyware W32/Confick-O \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\CAD\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Gesperrt GMBH\Administrator
26.05.2015 21:00:41 Virus/Spyware Mal/ConfInf-A \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy230\Daten\CAD\autorun.inf Gesperrt GMBH\Administrator
Sophos AutoUpdate-Status Zeitstempel Code Beschreibung
27.05.2015 10:20:27 00000000 Update abgeschlossen
26.05.2015 14:07:39 0000006d Updates werden erst nach Neustart umgesetzt
Installierte IDEs age-amfm.ide age-amgd.ide age-amgg.ide age-amgi.ide age-amia.ide
age-amjf.ide age-amjj.ide age-amjk.ide age-amjm.ide age-amku.ide
age-amls.ide age-amly.ide age-ammz.ide age-amnx.ide age-amoi.ide
age-amqs.ide age-amrl.ide age-amry.ide age-amui.ide age-amut.ide
age-amuy.ide age-amvg.ide age-amxe.ide age-amxg.ide age-amxo.ide
age-amyb.ide age-amzj.ide age-amzs.ide age-amzv.ide age-anaj.ide
age-anbe.ide age-ancn.ide age-andn.ide age-andp.ide age-anei.ide
age-anfa.ide age-anhp.ide age-anhr.ide age-anht.ide age-anhw.ide
age-anim.ide andro-dh.ide anglsw-b.ide aspshe-f.ide auto-axo.ide
auto-axr.ide auto-axu.ide auto-axz.ide auto-aym.ide auto-ayp.ide
auto-ayr.ide banbr-lp.ide banc-cbj.ide banc-cca.ide bank-gjp.ide
bank-gju.ide bank-gjw.ide bank-gjx.ide bank-gkg.ide banl-brp.ide
banl-brq.ide banl-brz.ide banl-bsc.ide banl-bsf.ide banl-bsl.ide
banl-bsy.ide banl-bta.ide banl-btd.ide banl-bui.ide banl-buu.ide
bitman-a.ide bladab-w.ide bred-apq.ide bulta-c.ide burst-dd.ide
cabby-d.ide cabby-i.ide cabby-j.ide chisbu-q.ide chisbu-t.ide
chmdld-a.ide coinvl-a.ide cride-ff.ide cutwa-bv.ide cutwa-by.ide
dafter-a.ide darkco-b.ide delf-fwt.ide delf-fxg.ide delf-fxn.ide
delfba-b.ide delfi-cn.ide derusb-q.ide diale-hp.ide dloa-dxq.ide
dloa-dxt.ide dloa-dxz.ide docdl-jp.ide docdl-kl.ide docdl-lj.ide
docdl-lx.ide docdl-mg.ide docdl-mi.ide docdl-mq.ide docdl-nc.ide
docdl-ng.ide docdl-nh.ide docdl-oa.ide docdl-os.ide docdl-ot.ide
docdr-ef.ide dokotb-a.ide dride-bz.ide dride-ct.ide dride-dq.ide
drop-hm.ide dwnl-mjo.ide dwnl-mlm.ide dwnl-mmo.ide dwnl-mmx.ide
dwnl-mnq.ide dyname-w.ide dyrez-es.ide dyrez-ff.ide dyrez-fh.ide
dyrez-fi.ide dyreza-r.ide dyzap-h.ide ecckry-e.ide ecckry-h.ide
ecckry-i.ide escad-a.ide fakem-an.ide farei-eh.ide farei-eq.ide
farei-er.ide farei-et.ide farei-ez.ide fileco-c.ide fondu-en.ide
fondu-es.ide fondu-ey.ide fondu-fe.ide fondu-ff.ide fondu-fi.ide
fondu-fo.ide fondu-fq.ide gamar-cy.ide glupte-a.ide hkmai-cy.ide
ifram-mv.ide inje-bmg.ide inje-bmh.ide inje-bmi.ide inje-bmy.ide
inje-bna.ide inje-bng.ide jsage-fi.ide jsdld-bg.ide jsdloa-f.ide
keyge-zo.ide keylo-qr.ide krypt-fg.ide krypt-fl.ide laziok-a.ide
ldmon-c.ide lecna-p.ide lecna-u.ide loader-p.ide loader-r.ide
lpoloc-a.ide macout-b.ide malit-gb.ide mdro-gqs.ide mdro-gru.ide
msil-chd.ide msil-chi.ide msil-chq.ide msil-chr.ide msil-cjg.ide
msil-cjj.ide msil-cjw.ide msil-ckh.ide msil-ckz.ide msil-clb.ide
msil-cld.ide msil-cmi.ide msil-cnj.ide msil-cnr.ide msil-cnz.ide
msil-coj.ide msil-cop.ide msil-cou.ide msil-coy.ide msil-cpl.ide
msil-cpr.ide msil-cpx.ide msil-cqd.ide msil-crp.ide msil-crt.ide
msil-cru.ide msil-crw.ide msil-cry.ide msil-csn.ide msil-ctg.ide
msil-ctu.ide msil-cub.ide msil-cuc.ide msil-cuj.ide msil-cuo.ide
msil-cus.ide msil-cvh.ide msil-cvq.ide msil-cvs.ide msil-cwg.ide
msil-cxd.ide msil-cxq.ide msil-cxr.ide msil-cxt.ide msil-cyj.ide
msil-cyp.ide msil-czv.ide msil-czw.ide msil-dad.ide msili-gx.ide
msili-hj.ide msili-hs.ide msili-ht.ide necur-dc.ide nionsp-a.ide
nivdor-c.ide nivdor-e.ide nivdor-s.ide nivdor-x.ide pdfdow-i.ide
phish-ev.ide plugx-ax.ide psyme-ls.ide pwszb-ax.ide rans-asr.ide
rans-asu.ide rans-asz.ide rans-atm.ide rans-atp.ide rans-ats.ide
rans-atx.ide rans-aub.ide rans-auc.ide rans-auj.ide rans-aur.ide
rans-aus.ide rans-aux.ide redir-am.ide rodeca-a.ide rtfexe-c.ide
shipu-ad.ide steal-c.ide swfex-gt.ide swfex-gv.ide swfex-gx.ide
swisy-bb.ide takc-a.ide teerac-a.ide tinba-q.ide upatr-je.ide
upatr-kb.ide upatr-kc.ide upatr-kf.ide upatr-kk.ide upatr-ks.ide
upatr-ku.ide upatr-lj.ide upatr-ll.ide upatr-ln.ide upatr-lt.ide
upatr-mj.ide upatr-mk.ide vawtr-bf.ide vawtr-bg.ide vawtr-bk.ide
vb-ijy.ide vb-ikc.ide vb-ikf.ide vb-ikw.ide vb-iky.ide
vb-ila.ide vb-ile.ide vb-ilo.ide vb-ils.ide vb-imh.ide
vb-imy.ide vb-inb.ide vb-ine.ide vb-inn.ide vb-inp.ide
vb-int.ide vb-inv.ide vb-ioq.ide vb-ior.ide vb-ipg.ide
vb-iqg.ide vb-iqn.ide vbage-ah.ide vbbank-c.ide vbdro-bs.ide
vbinj-la.ide vbinj-ld.ide vbna-bs.ide vbpatc-a.ide vbsage-h.ide
vbsdl-e.ide wonto-pi.ide wonto-pr.ide wonto-pu.ide wonto-qg.ide
wonto-qn.ide wonto-qo.ide wonto-qr.ide wonto-qs.ide wonto-qx.ide
wonto-rj.ide wonto-rv.ide xtrat-r.ide zbot-jou.ide zbot-jox.ide
zbot-jpi.ide zbot-jpw.ide zbot-jqd.ide zbot-jqs.ide zbot-jqy.ide
zbot-jri.ide zbot-jrk.ide zbot-jrp.ide zbot-jrs.ide zbot-jrt.ide
zbot-tr.ide zegos-dy.ide zegos-eq.ide zegos-ex.ide zegos-ft.ide
zegos-fv.ide zegos-gn.ide zipma-ex.ide
Gesamt 343
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
Ran by administrator (administrator) on DC on 27-05-2015 11:20:05
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYOUQWLR
Loaded Profiles: administrator (Available Profiles: administrator & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beremote.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bedbg.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
() C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
(Hewlett-Packard Company) C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(Citrix Systems, Inc) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe
(DocuWare AG) D:\Programme\DocuWare\Imaging Server\DWImagingService.exe
(DocuWare AG) D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe
() D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
(DocuWare AG) D:\Programme\DocuWare\OCR Service\DWOCRService.exe
(Apache Software Foundation) D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe
(DocuWare AG) D:\Programme\DocuWare\Web Service Server\DWWebService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(Microsoft) C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\WINS.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
(Hewlett-Packard Company) C:\Windows\System32\CPQNiMgt\cpqnimgt.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgstor\cqmgstor.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(DocuWare AG) D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe
(DocuWare AG) D:\Programme\DocuWare\Content Server\DWContentServer.exe
(DocuWare AG) D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe
(DocuWare AG) D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe
(DocuWare AG) D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beserver.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\benetns.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bengine.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmghost\cqmghost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe
(DocuWare AG) C:\DW4\Tm2start.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(DocuWare AG) D:\Programme\DocuWare\Service Control\DocuWare.ServiceControl.exe
(Samsung) C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(DocuWare AG) C:\Program Files (x86)\DocuWare\Desktop\Plugins\Scanner\DocuWare.Desktop.CaptureService.Host.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Sophos Plc) C:\Users\Administrator\AppData\Local\Temp\2\scct10\sarcli.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be
moved.)
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [73728 2010-04-27] (Hewlett-Packard Company)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM-x32\...\Run: [TM2Start] => C:\DW4\tm2start.exe [40960 2003-10-14] (DocuWare AG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix
Systems, Inc.)
HKLM-x32\...\Run: [NSCSysTrayUI] => C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2009-04-09]
(Samsung)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03
-12] (Oracle Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-01-30]
(Sophos Limited)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-2786933937-3664791864-901090552-500\...\MountPoints2: {696c30f9-c176-11df-b2c9-806e6f6e6963} - E:\Browser.exe
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus
\sophos_detoured_x64.dll [217672 2015-05-26] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus
\sophos_detoured.dll [275352 2015-05-26] (Sophos Limited)
Lsa: [Notification Packages] scecli rassfm
SecurityProviders: credssp.dll, pwdssp.dll, pwdssp.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackGroundInfo
(Autostart).lnk [2014-02-24]
ShortcutTarget: BackGroundInfo (Autostart).lnk -> C:\Program Files\BackGroundInfo\BackGroundInfo.exe (Bryce Cogswell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare Desktop.lnk [2013-08-08]
ShortcutTarget: DocuWare Desktop.lnk -> C:\Program Files (x86)\DocuWare\Desktop\DocuWare.Desktop.exe (DocuWare AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DocuWare ServiceControl.lnk [2011-08-09]
ShortcutTarget: DocuWare ServiceControl.lnk -> C:\Windows\Installer\{209B0652-2701-412D-9914-
6889D95E90F6}\DocuWare.ServiceControl.exe (DocuWare AG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2786933937-3664791864-901090552-500] => 10.x.x.x
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Software\Microsoft\Internet Explorer\Main,Start Page =
https://localhost:8083/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin
\ssv.dll [2013-07-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin
\jp2ssv.dll [2013-07-17] (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4}
hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1285946169091
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: hpapp - No CLSID Value
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix
\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix
\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
[2011-08-11] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864 2015-05-26] (Sophos Limited)
Tcpip\..\Interfaces\{21072504-8B08-48CB-B084-C90577A620E5}: [NameServer] 127.0.0.1,10.x.x.x
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13]
( Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.0 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2010-05
-14] (Microsoft Corp)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-17] (Oracle
Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-17]
(Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.1 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
[2010-05-14] (Microsoft Corp)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console
Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2013-03-19] (VMware, Inc.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [487424 2013-01-25] (Microsoft Corporation)
R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\beremote.exe [1816696 2010-12-08] (Symantec
Corporation)
R2 BackupExecAgentBrowser; C:\Program Files\Symantec\Backup Exec\benetns.exe [542536 2010-06-29] (Symantec Corporation)
R2 BackupExecDeviceMediaService; C:\Program Files\Symantec\Backup Exec\pvlsvr.exe [2492784 2011-04-11] (Symantec
Corporation)
R2 BackupExecJobEngine; C:\Program Files\Symantec\Backup Exec\bengine.exe [10835312 2011-06-27] (Symantec Corporation)
S3 BackupExecManagementService; C:\Program Files\Symantec\Backup Exec\BackupExecManagementService.exe [124232 2010-07-08]
(Symantec Corporation)
R2 BackupExecRPCService; C:\Program Files\Symantec\Backup Exec\beserver.exe [11384688 2011-05-23] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\bedbg.exe [359240 2010-06-29] (Symantec Corporation)
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [268392 2010-05-26] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [167424 2010-03-19] (Hewlett-Packard Company) []
R2 Citrix Licensing; C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe [6907144 2009-07-02] ()
S3 Citrix_GTLicensingProv; C:\Program Files (x86)\Citrix\Licensing\LicWMI\Citrix_GTLicensingProv.exe [1836464 2010-02-22]
(Citrix Systems, Inc.)
R2 CpqNicMgmt; C:\Windows\system32\CPQNiMgt\cpqnimgt.exe [9728 2010-04-28] (Hewlett-Packard Company) []
R2 CpqRcmc3; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard
Company)
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1307648 2010-03-25] (Hewlett-Packard Company) []
R2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [15464 2010-05-26] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15464 2010-05-26] (Hewlett-Packard Company)
R2 CqMgStor; C:\Windows\system32\CpqMgmt\cqmgstor\cqmgstor.exe [20992 2010-04-09] (Hewlett-Packard Company) []
R2 CtxLSPortSvc; C:\Program Files (x86)\Citrix\Licensing\LS\CtxLSPortSvc.exe [58800 2010-02-22] (Citrix Systems, Inc.)
R2 Dfs; C:\Windows\system32\dfssvc.exe [377344 2010-11-20] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [4518400 2010-11-20] (Microsoft Corporation)
R2 DHCPServer; C:\Windows\System32\dhcpssvc.dll [729088 2010-11-20] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
R2 DWAuthenticationServer; D:\Programme\DocuWare\Authentication Server\DWAuthenticationServer.exe [24576 2013-07-02]
(DocuWare AG) []
R2 DWContentServer; D:\Programme\DocuWare\Content Server\DWContentServer.exe [20480 2013-07-02] (DocuWare AG) []
R2 DWDesktopService; C:\Program Files (x86)\DocuWare\Desktop\DocuWare.DesktopService.exe [26112 2013-07-02] (DocuWare AG)
[]
R2 DWImagingService; D:\Programme\DocuWare\Imaging Server\DWImagingService.exe [14336 2013-07-02] (DocuWare AG) []
R2 DWJobProcessor; D:\Programme\DocuWare\Job Processor\DocuWare.JobProcessor.exe [15360 2013-07-02] (DocuWare AG) []
R2 DWMySQL; D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe [5799936 2009-07-08] () []
R2 DWNotificationServer; D:\Programme\DocuWare\Notification Server\DWNotificationServer.exe [9216 2013-07-02] (DocuWare AG)
[]
R2 DWOCRService; D:\Programme\DocuWare\OCR Service\DWOCRService.exe [14848 2013-07-02] (DocuWare AG) []
R2 DWThumbnailServer; D:\Programme\DocuWare\Thumbnail Server\DWThumbnailService.exe [8704 2013-07-02] (DocuWare AG) []
R2 DWTomcat; D:\Programme\DocuWare\Full-Text Server\bin\tomcat7.exe [74240 2011-01-10] (Apache Software Foundation) []
R2 DWUploadService; C:\Program Files (x86)\DocuWare\Upload Service\DWUploadServiceSvc.exe [104960 2013-07-02] (DocuWare AG)
[]
R2 DWWebService; D:\Programme\DocuWare\Web Service Server\DWWebService.exe [11776 2013-07-02] (DocuWare AG) []
R2 DWWorkflowServer; D:\Programme\DocuWare\Workflow Server\DWWorkflowServer.exe [20480 2013-07-02] (DocuWare AG) []
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2010-11-20] (Microsoft Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-08-18] (Symantec Corporation)
R2 MSSQL$BKUPEXEC; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10]
(Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1020416 2010-11-20] (Microsoft Corporation)
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard
Company)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics) []
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2015-05-26] (Sophos
Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2015-05-26] (Sophos Limited)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [395560 2015-05-26] (Sophos
Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-30] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [1069864 2015-05-26] (Sophos
Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-05
-26] (Sophos Limited)
S3 SrmReports; C:\Windows\system32\srmhost.exe [76288 2010-11-20] (Microsoft Corporation)
R2 SrmSvc; C:\Windows\system32\srmsvc.dll [3489792 2010-11-20] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278632 2015-05-26]
(Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2081064 2015-05-26] (Sophos Limited)
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [267880 2010-05-26] (Hewlett-Packard
Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [2041856 2010-01-28] (Hewlett-Packard Company) []
R2 TermServLicensing; C:\Windows\System32\lserver.dll [694784 2010-11-20] (Microsoft Corporation)
R2 TrileadVMXService; C:\Program Files (x86)\Trilead\Trilead VMX\VMXService.exe [4136344 2014-01-07] (Microsoft)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479824
2013-04-09] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824
2013-04-09] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824
2013-04-09] (VMware, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WINS; C:\Windows\System32\wins.exe [287744 2011-08-09] (Microsoft Corporation)
S2 DWCONNECTtoToshiba; "D:\Programme\DocuWare\Client\Client Modules\CONNECT to Toshiba\CONNECTtoToshibaServer
\DWCONNECTtoToshiba.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2010-02-24] (Hewlett-Packard Company)
R3 CPQTeamMP; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2010-02-24] (Hewlett-Packard Company)
R0 Datascrn; C:\Windows\System32\drivers\datascrn.sys [79936 2009-07-14] (Microsoft Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [51776 2009-07-14] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66944 2010-11-20] (Microsoft Corporation)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [156776 2010-02-22] (Hewlett-Packard Company)
R3 hplto; C:\Windows\System32\DRIVERS\hplto.sys [16384 2009-05-14] (Hewlett-Packard)
R3 hpqilo3chif; C:\Windows\System32\DRIVERS\hpqilo3chif.sys [43112 2010-04-28] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\DRIVERS\hpqilo3core.sys [44648 2010-05-09] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Company)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [83496 2010-04-30] (Broadcom Corporation)
R0 Quota; C:\Windows\System32\drivers\quota.sys [168016 2009-07-14] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2015-05-26] (Sophos Limited)
R1 SCSIChanger; C:\Windows\System32\DRIVERS\scsichng.sys [28208 2007-08-23] (Symantec Corporation)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2015-05-26] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2015-05-26] (Sophos Limited)
U5 Tape; C:\Windows\System32\Drivers\Tape.sys [29184 2009-07-14] (Microsoft Corporation)
R3 tpfilter; C:\Windows\System32\DRIVERS\tpfilter.sys [43568 2010-05-27] (Symantec Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-27 11:20 - 2015-05-27 11:20 - 00000000 ____D () C:\FRST
2015-05-27 11:14 - 2015-05-27 11:14 - 00001854 _____ () C:\Windows\System32\Tasks\At4
2015-05-27 11:14 - 2015-05-27 11:14 - 00000350 _____ () C:\Windows\Tasks\At4.job
2015-05-27 11:01 - 2015-05-27 11:01 - 00001856 _____ () C:\Windows\System32\Tasks\At3
2015-05-27 11:01 - 2015-05-27 11:01 - 00000352 _____ () C:\Windows\Tasks\At3.job
2015-05-27 10:22 - 2015-05-27 11:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2015-05-27 10:19 - 2015-05-27 11:00 - 00000348 _____ () C:\Windows\Tasks\At2.job
2015-05-27 10:19 - 2015-05-27 10:19 - 00001852 _____ () C:\Windows\System32\Tasks\At2
2015-05-27 10:17 - 2015-05-27 11:00 - 00000352 _____ () C:\Windows\Tasks\At1.job
2015-05-27 10:17 - 2015-05-27 10:17 - 00001856 _____ () C:\Windows\System32\Tasks\At1
2015-05-27 09:34 - 2015-05-27 09:34 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-26 23:50 - 2015-05-26 23:50 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-05-26 14:07 - 2015-05-26 14:05 - 00035624 _____ (Sophos Limited) C:\Windows\system32\SophosBootTasks.exe
2015-05-26 14:06 - 2015-05-27 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-26 14:06 - 2015-05-26 14:06 - 00176120 _____ (Sophos Limited) C:\Windows\system32\sdccoinstaller.dll
2015-05-26 14:06 - 2015-05-26 14:06 - 00038144 _____ (Sophos Limited) C:\Windows\system32\Drivers\sdcfilter.sys
2015-05-26 14:06 - 2015-05-26 14:06 - 00027904 _____ (Sophos Limited) C:\Windows\system32\Drivers\SophosBootDriver.sys
2015-05-26 14:05 - 2015-05-27 09:35 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-26 14:05 - 2015-05-27 09:34 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-26 14:05 - 2015-05-26 14:05 - 00312895 _____ () C:\Users\Administrator\AppData\Local\Temp\avremove.log
2015-05-26 14:05 - 2015-05-26 14:05 - 00158976 _____ (Sophos Limited) C:\Windows\system32\Drivers\savonaccess.sys
2015-05-26 14:05 - 2015-05-26 14:05 - 00018695 _____ () C:\Users\Administrator\AppData\Local\Temp\Sophos ES setup.log
2015-05-26 14:05 - 2015-05-26 14:05 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\crt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-27 11:17 - 2010-10-25 20:22 - 23590265 _____ () C:\Windows\system32\besnmp.TRC
2015-05-27 11:15 - 2011-03-11 14:47 - 00000000 ____D () C:\Windows\system32\dhcp
2015-05-27 10:37 - 2012-12-03 15:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 10:26 - 2009-07-14 06:49 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-
1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 10:26 - 2009-07-14 06:49 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-
0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 10:22 - 2010-09-16 11:44 - 01677648 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 10:19 - 2009-09-18 03:52 - 00940408 _____ () C:\Windows\system32\perfh00A.dat
2015-05-27 10:19 - 2009-09-18 03:52 - 00234070 _____ () C:\Windows\system32\perfc00A.dat
2015-05-27 10:19 - 2009-09-18 03:45 - 00903584 _____ () C:\Windows\system32\perfh007.dat
2015-05-27 10:19 - 2009-09-18 03:45 - 00222124 _____ () C:\Windows\system32\perfc007.dat
2015-05-27 10:19 - 2009-09-18 03:39 - 00931962 _____ () C:\Windows\system32\perfh010.dat
2015-05-27 10:19 - 2009-09-18 03:39 - 00219332 _____ () C:\Windows\system32\perfc010.dat
2015-05-27 10:19 - 2009-09-18 03:33 - 00941504 _____ () C:\Windows\system32\perfh00C.dat
2015-05-27 10:19 - 2009-09-18 03:33 - 00223464 _____ () C:\Windows\system32\perfc00C.dat
2015-05-27 10:19 - 2009-07-14 07:10 - 05664028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-27 10:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-27 10:16 - 2010-10-25 20:09 - 00000000 ____D () C:\ProgramData\Symantec
2015-05-27 10:15 - 2010-10-06 11:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2015-05-27 10:15 - 2010-09-29 10:53 - 00000000 ____D () C:\Windows\system32\wins
2015-05-27 10:15 - 2010-09-29 10:42 - 00000000 ____D () C:\Windows\system32\lserver
2015-05-27 10:15 - 2010-09-21 16:35 - 00006392 _____ () C:\Windows\system32\config\netlogon.dnb
2015-05-27 10:15 - 2010-09-21 16:35 - 00002293 _____ () C:\Windows\system32\config\netlogon.dns
2015-05-27 10:15 - 2010-09-20 19:57 - 00000000 ____D () C:\Windows\system32\dns
2015-05-27 10:14 - 2009-07-14 07:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 10:13 - 2010-09-21 16:30 - 00000000 ____D () C:\Windows\NTDS
2015-05-27 10:08 - 2010-10-25 20:31 - 25060350 _____ () C:\Windows\system32\Dashboard.log
2015-05-27 01:36 - 2010-11-04 22:30 - 00000000 ___HD () C:\Backup Exec AOFO Store
2015-05-26 14:08 - 2011-08-09 11:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\WEC
2015-05-18 17:24 - 2010-10-02 15:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
2015-05-13 14:52 - 2010-09-16 23:08 - 00240764 _____ () C:\Users\Administrator\Desktop\ADMIN-KONSOLE.msc
2015-05-06 14:55 - 2010-09-27 16:31 - 00012168 _____ () C:\Users\Administrator\volshext.log
==================== Files in the root of some directories =======
2013-08-13 09:56 - 2013-08-13 09:56 - 0646498 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerMSI5F5F.txt
2013-08-13 09:56 - 2013-08-13 09:56 - 0031136 _____ () C:\Users\Administrator\AppData\Local\dd_ReportViewerUI5F5F.txt
2013-08-13 10:05 - 2013-08-13 10:06 - 0431252 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI660B.txt
2013-08-13 10:06 - 2013-08-13 10:07 - 0441992 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistMSI66CF.txt
2013-08-13 10:05 - 2013-08-13 10:06 - 0029772 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI660B.txt
2013-08-13 10:06 - 2013-08-13 10:07 - 0029708 _____ () C:\Users\Administrator\AppData\Local\dd_vcredistUI66CF.txt
2011-08-09 15:25 - 2011-08-09 15:25 - 0000064 _____ () C:\Users\Administrator\AppData\Local\DW5ReportSettings.xml
2010-09-16 23:10 - 2010-09-16 23:10 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-06-03 12:16 - 2013-06-03 12:16 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\2\bmczkd.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 00:02
==================== End of log ============================
|
|
27.05.2015, 10:32
| #29 |
| | W32/Confick-O Datei rkqunq.z in System32 Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015
Ran by administrator at 2015-05-27 11:21:31
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYOUQWLR
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3840907090-451933650-4095424516-500 - Administrator - Enabled)
Gast (S-1-5-21-3840907090-451933650-4095424516-501 - Limited - Disabled)
User1 (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
User2 (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
User3 (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
User4 (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
User5 (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
USW (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
USW (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
.
.usw
.
.
.
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.17 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0917-000001000000}) (Version: 9.17.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
Citrix Lizenzierung (HKLM-x32\...\{EE7A694A-15EE-4551-A267-EBF5904DD49D}) (Version: 7.1.10007 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix XenApp Plugin für gehostete Anwendungen (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
DocuWare (HKLM-x32\...\{4B77274C-532A-4324-A9A4-1CAFE884E652}) (Version: 6.1.838.4913 - DocuWare)
DocuWare 4 (HKLM-x32\...\DocuWare) (Version: - )
DocuWare Administration Tool (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Authentication Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Client German Language Pack (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare COLD/READ (HKLM-x32\...\COLDREAD) (Version: - )
DocuWare ComponentInit (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Content Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Desktop (HKLM-x32\...\{A03EB08B-C706-4EC9-82FD-ACD9E372AFC4}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Full Text Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Imaging Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Internal Database (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Processor (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Job Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Notification Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare OCR Service (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Platform (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Power Tools (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Service Control (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Settings (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare SettingsUI (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Stellent (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Thumbnail Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Update (HKLM-x32\...\{413E5334-A47C-48D9-8553-6389859443EE}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Upload Service (HKLM-x32\...\{582A3535-F4C7-4A58-A37F-1F84EBE0B8E7}) (Version: 6.1.838.4913 - DocuWare)
DocuWare VCET (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Client (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Services (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Web Viewer (x32 Version: 6.1.838.4913 - DocuWare) Hidden
DocuWare Windows Explorer Client 64 Bit (HKLM\...\{F0ED9BD6-22C4-4D07-89B8-BBC2B2876333}) (Version: 6.1.838.4913 - DocuWare)
DocuWare Workflow Server (x32 Version: 6.1.838.4913 - DocuWare) Hidden
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Array Configuration Utility (HKLM-x32\...\{74C48700-A6A7-4B3D-BD3A-C4E131CDD8E8}) (Version: 8.50.5.0 - Hewlett Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{14A5045C-33EE-4596-AA69-8761611AE8EB}) (Version: 8.50.6.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 8.5.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{B7B52204-2CC8-477A-9C7A-382C31070A62}) (Version: 8.50.0.0 - Hewlett-Packard Company)
HP Lights-Out Online Configuration Utility (HKLM\...\{2E97856A-345A-475D-913C-B8A78406BDF6}) (Version: 3.1.0.0 - Hewlett-Packard Development Company, L.P.)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ProLiant iLO 3 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.0.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{CF222EB4-4EF7-40F4-A62B-A03E214C20DE}) (Version: 5.24.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{0F27A9B5-63FD-43DB-8230-FFE1E9CFE2C4}) (Version: 6.20.0.64 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 6.1.0 - Hewlett-Packard Company)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 6.1.0.842 - Hewlett Packard Development Company, L.P.)
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM-x32\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java SE Development Kit 7 Update 11 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021F0}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Web Platform Installer 2.0 (HKLM\...\{59996900-0E6C-45B7-8C39-C64CB98462E4}) (Version: 2.1.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
Network Scan (HKLM-x32\...\{98357EB8-C10E-414A-A6EC-F3392EA97D35}) (Version: - )
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.2 - Sophos Limited)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Symantec Backup Exec (Hotfix 144101) (HKLM\...\{F2A04230-7059-4CC2-B6EE-EF94F3EBAAE2}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 147674) (HKLM\...\{8032B566-B386-413F-9A10-11F9A35C9B65}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 148347) (HKLM\...\{28602F3D-426C-4719-822F-BE550838034F}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 150096) (HKLM\...\{01FAED90-7E07-4F9D-912A-F5BE34036E3C}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 153090) (HKLM\...\{B248E5CA-CE2E-4BC4-925B-0B2181556C02}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 154003) (HKLM\...\{C51A8E2A-AA2E-4796-97BC-BA9935F607A6}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 155520) (HKLM\...\{3E049DBC-1D97-48EA-9FF4-35D5DFB89092}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 159293) (HKLM\...\{69F28399-DE3B-491F-8704-101B6FAE7210}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 162839) (HKLM\...\{52A3BF51-8937-4597-BEC1-7169F5C96295}) (Version: - Symantec Corporation)
Symantec Backup Exec (Hotfix 164658) (HKLM\...\{25F384C2-0D2D-4CDF-B84D-1FE8E83001D0}) (Version: - Symantec Corporation)
Symantec Backup Exec (Service Pack 1) (HKLM\...\{D6F0513A-606E-44DA-B4FF-6BF542E3790F}) (Version: - Symantec Corporation)
Symantec Backup Exec (TM) 2010 R2 (HKLM\...\Symantec Backup Exec 13.0) (Version: 13.0.4164 - Symantec Corporation)
Symantec Backup Exec (Version: 13.0.4164 - Symantec Corporation) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trilead VM Explorer (HKLM-x32\...\{93836BB1-A704-4D3F-AB0A-CE990A2F5930}) (Version: 5.0.014.0 - Trilead AG)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.0.1087880 - VMware, Inc.)
VMware Virtual Disk Development Kit (HKLM-x32\...\{547EB317-F9FC-4571-B66A-83B3C9D6A2C8}) (Version: 5.1.0.774844 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.12319 - VMware, Inc.)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.2669 - VMware, Inc.)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3D955AF1-A863-446C-892E-1E40B8377333} - System32\Tasks\At4 => Rundll32.exe daewte.wo,ippivjw <==== ATTENTION
Task: {4D9E4576-618A-4D71-A83C-219A4A674637} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {5A996109-E612-44DB-8095-31BF618904B1} - System32\Tasks\At2 => Rundll32.exe daewte.wo,lrwabc <==== ATTENTION
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {98A95F59-20CD-4E35-9D21-F20F9141264F} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [2010-11-20] (Microsoft Corporation)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)
Task: {D3F5153E-1883-45F2-A816-9C2A0B198473} - System32\Tasks\DocuWare Update => C:\Program Files (x86)\DocuWare\Update\DocuWare.Update.exe [2013-07-16] (DocuWare AG)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {E28DBF75-37A5-4CC1-8C71-6A4E305D768A} - System32\Tasks\At1 => Rundll32.exe daewte.wo,qghdosgr <==== ATTENTION
Task: {E6E66B7A-F72D-4254-AF14-E967388B70ED} - System32\Tasks\At3 => Rundll32.exe daewte.wo,oadnykko <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => UN rundll32 exe daewte wo qghdosgr SYSTEM Erstellt von NetScheduleJobAdd Ld Ti OQ
Task: C:\Windows\Tasks\At2.job => xF rundll32 exe daewte wo lrwabc SYSTEM Erstellt von NetScheduleJobAdd 05 e7 6uxZc eC
Task: C:\Windows\Tasks\At3.job => EH rundll32 exe daewte wo oadnykko SYSTEM Erstellt von NetScheduleJobAdd yo vp
Task: C:\Windows\Tasks\At4.job => jo rundll32 exe daewte wo ippivjw SYSTEM Erstellt von NetScheduleJobAdd gb dp
==================== Loaded Modules (Whitelisted) ==============
2012-11-06 11:42 - 2012-11-06 11:40 - 00015360 _____ () C:\Windows\System32\KOAYXJ_L.DLL
2012-11-06 11:41 - 2012-11-06 11:36 - 00015360 _____ () C:\Windows\System32\KOAYQJ_L.DLL
2007-11-06 14:22 - 2010-10-01 14:58 - 00014848 _____ () C:\Windows\System32\KOBZQABL.dll
2011-02-11 11:27 - 2007-11-06 15:22 - 00014848 _____ () C:\Windows\System32\KOBZQJBL.dll
2012-12-03 15:23 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\sp6__l.dll
2012-12-03 16:01 - 2011-04-11 07:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2012-12-03 13:22 - 2011-12-22 10:59 - 00034304 _____ () C:\Windows\System32\sx655lm.dll
2012-11-06 11:42 - 2012-11-06 11:40 - 00648704 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYXJ_O.DLL
2009-07-02 15:11 - 2009-07-02 15:11 - 06907144 _____ () C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
2009-06-25 15:54 - 2009-06-25 15:54 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 00255488 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\SSLEAY32.dll
2010-09-16 12:00 - 2009-05-13 15:34 - 01362944 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\LIBEAY32.dll
2009-07-08 11:56 - 2009-07-08 11:56 - 05799936 _____ () D:\Programme\DocuWare\DWDatabase\bin\mysqld-nt.exe
2013-06-26 12:06 - 2012-10-03 08:17 - 01786368 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\LMUD1P4Z.DLL
2010-04-28 16:37 - 2010-04-28 16:37 - 00048128 _____ () C:\Windows\system32\CpqNiMgt\CPQNIMIB.DLL
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\cpqnimgt\w2kmgdll.dll
2010-04-28 16:33 - 2010-04-28 16:33 - 00018432 _____ () C:\Windows\system32\cpqnimgt\cqnisnmp.dll
2010-04-28 16:37 - 2010-04-28 16:37 - 00025088 _____ () C:\Windows\system32\CpqNiMgt\NICMIB.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00193024 _____ () C:\Windows\system32\CpqMgmt\Cqmgstor\stormib.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\cqstrutl.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00007168 _____ () C:\Windows\system32\cpqmgmt\cqmgstor\storsnmp.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00027648 _____ () C:\Windows\system32\CpqMgmt\CqmgStor\iscsimib.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\bin\libxml2.dll
2010-09-16 11:57 - 2009-03-09 18:08 - 00072704 _____ () C:\hp\hpsmh\bin\zlib1.dll
2010-09-16 11:57 - 2010-01-28 11:10 - 01411584 _____ () C:\hp\hpsmh\bin\LIBEAY32.dll
2010-09-16 11:57 - 2010-01-28 11:04 - 00266240 _____ () C:\hp\hpsmh\bin\SSLEAY32.dll
2010-09-16 11:57 - 2009-07-23 11:57 - 01531392 _____ () C:\hp\hpsmh\modules\libxml2.dll
2010-04-28 16:36 - 2010-04-28 16:36 - 00205824 _____ () C:\Windows\system32\CPQNiMgt\w2kmgdll.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00032768 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00043008 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQIDE.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00041472 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMDISK.dll
2010-04-09 03:33 - 2010-04-09 03:33 - 00057856 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMSCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00091136 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMIDA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00115200 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQFCA.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQISCSI.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00030720 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\STORALRT.DLL
2010-04-09 03:33 - 2010-04-09 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQSAS.DLL
2015-05-27 10:16 - 2015-05-27 10:16 - 00008192 _____ () C:\ProgramData\Symantec\CRF\ASP Temporary Files\crf\841b8824\e946cb89\assembly\dl3\da815275\4ac5f163_5598d001\App_Web_pg1fdfzo.DLL
2015-05-26 14:05 - 2015-05-26 14:05 - 01276712 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 01094440 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00347432 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00465192 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_AnyTypeCode.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00087848 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00254248 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00511784 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00059176 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_CodecFactory.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00149800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00832296 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00044840 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Svc_Utils.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00075048 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00069416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI_Server.dll
2015-05-26 14:05 - 2015-05-26 14:05 - 00052520 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Codeset.dll
2013-04-09 08:49 - 2013-04-09 08:49 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2015-05-27 10:26 - 2009-01-16 08:27 - 00131072 ____R () C:\Users\Administrator\AppData\Local\Temp\2\scct10\sar1.dll
2015-05-27 10:26 - 2009-01-16 08:27 - 00126976 ____R () C:\Users\Administrator\AppData\Local\Temp\2\scct10\sar4.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2786933937-3664791864-901090552-500\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMINI~1\AppData\Local\Temp\2\BGInfo.bmp
DNS Servers: 127.0.0.1 - 10.x.x.x
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [FSRM-SrmReports-In (RPC)] => (Allow) %systemroot%\system32\srmhost.exe
FirewallRules: [WINS-Service-In-TCP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-TCP] => (Allow) %systemroot%\System32\wins.exe
FirewallRules: [WINS-Service-In-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-Out-UDP] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [WINS-Service-In-RPC] => (Allow) %SystemRoot%\System32\wins.exe
FirewallRules: [{239A9729-E4B5-4A26-9E2A-4C638EE1F07C}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
FirewallRules: [{23CAB9E5-EBA1-4714-AC3F-93AAEE1FE06F}] => (Allow) C:\Program Files (x86)\Citrix\Licensing\LS\CITRIX.exe
FirewallRules: [{261AED0A-51CC-4EFF-A902-B55A7D4182DB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
FirewallRules: [{1DE329C8-74B8-4DBC-A604-549F3D4CDF29}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{3E67F204-39FD-42CA-9DB0-BFCCC20C1909}] => (Allow) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
FirewallRules: [{5BBE261D-BB69-4B62-A563-8CB4BEE2E566}] => (Allow) C:\Program Files\Symantec\Backup Exec\beserver.exe
FirewallRules: [{070B7B6E-BBC9-41AB-88CB-EC83C00354EE}] => (Allow) C:\Program Files\Symantec\Backup Exec\bengine.exe
FirewallRules: [{0DCA8D4A-0D0F-4660-A674-04C4C085157F}] => (Allow) C:\Program Files\Symantec\Backup Exec\beremote.exe
FirewallRules: [{C80DD1C4-4B87-4CDD-ADE6-630BE329BACC}] => (Allow) C:\Program Files\Symantec\Backup Exec\benetns.exe
FirewallRules: [{D3112E44-268F-4CB3-B7FF-5954419C42F4}] => (Allow) C:\Program Files\Symantec\Backup Exec\alertServer.exe
FirewallRules: [{5A68BD95-ABB4-427C-881E-83BF6F73FB5A}] => (Allow) C:\Program Files\Symantec\Backup Exec\spoold.exe
FirewallRules: [{4ED9E685-75B6-4C71-9C8F-F3F55710F7BB}] => (Allow) C:\Program Files\Symantec\Backup Exec\spad.exe
FirewallRules: [{F3203ED3-B989-4A87-B1E2-EAA1E46A82A6}] => (Allow) LPort=6160
FirewallRules: [{6B936BBC-6FB4-444E-9C2F-253FFE554AA4}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{45672FCB-6855-4F7A-8789-BB45490D64E8}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{AB8EA5A9-8B8A-4D33-8528-43DC16C795E0}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{A83ADABB-C55C-45A4-84E9-901737FD2690}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DF8A241E-9418-4BB2-B2E5-51562D546ED6}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7F976E60-71BE-4027-879B-74CE7CDDE412}] => (Allow) LPort=9089
FirewallRules: [{B4E5C7F0-EA9A-4ABC-8ED1-5ED454C1F42D}] => (Allow) LPort=8083
FirewallRules: [{2CBF83D0-17F3-4027-ABF0-6C55581AD46D}] => (Allow) LPort=111
FirewallRules: [{C2D35C1F-C81E-40CB-927D-9AB454B18456}] => (Allow) LPort=4242
FirewallRules: [{9B28BAD0-2510-4D25-8522-963C7893BF1A}] => (Allow) LPort=2049
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/27/2015 10:20:03 AM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/27/2015 10:18:52 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 10:18:51 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 10:17:51 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 10:17:50 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 10:16:50 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 10:16:49 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 10:16:43 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 10:16:42 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 10:16:36 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
System errors:
=============
Error: (05/27/2015 10:19:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (05/27/2015 10:19:28 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Workflow Server" wurde nicht richtig gestartet.
Error: (05/27/2015 10:19:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Thumbnail Server" wurde nicht richtig gestartet.
Error: (05/27/2015 10:19:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Notification Server" wurde nicht richtig gestartet.
Error: (05/27/2015 10:18:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Job Processor" wurde nicht richtig gestartet.
Error: (05/27/2015 10:18:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Imaging Server" wurde nicht richtig gestartet.
Error: (05/27/2015 10:18:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Content Server" wurde nicht richtig gestartet.
Error: (05/27/2015 10:17:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "DocuWare Authentication Server" wurde nicht richtig gestartet.
Error: (05/27/2015 10:15:35 AM) (Source: Wins) (EventID: 4337) (User: )
Description: Der WINS-Server konnte die Sicherheitseinstellung für schreibgeschützte Vorgänge nicht initialisieren.
Error: (05/27/2015 10:15:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DocuWare CONNECT to Toshiba" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office:
=========================
Error: (05/27/2015 10:20:03 AM) (Source: DW CtServer) (EventID: 0) (User: )
Description: BackUpDatabase is not specified. Backup service will not start.
Error: (05/27/2015 10:18:52 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 10:18:51 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 10:17:51 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 10:17:50 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 10:16:50 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 10:16:49 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 10:16:43 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
Error: (05/27/2015 10:16:42 AM) (Source: DWImagingService) (EventID: 0) (User: )
Description: DWImagingService::Error: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection. bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.ImagingServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start(ServerConfig config)
bei DocuWare.Imaging.Service.DWImagingService.StartServer(ImagingServerConfig appConfig)
Error: (05/27/2015 10:16:36 AM) (Source: DW NotificationServer) (EventID: 0) (User: )
Description: DW NotificationServer will not start : >Message: Cannot find active authentication server. All servers are either stopped or the communication channel settings don't allow a connection.
>Type: DocuWare.Communication.AuthenticationServer.Exceptions.DWAuthenticateException
>Source: DocuWare.Communication.AuthenticationServer
>Stack Trace: bei DocuWare.Communication.AuthenticationServer.Config.ASClient.RequestNextASURL(Object context, Exception ex)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.get_AuthenticationServer()
bei DocuWare.Communication.Server.Server.LogIn(ServerID sID)
bei DocuWare.Communication.Server.Server.Start(InternalServerSettings internalSettings, Boolean saveSettings)
bei DocuWare.Communication.AuthenticationServer.Management.Managers.GenericServerManager.Start()
bei DocuWare.Communication.AuthenticationServer.Management.Managers.NotificationServerManager.Start()
InnerException:
>Message: Cannot access server url 'gtcp://DC:9000' . Check that server is accessible and use compatible communication options
>Type: DocuWare.Common.Exceptions.DWRemotingException
>Source: mscorlib
>Stack Trace:
Server stack trace:
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)
Exception rethrown at [0]:
bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
bei DocuWare.XChange.IServer.Responce()
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.CreateServerProxy(String url)
bei DocuWare.Communication.AuthenticationServer.Config.ASClient.GetServerProxy(String url, RequestNextURL nextURL, Object context)
InnerException:
>Message: Can not connect to the remote host "gtcp://DC:9000". System error message: Es konnte keine Verbindung hergestellt werden, da der Zielcomputer die Verbindung verweigerte 10.x.x.x:9000.
>Type: Belikov.GenuineChannels.GenuineExceptions+CanNotConnectToRemoteHost
>Source: GenuineChannels
>Stack Trace: bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.LowLevel_OpenConnection(HostInformation remote, GenuineConnectionType genuineConnectionType, String localUri, Int32 localPort, String connectionName, String& remoteUri, Int32& remoteHostUniqueIdentifier)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.GetConnectionForSending(Message message)
bei Belikov.GenuineChannels.GenuineTcp.TcpConnectionManager.InternalSend(Message message)
bei Belikov.GenuineChannels.Connection.ConnectionManager.Send(Message message)
bei Belikov.GenuineChannels.DotNetRemotingLayer.GenuineTcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.FakeClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
bei DocuWare.Remoting.SwitchChannel.SwitchClientChannelSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5640 @ 2.67GHz
Percentage of memory in use: 41%
Total physical RAM: 8181.8 MB
Available physical RAM: 4816.09 MB
Total Pagefile: 16361.78 MB
Available Pagefile: 12540.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:68.33 GB) (Free:19.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATEN) (Fixed) (Total:838.09 GB) (Free:356.93 GB) NTFS
Drive g: (INTEX) (Network) (Total:279.36 GB) (Free:33.05 GB) NTFS
Drive h: (DATEN) (Network) (Total:838.09 GB) (Free:356.93 GB) NTFS
Drive l: (DATEN) (Network) (Total:838.09 GB) (Free:356.93 GB) NTFS
Drive s: (DATEN) (Network) (Total:838.09 GB) (Free:356.93 GB) NTFS
Drive t: (DATEN) (Network) (Total:838.09 GB) (Free:356.93 GB) NTFS
Drive v: (DATEN) (Network) (Total:838.09 GB) (Free:356.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 68.3 GB) (Disk ID: 47C39B7C)
Partition 1: (Active) - (Size=68.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 838.1 GB) (Disk ID: 510C7675)
Partition 1: (Not Active) - (Size=838.1 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
27.05.2015, 10:45
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W32/Confick-O Datei rkqunq.z in System32 Euren DC hat'S eindeutig auch erwischt. Frage: Wie willst du damit umgehen? Einen DC zu bereinigen mit ständigen Neustarts dazwischen sorgt für Unterbrechungen. Wie sieht euer Backupkonzept aus? Lässt sich eingrenzen wann der Befall auch auf dem DC zum ersten Mal auftauchte?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu W32/Confick-O Datei rkqunq.z in System32 |
| andere, anderen, bereinigt, datei, dinge, direkt, erschein, erscheint, firma, hoffe, kommt wieder, melde, meldet, minute, nichts, nutze, nutzen, problem, rechner, sperrt, system, system32, worm.conficker |
W32/Confick-O Datei rkqunq.z in System32
Linear-Darstellung
